3349 matches found
Veritas NetBackup DiscoveryService Service XML External Entity Injection Vulnerability
Veritas NetBackup is a storage service used by Veritas, Inc. to provide backup and recovery capabilities for enterprise environments. Veritas NetBackup 10.0.0.1 and previous versions are vulnerable to XML external entity injection, which stems from the fact that the DiscoveryService service does...
CVE-2022-39296 Path traversal in MelisAssetManager
MelisAssetManager provides deliveries of Melis Platform's assets located in every module's public folder. Attackers can read arbitrary files on affected versions of melisplatform/melis-asset-manager, leading to the disclosure of sensitive information. Conducting this attack does not require...
Xxe
UNSUPPORTED WHEN ASSIGNED An Improper Restriction of XML External Entity Reference vulnerability in RPCRouterServlet of Apache SOAP allows an attacker to read arbitrary files over HTTP. This issue affects Apache SOAP version 2.2 and later versions. It is unknown whether previous versions are also...
CVE-2022-40705 Apache SOAP: XML External Entity Injection (XXE) allows unauthenticated users to read arbitrary files via HTTP
An Improper Restriction of XML External Entity Reference vulnerability in RPCRouterServlet of Apache SOAP allows an attacker to read arbitrary files over HTTP. This issue affects Apache SOAP version 2.2 and later versions. It is unknown whether previous versions are also affected. NOTE: This...
PT-2022-25751 · Jenkins · Jenkins Wildfly Deployer Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins WildFly Deployer Plugin versions 1.0.2 and earlier Description: The issue allows agent processes to read arbitrary files on the Jenkins controller file system. This is only exploitable in certain versions of Jenkins, specifically 2.31...
GHSA-R9X7-2XMR-V8FW mangadex-downloader vulnerable to unauthorized file reading
Impact When using file: command and is web URL location http, https. mangadex-downloader will try to open and read a file in local disk if the content from online file is exist-as-a-file in victim computer So far, the app only read the files and not execute it. But still, when someone reading you...
mangadex-downloader vulnerable to unauthorized file reading
Impact When using file: command and is web URL location http, https. mangadex-downloader will try to open and read a file in local disk if the content from online file is exist-as-a-file in victim computer So far, the app only read the files and not execute it. But still, when someone reading you...
An arbitrary file reading vulnerability exists in SANGFOR Internet Optimization Management System of Deep Impact Technology Co.
SANGFOR Internet optimization management system is a security product that integrates Internet behavior management, network access, device access and business access behavior analysis. Core advantages: multiple authentication methods, comprehensive audit capability, support for multiple applicati...
Information Disclosure
mangadex-downloader is vulnerable to information disclosure. The vulnerability exists due to the improper url path validation in the validateurl function of validator.py, allowing an attacker to open and read files from the local disk through the commands such as file: and...
CVE-2022-36082 mangadex-downloader vulnerable to unauthorized file reading
mangadex-downloader is a command-line tool to download manga from MangaDex. When using file: command and is a web URL location http, https, mangadex-downloader between versions 1.3.0 and 1.7.2 will try to open and read a file in local disk for each line of website contents. Version 1.7.2 contains...
CVE-2022-36082 mangadex-downloader vulnerable to unauthorized file reading
mangadex-downloader is a command-line tool to download manga from MangaDex. When using file: command and is a web URL location http, https, mangadex-downloader between versions 1.3.0 and 1.7.2 will try to open and read a file in local disk for each line of website contents. Version 1.7.2 contains...
CVE-2022-2943
The WordPress Infinite Scroll – Ajax Load More plugin for Wordpress is vulnerable to arbitrary file reading in versions up to, and including, 5.5.3 due to insufficient file path validation on the almrepeatersexport function. This makes it possible for authenticated attackers, with administrative...
Input validation
The WordPress Infinite Scroll – Ajax Load More plugin for Wordpress is vulnerable to arbitrary file reading in versions up to, and including, 5.5.3 due to insufficient file path validation on the almrepeatersexport function. This makes it possible for authenticated attackers, with administrative...
CVE-2022-2943 WordPress Infinite Scroll – Ajax Load More <= 5.5.3 - Authenticated (Admin+) Arbitrary File Read
The WordPress Infinite Scroll – Ajax Load More plugin for Wordpress is vulnerable to arbitrary file reading in versions up to, and including, 5.5.3 due to insufficient file path validation on the almrepeatersexport function. This makes it possible for authenticated attackers, with administrative...
CVE-2022-2943 WordPress Infinite Scroll – Ajax Load More <= 5.5.3 - Authenticated (Admin+) Arbitrary File Read
The WordPress Infinite Scroll – Ajax Load More plugin for Wordpress is vulnerable to arbitrary file reading in versions up to, and including, 5.5.3 due to insufficient file path validation on the almrepeatersexport function. This makes it possible for authenticated attackers, with administrative...
CVE-2022-2943
CVE-2022-2943 affects the WordPress plugin Ajax Load More (versions
GREYC Clmg 安全漏洞
CImg is a small open source C++ toolkit for image processing from GREYC Open Source. A security vulnerability exists in GREYC Clmg. An attacker exploits the vulnerability to trick an application into allocating a huge buffer size such as 64GB when reading a file from disk or a virtual buffer...
IBM DataPower Gateway XML External Entity Injection Vulnerability (CNVD-2022-56970)
IBM DataPower Gateway is a set of security and integration platforms from IBM USA designed specifically for mobile, cloud, application programming interface API, web, service-oriented architecture SOA, B2B, and cloud workloads. The platform protects, integrates, and optimizes access across channe...
CVE-2022-36999
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 and related NetBackup products. Under certain conditions, an attacker with authenticated access to a NetBackup Client could remotely read files on a NetBack...
Code injection
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 and related NetBackup products. Under certain conditions, an attacker with authenticated access to a NetBackup Client could remotely read files on a NetBack...