Lucene search
K

3349 matches found

CNVD
CNVD
added 2022/10/11 12:0 a.m.18 views

Veritas NetBackup DiscoveryService Service XML External Entity Injection Vulnerability

Veritas NetBackup is a storage service used by Veritas, Inc. to provide backup and recovery capabilities for enterprise environments. Veritas NetBackup 10.0.0.1 and previous versions are vulnerable to XML external entity injection, which stems from the fact that the DiscoveryService service does...

9.8CVSS3.6AI score0.00517EPSS
Exploits0References1
OSV
OSV
added 2022/10/11 12:0 a.m.10 views

CVE-2022-39296 Path traversal in MelisAssetManager

MelisAssetManager provides deliveries of Melis Platform's assets located in every module's public folder. Attackers can read arbitrary files on affected versions of melisplatform/melis-asset-manager, leading to the disclosure of sensitive information. Conducting this attack does not require...

8.6CVSS7.5AI score0.01471EPSS
Exploits0References4
Prion
Prion
added 2022/09/22 9:15 a.m.18 views

Xxe

UNSUPPORTED WHEN ASSIGNED An Improper Restriction of XML External Entity Reference vulnerability in RPCRouterServlet of Apache SOAP allows an attacker to read arbitrary files over HTTP. This issue affects Apache SOAP version 2.2 and later versions. It is unknown whether previous versions are also...

5CVSS7.5AI score0.01392EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2022/09/22 8:15 a.m.12 views

CVE-2022-40705 Apache SOAP: XML External Entity Injection (XXE) allows unauthenticated users to read arbitrary files via HTTP

An Improper Restriction of XML External Entity Reference vulnerability in RPCRouterServlet of Apache SOAP allows an attacker to read arbitrary files over HTTP. This issue affects Apache SOAP version 2.2 and later versions. It is unknown whether previous versions are also affected. NOTE: This...

6.8AI score0.01392EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/09/21 12:0 a.m.4 views

PT-2022-25751 · Jenkins · Jenkins Wildfly Deployer Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins WildFly Deployer Plugin versions 1.0.2 and earlier Description: The issue allows agent processes to read arbitrary files on the Jenkins controller file system. This is only exploitable in certain versions of Jenkins, specifically 2.31...

6.5CVSS5.1AI score0.00563EPSS
Exploits0References6
OSV
OSV
added 2022/09/16 5:45 p.m.31 views

GHSA-R9X7-2XMR-V8FW mangadex-downloader vulnerable to unauthorized file reading

Impact When using file: command and is web URL location http, https. mangadex-downloader will try to open and read a file in local disk if the content from online file is exist-as-a-file in victim computer So far, the app only read the files and not execute it. But still, when someone reading you...

6.9CVSS5.2AI score0.00553EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/09/16 5:45 p.m.25 views

mangadex-downloader vulnerable to unauthorized file reading

Impact When using file: command and is web URL location http, https. mangadex-downloader will try to open and read a file in local disk if the content from online file is exist-as-a-file in victim computer So far, the app only read the files and not execute it. But still, when someone reading you...

5.3CVSS5.2AI score0.00553EPSS
Exploits0References5Affected Software1
CNVD
CNVD
added 2022/09/13 12:0 a.m.15 views

An arbitrary file reading vulnerability exists in SANGFOR Internet Optimization Management System of Deep Impact Technology Co.

SANGFOR Internet optimization management system is a security product that integrates Internet behavior management, network access, device access and business access behavior analysis. Core advantages: multiple authentication methods, comprehensive audit capability, support for multiple applicati...

2AI score
Exploits0
Veracode
Veracode
added 2022/09/08 3:3 a.m.19 views

Information Disclosure

mangadex-downloader is vulnerable to information disclosure. The vulnerability exists due to the improper url path validation in the validateurl function of validator.py, allowing an attacker to open and read files from the local disk through the commands such as file: and...

5.3CVSS5AI score0.00553EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2022/09/07 9:35 p.m.4 views

CVE-2022-36082 mangadex-downloader vulnerable to unauthorized file reading

mangadex-downloader is a command-line tool to download manga from MangaDex. When using file: command and is a web URL location http, https, mangadex-downloader between versions 1.3.0 and 1.7.2 will try to open and read a file in local disk for each line of website contents. Version 1.7.2 contains...

