3349 matches found
TaoCMS arbitrary file reading vulnerability
Taocms is a micro Cms content management system in China.TaoCMS has an arbitrary file reading vulnerability that can be exploited by attackers via admin.php?action=file & ctrl=download & path=... /... /1.txt to read any file...
CuppaCMS alertConfigField.php file contains a vulnerability
CuppaCMS is a content management system CMS, and a file inclusion vulnerability exists in CuppaCMS version 1.0. The vulnerability stems from the fact that the url parameter in /alerts/alertConfigField.php does not effectively filter calls to local file resources, which could be exploited to read...
CVE-2022-22835
OverIT Geocall prior to version 8.0 is affected by an XXE vulnerability in the XSLT/Test Trasformazione XSL feature. An authenticated user enabling this functionality can trigger an XXE issue and read arbitrary files from the file system. Affected component: Geocall’s XSLT processing; root cause:...
PT-2022-15682 · Cybonet · Cybonet Pineapp Mail Relay
Name of the Vulnerable Software and Affected Versions: Cybonet PineApp Mail Relay affected versions not specified Description: The issue allows an attacker to send a request to the "/manage/mailpolicymtm/log/eml viewer/email.content.body.php" API endpoint with a filesystem path parameter set to a...
CVE-2021-40841
CVE-2021-40841 concerns LiveConfig 2.12.2, presenting a Path Traversal vulnerability in a log file that allows authenticated attackers to read files on the underlying server. The available connected documents confirm the affected software and the nature of the vulnerability but do not provide exp...
CVE-2022-25197
Jenkins HashiCorp Vault Plugin 336.v182c0fbaaeb7 and earlier implements functionality that allows agent processes to read arbitrary files on the Jenkins controller file system...
CVE-2022-25177
CVE-2022-25177 affects Jenkins Pipeline: Shared Groovy Libraries Plugin (552.vd9cc05b8a2e1 and earlier). Root cause: the libraryResource path reading follows symbolic links outside the expected Pipeline library, enabling reading arbitrary files on the Jenkins controller filesystem. Impact: via cr...
CVE-2022-25179
CVE-2022-25179 affects Jenkins Pipeline: Multibranch Plugin (706.vd43c65dec013 and earlier). The issue: the readTrusted step can follow symbolic links outside the configured SCM checkout, allowing attackers with Pipeline Configure permission to read arbitrary files on the Jenkins controller files...
PT-2022-9521 · WordPress · Wordpress Rsvp Plugin
Name of the Vulnerable Software and Affected Versions: RVM WordPress plugin versions prior to 6.4.2 Description: The issue concerns a lack of proper authorization, CSRF checks, and validation of the rvm upload regions file path parameter in the rvm import regions AJAX action. This allows any...
Rapid7 Insight Agent Arbitrary File Reading Vulnerability
Rapid7 Insight Agent is a lightweight software from Rapid7, Inc. that collects data from IT assets. The software is capable of collecting data from IT assets.An arbitrary file reading vulnerability exists in Rapid7 Insight Agent versions prior to 3.1.3, which stems from the software's lack of...
Taocms path traversal vulnerability
Taocms is a micro Cms content management system in China. taocms in v3.0.2 version there is an arbitrary file reading vulnerability, the vulnerability stems from the lack of filtering and restrictions on the software's path parameters, an attacker can use the vulnerability to read arbitrary files...
CVE-2021-23631
CVE-2021-23631 affects convert-svg-core, convert-svg-to-png, and convert-svg-to-jpeg. A crafted SVG can trigger Directory Traversal via the SVG File Handler, enabling an attacker to read arbitrary filesystem files and render their contents as a PNG/JPEG image. Affected software is the entire vers...
Moderate: Red Hat Security Advisory: java-17-openjdk security update
An update for java-17-openjdk is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
Taocms 路径遍历漏洞
Taocms is a micro Cms content management system in China. taocms in v3.0.2 version there is an arbitrary file reading vulnerability, the vulnerability stems from the lack of filtering and restrictions on the software's path parameters, an attacker can use the vulnerability to read arbitrary files...
Arbitrary File Read Vulnerability in Flash Flood Monitoring and Early Warning Platform of Siltronic Ltd.
Siltronic Ltd. is an information service provider for disaster reduction and profitability in China. An arbitrary file read vulnerability exists in the Flash Flood Monitoring and Warning Platform of Sicron Technology Limited, which can be exploited by attackers to obtain sensitive information...
Arbitrary File Read Vulnerability in Flash Flood Monitoring and Early Warning Platform of Siltronic Ltd.
Siltronic Ltd. is an information service provider for disaster reduction and profitability in China. An arbitrary file read vulnerability exists in the flash flood monitoring and early warning platform of Sicron Technology Limited, which can be exploited by attackers to obtain sensitive informati...
Arbitrary File Read Vulnerability in the Flash Flood Monitoring and Early Warning Platform of Siltronic Technology Limited (CNVD-2022-10307)
Siltronic Ltd. is an information service provider for disaster reduction and profitability in China. An arbitrary file read vulnerability exists in the flash flood monitoring and early warning platform of Sicron Technology Limited, which can be exploited by attackers to obtain sensitive informati...
Arbitrary File Read Vulnerability in the Flash Flood Monitoring and Early Warning Platform of Siltronic Technology Limited (CNVD-2022-10309)
Siltronic Ltd. is an information service provider for disaster reduction and profitability in China. An arbitrary file read vulnerability exists in the flash flood monitoring and early warning platform of Sicron Technology Limited, which can be exploited by attackers to obtain sensitive informati...
Arbitrary File Read Vulnerability in the Flash Flood Monitoring and Early Warning Platform of Siltronic Technology Limited (CNVD-2022-10306)
Siltronic Ltd. is an information service provider for disaster reduction and profitability in China. An arbitrary file read vulnerability exists in the flash flood monitoring and early warning platform of Sicron Technology Limited, which can be exploited by attackers to obtain sensitive informati...
Arbitrary File Read Vulnerability in the Flash Flood Monitoring and Early Warning Platform of Siltronic Technology Limited (CNVD-2022-10308)
Siltronic Ltd. is an information service provider for disaster reduction and profitability in China. An arbitrary file read vulnerability exists in the flash flood monitoring and early warning platform of Sicron Technology Limited, which can be exploited by attackers to obtain sensitive informati...