3349 matches found
CVE-2022-36994
The CVE-2022-36994 issue affects Veritas NetBackup versions 8.1.x–8.1.2, 8.2, 8.3.x–8.3.0.2, 9.x–9.0.0.1, and 9.1.x–9.1.0.1. Description: An attacker with authenticated access to a NetBackup Client could arbitrarily read files from a NetBackup Primary server. Root cause: improper access control a...
CVE-2022-36999
Summary: CVE-2022-36999 affects Veritas NetBackup versions 8.1.x–8.1.2, 8.2, 8.3.x–8.3.0.2, 9.x–9.0.0.1, and 9.1.x–9.1.0.1. The issue allows an attacker with authenticated access to a NetBackup Client to remotely read files on a NetBackup Primary server under certain conditions. Root cause/detail...
Veritas NetBackup 安全漏洞
Veritas NetBackup is a storage service from Veritas, Inc. that is used to provide backup and recovery capabilities for enterprise environments. The software supports the detection of ransomware and backup protection of environmental data such as metadata and virtual environments. A security...
Veritas NetBackup 代码问题漏洞
Veritas NetBackup is a storage service from Veritas, Inc. that is used to provide backup and recovery capabilities for enterprise environments. The software supports the detection of ransomware and backup protection of environmental data such as metadata and virtual environments. A security...
Arbitrary File Read Vulnerability in Istar Database Auditing System
Founded in 2003, Beijing Yisetong Technology Development Co., Ltd. is a professional and comprehensive data security vendor in the field of data security. There is an arbitrary file reading vulnerability in Yisetong database auditing system, which can be exploited by an attacker to read any file ...
Moodle arbitrary file reading vulnerability
Moodle is a free and open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment.Moodle suffers from an arbitrary file reading vulnerability, which stems from insufficient path checking and can be exploited by...
Design/Logic Flaw
Allows a remote user to read files on the camera's OS "GetFileContent.cgi". Reading arbitrary files on the camera's OS as root user...
CVE-2022-32320
A Cross-Site Request Forgery CSRF in Ferdi through 5.8.1 and Ferdium through 6.0.0-nightly.98 allows attackers to read files via an uploaded file such as a settings/preferences file...
CVE-2022-32320
A Cross-Site Request Forgery CSRF in Ferdi through 5.8.1 and Ferdium through 6.0.0-nightly.98 allows attackers to read files via an uploaded file such as a settings/preferences file...
Cross site request forgery (csrf)
A Cross-Site Request Forgery CSRF in Ferdi through 5.8.1 and Ferdium through 6.0.0-nightly.98 allows attackers to read files via an uploaded file such as a settings/preferences file...
CVE-2022-32320
A Cross-Site Request Forgery CSRF in Ferdi through 5.8.1 and Ferdium through 6.0.0-nightly.98 allows attackers to read files via an uploaded file such as a settings/preferences file...
CVE-2022-32320
CVE-2022-32320 describes a Cross-Site Request Forgery (CSRF) in Ferdi (up to 5.8.1) and Ferdium (up to 6.0.0-nightly.98) that allows an attacker to read files via an uploaded file (e.g., settings/preferences). The NVD entry lists a CVSSv3.1 base score of 8.8 ( HIGH ). No exploitation details are ...
CVE-2022-32275
Grafana 8.4.3 allows reading files via for example a /dashboard/snapshot/%7B%7Bconstructor.constructor'/.. /.. /.. /.. /.. /.. /.. /.. /etc/passwd URI. NOTE: the vendor's position is that there is no vulnerability; this request yields a benign error page, not /etc/passwd content...
CVE-2022-32275
Grafana 8.4.3 allows reading files via for example a /dashboard/snapshot/%7B%7Bconstructor.constructor'/.. /.. /.. /.. /.. /.. /.. /.. /etc/passwd URI. NOTE: the vendor's position is that there is no vulnerability; this request yields a benign error page, not /etc/passwd content...
CVE-2022-32275
Grafana 8.4.3 allows reading files via for example a /dashboard/snapshot/%7B%7Bconstructor.constructor'/.. /.. /.. /.. /.. /.. /.. /.. /etc/passwd URI. NOTE: the vendor's position is that there is no vulnerability; this request yields a benign error page, not /etc/passwd content...
CVE-2022-32275
Grafana 8.4.3 allows reading files via for example a /dashboard/snapshot/%7B%7Bconstructor.constructor'/.. /.. /.. /.. /.. /.. /.. /.. /etc/passwd URI. NOTE: the vendor's position is that there is no vulnerability; this request yields a benign error page, not /etc/passwd content...
CVE-2022-32275
Grafana 8.4.3 is listed as CVE-2022-32275 for a potential directory/traversal issue that could let an attacker read arbitrary files via crafted URLs such as /dashboard/snapshot/{...}/etc/passwd. The description notes the vendor’s position that there is no vulnerability and that the request yields...
GHSA-5824-6JFV-XR3R Arbitrary file read in ginadmin
In ginadmin through 05-10-2022, the incoming path value is not filtered, resulting in arbitrary file reading. A patch is available on the master branch of the repository...
CVE-2022-30428
In ginadmin through 05-10-2022, the incoming path value is not filtered, resulting in arbitrary file reading...
CVE-2022-30428
In ginadmin through 05-10-2022, the incoming path value is not filtered, resulting in arbitrary file reading...