3349 matches found
Zkteco BioTime Path Traversal Vulnerability
ZKTeco BioTime is a powerful web-based time and attendance management software from the Chinese company ZKTeco. A path traversal vulnerability exists in ZKTeco BioTime version v8.5.5, which originates from a vulnerability that allows an unauthenticated attacker to read arbitrary files by providin...
USN-6266-1: librsvg vulnerability
Zac Sims discovered that librsvg incorrectly handled decoding URLs. A remote attacker could possibly use this issue to read arbitrary files by using an include element...
CVE-2021-4324
CVE-2021-4324 affects Google Chrome (Chromium-based) prior to version 90.0.4430.93. Root cause: insufficient policy enforcement in Google Update. Impact: remote attacker could read arbitrary files via a malicious file. Affected versions are before 90.0.4430.93; remediation is to update to 90.0.44...
JDBC URL bypassing by allowLoadLocalInfileInPath param
Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0. The attacker could bypass the current logic and achieve arbitrary file reading. To solve it, users are advised to upgrade to Apache InLong's 1.8....
CVE-2023-34434
Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0. The attacker could bypass the current logic and achieve arbitrary file reading. To solve it, users are advised to upgrade to Apache InLong's 1.8....
CVE-2023-34434
Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0. The attacker could bypass the current logic and achieve arbitrary file reading. To solve it, users are advised to upgrade to Apache InLong's 1.8....
Deserialization of untrusted data
Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0. The attacker could bypass the current logic and achieve arbitrary file reading. To solve it, users are advised to upgrade to Apache InLong's 1.8....
CVE-2023-34434 Apache InLong: JDBC URL bypassing by allowLoadLocalInfileInPath param
Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0. The attacker could bypass the current logic and achieve arbitrary file reading. To solve it, users are advised to upgrade to Apache InLong's 1.8....
CVE-2023-34434
CVE-2023-34434 affects Apache InLong (versions 1.4.0–1.7.0). It is a deserialization of untrusted data vulnerability that could bypass logic and read arbitrary files. The remediation is to upgrade to InLong 1.8.0 or apply the patch from PR 8130. Connected sources corroborate the affected versions...
CVE-2023-34434 Apache InLong: JDBC URL bypassing by allowLoadLocalInfileInPath param
Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0. The attacker could bypass the current logic and achieve arbitrary file reading. To solve it, users are advised to upgrade to Apache InLong's 1.8....
PT-2023-5268 · Apache · Apache Inlong
Name of the Vulnerable Software and Affected Versions: Apache InLong versions 1.4.0 through 1.7.0 Description: The issue affects Apache InLong, allowing an attacker to bypass the current logic and achieve arbitrary file reading by exploiting a deserialization of untrusted data vulnerability. This...
PT-2024-03: Vulnerability of reading internal application files in OpenKeychain
The vulnerability was identified in OpeKeychain v.5.8.2 58902. It allows a potential attacker to read any files available to an application including from the application sandbox and save files to external storage. The vulnerability is caused by insufficient filtering of input parameters...
CVE-2023-34135
Path Traversal vulnerability in SonicWall GMS and Analytics allows a remote authenticated attacker to read arbitrary files from the underlying file system via web service. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions...
CVE-2023-2762
Summary of CVE-2023-2762 (SOLIDWORKS Desktop) A Use-After-Free vulnerability exists in the SLDPRT file reading procedure affecting SOLIDWORKS Desktop from release 2021 through 2023. The underlying issue occurs during parsing of SLDPRT files and could allow an attacker to execute arbitrary code wh...
SolidWorks 资源管理错误漏洞
SolidWorks is a 3D CAD software from SolidWorks that runs on the Microsoft Windows platform. A security vulnerability exists in SolidWorks versions 2021 through 2023, which stems from the presence of a post-release reuse vulnerability during file reading that could allow an attacker to execute...
CVE-2023-34457 MechanicalSoup vulnerable to malicious web server reading arbitrary files on client using file input inside HTML form
MechanicalSoup is a Python library for automating interaction with websites. Starting in version 0.2.0 and prior to version 1.3.0, a malicious web server can read arbitrary files on the client using a inside HTML form. All users of MechanicalSoup's form submission are affected, unless they took...
Traggo server directory traversal vulnerability
Traggo is a tag-based time tracking tool. A directory traversal vulnerability exists in the Traggo server, which can be exploited by an attacker to read arbitrary files...
CVE-2023-1864 FANUC ROBOGUIDE-HandlingPRO Path Traversal
FANUC ROBOGUIDE-HandlingPRO Versions 9 Rev.ZD and prior is vulnerable to a path traversal, which could allow an attacker to remotely read files on the system running the affected software...
Jeecg P3 Biz Chat 安全漏洞
Jeecg P3 Biz Chat is a Jeecg open source online chat plugin. A security vulnerability exists in Jeecg P3 Biz Chat version 1.0.5, which originated from a vulnerability that allows remote attackers to read arbitrary files via specific parameters...
DEBIAN-CVE-2023-32213
When reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox 113, Firefox ESR 102.11, and Thunderbird 102.11...