5.3CVSS5.2AI score0.00553EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/09/07 9:35 p.m.27 views

CVE-2022-36082 mangadex-downloader vulnerable to unauthorized file reading

mangadex-downloader is a command-line tool to download manga from MangaDex. When using file: command and is a web URL location http, https, mangadex-downloader between versions 1.3.0 and 1.7.2 will try to open and read a file in local disk for each line of website contents. Version 1.7.2 contains...

5.3CVSS5.5AI score0.00553EPSS
Exploits0References2
NVD
NVD
added 2022/09/06 6:15 p.m.30 views

CVE-2022-2943

The WordPress Infinite Scroll – Ajax Load More plugin for Wordpress is vulnerable to arbitrary file reading in versions up to, and including, 5.5.3 due to insufficient file path validation on the almrepeatersexport function. This makes it possible for authenticated attackers, with administrative...

4.9CVSS0.01279EPSS
Exploits2References4
Prion
Prion
added 2022/09/06 6:15 p.m.18 views

Input validation

The WordPress Infinite Scroll – Ajax Load More plugin for Wordpress is vulnerable to arbitrary file reading in versions up to, and including, 5.5.3 due to insufficient file path validation on the almrepeatersexport function. This makes it possible for authenticated attackers, with administrative...

3.3CVSS5AI score0.01279EPSS
Exploits2References4Affected Software1
Vulnrichment
Vulnrichment
added 2022/09/06 5:19 p.m.7 views

CVE-2022-2943 WordPress Infinite Scroll – Ajax Load More <= 5.5.3 - Authenticated (Admin+) Arbitrary File Read

The WordPress Infinite Scroll – Ajax Load More plugin for Wordpress is vulnerable to arbitrary file reading in versions up to, and including, 5.5.3 due to insufficient file path validation on the almrepeatersexport function. This makes it possible for authenticated attackers, with administrative...

4.9CVSS6.1AI score0.01279EPSS
Exploits2References4
Cvelist
Cvelist
added 2022/09/06 5:19 p.m.37 views

CVE-2022-2943 WordPress Infinite Scroll – Ajax Load More <= 5.5.3 - Authenticated (Admin+) Arbitrary File Read

The WordPress Infinite Scroll – Ajax Load More plugin for Wordpress is vulnerable to arbitrary file reading in versions up to, and including, 5.5.3 due to insufficient file path validation on the almrepeatersexport function. This makes it possible for authenticated attackers, with administrative...

4.9CVSS5.3AI score0.01279EPSS
Exploits2References4
CVE
CVE
added 2022/09/06 5:19 p.m.69 views

CVE-2022-2943

CVE-2022-2943 affects the WordPress plugin Ajax Load More (versions

4.9CVSS4.9AI score0.01279EPSS
Exploits2References4Affected Software1
CNNVD
CNNVD
added 2022/08/31 12:0 a.m.2 views

GREYC Clmg 安全漏洞

CImg is a small open source C++ toolkit for image processing from GREYC Open Source. A security vulnerability exists in GREYC Clmg. An attacker exploits the vulnerability to trick an application into allocating a huge buffer size such as 64GB when reading a file from disk or a virtual buffer...

5.5CVSS6.9AI score0.00397EPSS
Exploits1References7
CNVD
CNVD
added 2022/08/04 12:0 a.m.29 views

IBM DataPower Gateway XML External Entity Injection Vulnerability (CNVD-2022-56970)

IBM DataPower Gateway is a set of security and integration platforms from IBM USA designed specifically for mobile, cloud, application programming interface API, web, service-oriented architecture SOA, B2B, and cloud workloads. The platform protects, integrates, and optimizes access across channe...

9.1CVSS2.3AI score0.01044EPSS
Exploits0References1
NVD
NVD
added 2022/07/28 1:15 a.m.14 views

CVE-2022-36999

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 and related NetBackup products. Under certain conditions, an attacker with authenticated access to a NetBackup Client could remotely read files on a NetBack...

6.5CVSS0.00577EPSS
Exploits0References1
Prion
Prion
added 2022/07/28 1:15 a.m.21 views

Code injection

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 and related NetBackup products. Under certain conditions, an attacker with authenticated access to a NetBackup Client could remotely read files on a NetBack...

4CVSS6.2AI score0.00577EPSS
Exploits0References1Affected Software4
Rows per page
Query Builder