Lucene search
K

3349 matches found

CVE
CVE
added 2023/03/31 12:0 a.m.39 views

CVE-2022-47188

Generex UPS CS141, affected in versions prior to 2.06, contains an arbitrary local file read vulnerability. An attacker using default credentials can upload a backup file containing a symlink to /etc/shadow, enabling content access to that path. The issue is documented in CVE-2022-47188 and corro...

7.5CVSS7.5AI score0.00914EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/03/31 12:0 a.m.7 views

CVE-2022-47188 Improper Input Validation in Generex CS141

There is an arbitrary file reading vulnerability in Generex UPS CS141 below 2.06 version. An attacker, making use of the default credentials, could upload a backup file containing a symlink to /etc/shadow, allowing him to obtain the content of this path...

7.5CVSS7.5AI score0.00914EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2023/03/30 2:44 p.m.138 views

CVE-2023-21808

A vulnerability exists in how dotnet reads debugging symbols. Reading a malicious symbols file may result in remote code execution...

7.8CVSS7.8AI score0.01148EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/03/29 12:0 a.m.5 views

CVE-2022-36982

This vulnerability allows remote attackers to read arbitrary files on affected installations of Ivanti Avalanche 6.3.3.101. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the AgentTaskHandle...

6.5CVSS7.5AI score0.73757EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/03/15 12:0 a.m.10 views

CVE-2023-25345

Directory traversal vulnerability in swig-templates thru 2.0.4 and swig thru 1.4.2, allows attackers to read arbitrary files via the include or extends tags...

7.5AI score0.01042EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2023/03/13 12:0 a.m.126 views

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM : Twig vulnerabilities (USN-5947-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5947-1 advisory. Fabien Potencier discovered that Twig was not properly enforcing sandbox policies when dealing with objects...

9.8CVSS7.1AI score0.08209EPSS
Exploits3References4
Positive Technologies
Positive Technologies
added 2023/03/09 12:0 a.m.4 views

PT-2023-16863 · Dsm · Enovia Live Collaboration

Name of the Vulnerable Software and Affected Versions: ENOVIA Live Collaboration version V6R2013xE Description: An XML External Entity injection XXE vulnerability allows an attacker to read local files on the server, which can also lead to Remote File inclusions. Recommendations: For ENOVIA Live...

7.5CVSS7.5AI score0.00507EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/03/08 12:0 a.m.4 views

OneKeyAdmin 安全漏洞

OneKeyAdmin is About plug-in management system based on Thinkphp6+Element, website, applets, malls, CMS, APP, ERP, API interface a system to get it all done, no scaffolding out of the box! OneKeyAdmin v1.3.9 version of the existence of security vulnerabilities , the vulnerability stems from the...

7.5CVSS7.5AI score0.00666EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/03/08 12:0 a.m.4 views

Zephyr 安全漏洞

Zephyr is an extensible real-time operating system RTOS open-sourced by the Zephyr Project. A security vulnerability exists in SmartBear Zephyr Enterprise 7.15.0 and earlier versions, which stems from a contained arbitrary file read vulnerability. An attacker can exploit this vulnerability to rea...

7.5CVSS7.6AI score0.00595EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/03/07 4:4 p.m.15 views

CVE-2022-22297

An incomplete filtering of one or more instances of special elements vulnerability CWE-792 in the command line interpreter of FortiWeb version 6.4.0 through 6.4.1, FortiWeb version 6.3.0 through 6.3.17, FortiWeb all versions 6.2, FortiWeb all versions 6.1, FortiWeb all versions 6.0, FortiRecorder...

5.5CVSS6.9AI score0.00225EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/03/07 12:0 a.m.4 views

Fortinet FortiWeb 安全漏洞

Fortinet FortiWeb is a web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks, secures web applications and protects sensitive database content. and FortiRecorder are vulnerable to arbitrar...

5.5CVSS7.2AI score0.00225EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2023/03/01 7:17 p.m.28 views

Juju controller - Arbitrary file reading vulnerability

Impact An authenticated user who has read access to the juju controller model, may construct a remote request to download an arbitrary file from the controller's filesystem. Patches Patched in juju 2.9.38 and juju 3.0.3 juju/jujuef803e2 Workarounds Limit read access to the controller model to onl...

4.9CVSS4.9AI score0.00617EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2023/02/22 12:0 a.m.7 views

CVE-2023-22974

A Path Traversal in setup.php in OpenEMR 7.0.0 allows remote unauthenticated users to read arbitrary files by controlling a connection to an attacker-controlled MySQL server...

7.4AI score0.01892EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2023/02/21 12:0 a.m.15 views

CVE-2023-26267

php-saml-sp before 1.1.1 and 2.x before 2.1.1 allows reading arbitrary files as the webserver user because resolving XML external entities was silently enabled via \LIBXMLDTDLOAD | \LIBXMLDTDATTR...

6.6AI score0.0052EPSS
Exploits0References2
CVE
CVE
added 2023/02/21 12:0 a.m.37 views

CVE-2023-26267

The vulnerability CVE-2023-26267 affects php-saml-sp in versions before 1.1.1 and 2.x before 2.1.1. It allows reading arbitrary files as the webserver user because XML external entities are silently resolved via LIBXML_DTDLOAD and LIBXML_DTDATTR. No exploitation details are provided in the source...

6.5CVSS6.5AI score0.0052EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2023/02/16 9:15 p.m.13 views

CVE-2023-22380

A path traversal vulnerability was identified in GitHub Enterprise Server that allowed arbitrary file reading when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This...

6.5CVSS6.4AI score0.00682EPSS
Exploits0References1
Prion
Prion
added 2023/02/16 9:15 p.m.21 views

Path traversal

A path traversal vulnerability was identified in GitHub Enterprise Server that allowed arbitrary file reading when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This...

4CVSS6.4AI score0.00682EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/02/16 8:46 p.m.29 views

GHSA-6WXG-WH7F-RQPR XML External Entity (XXE) vulnerability in apoc.import.graphml

Impact A XML External Entity XXE vulnerability found in the apoc.import.graphml procedure of APOC core plugin in Neo4j graph database. XML External Entity XXE injection occurs when the XML parser allows external entities to be resolved. The XML parser used by the apoc.import.graphml procedure was...

5.9CVSS6.9AI score0.00889EPSS
Exploits0References7
CVE
CVE
added 2023/02/16 12:0 a.m.62 views

CVE-2023-22380

CVE-2023-22380 describes a path traversal vulnerability in GitHub Enterprise Server that allowed arbitrary file reading when building a GitHub Pages site. The issue affects all versions of GitHub Enterprise Server since 3.7 and is due to a flaw in the file-path handling during Page builds, enabli...

6.5CVSS6.3AI score0.00682EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/02/16 12:0 a.m.9 views

CVE-2023-22380 Path traversal in GitHub Enterprise Server leading to arbitrary file reading when building a GitHub Pages site

A path traversal vulnerability was identified in GitHub Enterprise Server that allowed arbitrary file reading when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This...

6.7AI score0.00682EPSS
Exploits0References1
Rows per page
Query Builder