3349 matches found
CVE-2022-30428
In ginadmin through 05-10-2022, the incoming path value is not filtered, resulting in arbitrary file reading...
Design/Logic Flaw
In ginadmin through 05-10-2022, the incoming path value is not filtered, resulting in arbitrary file reading...
CVE-2022-30428
CVE-2022-30428 affects ginadmin (up to 05-10-2022). The vulnerability arises from an unfiltered incoming path value, allowing an arbitrary file read from the server. Affected component appears to be the admin/system handling path input; the issue enables access to sensitive files, as described co...
CVE-2022-30428
In ginadmin through 05-10-2022, the incoming path value is not filtered, resulting in arbitrary file reading...
Open Automation Software OAS Platform 访问控制错误漏洞
Open Automation Software OAS Platform is an industrial Internet of Things IoT suite from Open Automation Software, Inc. An information disclosure vulnerability exists in Open Automation Software OAS Platform version V16.00.0112, which stems from an information disclosure issue in the OAS Engine...
ginadmin 安全漏洞
ginadmin is a backend management platform based on the Gin framework for individual GPER developers in China. A security vulnerability exists in ginadmin 05-10-2022 and earlier versions, which stems from an unfiltered incoming path value, leading to arbitrary file reading...
WhatsApp Cross-Site Scripting Vulnerability
A vulnerability in WhatsApp Desktop when paired with WhatsApp for iPhone allows cross-site scripting and local file reading...
CVE-2022-28921
A Cross-Site Request Forgery CSRF vulnerability discovered in BlogEngine.Net v3.3.8.0 allows unauthenticated attackers to read arbitrary files on the hosting web server...
GHSA-X64M-686F-FMM3 XML External Entity (XXE) in Django
The XML libraries for Python as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity XXE attack...
GHSA-FW3X-2PR2-5J64 GeSHi vulnerable to Directory Traversal
Multiple directory traversal vulnerabilities in the cssgen contrib module in GeSHi before 1.0.8.11 allow remote attackers to read arbitrary files via a .. dot dot in the 1 geshi-path or 2 geshi-lang-path parameter...
GHSA-C57P-3V2G-W9RG Insertion of Sensitive Information into Log File in Apache Tomcat
Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file. This issue was...
GHSA-8XR3-54W2-8XJP Jenkins Image Gallery Plugin allows Path Traversal
Directory traversal vulnerability in the Image Gallery plugin before 1.4 in Jenkins allows remote attackers to list arbitrary directories and read arbitrary files via unspecified form fields...
Jenkins has XML External Entity (XXE) Vulnerability in Job Configuration via CLI
XML external entity XXE vulnerability in the create-job CLI command in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to read arbitrary files via a crafted job configuration that is then used in an "XML-aware tool," as demonstrated by get-job and update-job...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
A flaw was found in cobbler software component version 2.6.11-1. It suffers from an invalid parameter validation vulnerability, leading the arbitrary file reading. The flaw is triggered by navigating to a vulnerable URL via cobbler-web on a default installation...
Esri ArcGIS Enterprise Portal for ArcGIS组件XXE漏洞
Esri ArcGIS Enterprise is a GIS Geographic Information System base software system from the Environmental Systems Research Institute Esri, Inc. The system supports mapping and visualization, analysis, and data management, etc. An XXE vulnerability exists in the Esri ArcGIS Enterprise Portal for...
CVE-2022-28462
novel-plus 3.6.0 suffers from an Arbitrary file reading vulnerability...
CVE-2022-28462
novel-plus 3.6.0 suffers from an Arbitrary file reading vulnerability...
CVE-2022-28462
novel-plus 3.6.0 suffers from an Arbitrary file reading vulnerability...
CVE-2022-28462
CVE-2022-28462 affects novel-plus 3.6.0 with an Arbitrary file reading vulnerability caused by lack of restrictions on file parameters. NVD CVSSv3.1 base score 7.5 (HIGH) with network access and no privileges required; confidentiality impact HIGH. PT-Security notes no available fix as of their en...
CVE-2022-28462
novel-plus 3.6.0 suffers from an Arbitrary file reading vulnerability...