3349 matches found
CVE-2023-22380 Path traversal in GitHub Enterprise Server leading to arbitrary file reading when building a GitHub Pages site
A path traversal vulnerability was identified in GitHub Enterprise Server that allowed arbitrary file reading when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This...
SUSE CVE-2007-4850
curl/interface.c in the cURL library aka libcurl in PHP 5.2.4 and 5.2.5 allows context-dependent attackers to bypass safemode and openbasedir restrictions and read arbitrary files via a file:// request containing a \x00 sequence, a different vulnerability than CVE-2006-2563...
SUSE CVE-2013-4701
Auth/Yadis/XML.php in PHP OpenID Library 2.2.2 and earlier allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via XRDS data containing an external entity declaration in conjunction with an entity...
SUSE CVE-2016-9605
A flaw was found in cobbler software component version 2.6.11-1. It suffers from an invalid parameter validation vulnerability, leading the arbitrary file reading. The flaw is triggered by navigating to a vulnerable URL via cobbler-web on a default installation...
SUSE CVE-2016-10149
XML External Entity XXE vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response...
PT-2023-8557 · WordPress · Extensive Vc Addons
Name of the Vulnerable Software and Affected Versions: Extensive VC Addons for WPBakery page builder WordPress plugin versions prior to 1.9.1 Description: The issue is related to incorrect validation of a parameter passed to the php extract function when loading templates. This allows an...
CVE-2023-24977 Apache InLong: Jdbc Connection causes arbitrary file reading in InLong
Out-of-bounds Read vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.1.0 through 1.5.0. Users are advised to upgrade to Apache InLong's latest version or cherry-pick https://github.com/apache/inlong/pull/7214...
CVE-2023-24977 Apache InLong: Jdbc Connection causes arbitrary file reading in InLong
Out-of-bounds Read vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.1.0 through 1.5.0. Users are advised to upgrade to Apache InLong's latest version or cherry-pick https://github.com/apache/inlong/pull/7214...
CVE-2022-39059
ChangingTech MegaServiSignAdapter component has a path traversal vulnerability within its file reading function. An unauthenticated remote attacker can exploit this vulnerability to access arbitrary system files...
CVE-2022-39059
ChangingTech MegaServiSignAdapter component has a path traversal vulnerability within its file reading function. An unauthenticated remote attacker can exploit this vulnerability to access arbitrary system files...
CVE-2022-39059 ChangingTec MegaServiSignAdapter - Path Traversal
ChangingTech MegaServiSignAdapter component has a path traversal vulnerability within its file reading function. An unauthenticated remote attacker can exploit this vulnerability to access arbitrary system files...
Mozilla Thunderbird < 102.7
The version of Thunderbird installed on the remote Windows host is prior to 102.7. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-03 advisory. - Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Thunderbird 102.6. Some of...
Oracle Linux 7 : firefox (ELSA-2023-0296)
The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-0296 advisory. 102.7.0-1.0.1 - Remove upstream references Orabug: 30143292 - Update distribution for Oracle Linux Orabug: 30143292 - Add firefox-oracle-default-prefs....
CVE-2022-43494
GE Digital Proficy Historian is affected by a vulnerability (CVE-2022-43494) described as improper access control that could allow an unauthorized user to read any file on the system. The issue is tied to insufficient access controls in Proficy Historian v7.0 and newer, enabling potential exposur...
CVE-2022-43494
An unauthorized user could be able to read any file on the system, potentially exposing sensitive information...
PT-2023-1153 · Ge · Proficy Historian
Name of the Vulnerable Software and Affected Versions: GE Proficy Historian affected versions not specified Description: The issue is related to insufficient access control, which could allow an unauthorized user to read any file on the system, potentially exposing sensitive information. An...
Arbitrary File Read Vulnerability in Istar Electronic Document Security Management System (CNVD-2023-09184)
Easetone electronic document security management system is an electronic document security encryption software. Yisetong Electronic Document Security Management System has an arbitrary file reading vulnerability that can be exploited by attackers to obtain sensitive information...
CVE-2022-23854
AVEVA InTouch Access Anywhere versions 2020 R2 and older are vulnerable to a path traversal exploit that could allow an unauthenticated user with network access to read files on the system outside of the secure gateway web server...
CVE-2022-36221
Nokia Fastmile 3tg00118abad52 is affected by an authenticated path traversal vulnerability which allows attackers to read any named pipe file on the system...
Cortex's Alertmanager can expose local files content via specially crafted config
Impact A local file inclusion vulnerability exists in Cortex versions v1.13.0, v1.13.1 and v1.14.0, where a malicious actor could remotely read local files as a result of parsing maliciously crafted Alertmanager configurations when submitted to the Alertmanager Set Configuration API. Only users o...