3349 matches found
CVE-2022-22701
PartKeepr vulnerability (CVE-2022-22701) affects PartKeepr up to v1.4.0 and is triggered when loading attachments by URL, enabling the use of the file:// URI scheme. An authenticated user can read local files due to how attachments are loaded during part creation. Impact is read access to local f...
TerraMaster TOS 4.2.x session forgery, arbitrary file reading, remote command execution, and other vulnerabilities
TerraMaster is a globally recognized professional storage brand that focuses on providing professional private cloud storage devices for users around the world. The vulnerabilities in TerraMaster TOS 4.2.x session forgery, arbitrary file reading, and remote command execution can be exploited to...
CVE-2021-44674
An information exposure issue has been discovered in Opmantek Open-AudIT 4.2.0. The vulnerability allows an authenticated attacker to read file outside of the restricted directory...
PYSEC-2022-43065
GDAL 3.3.0 through 3.4.0 has a heap-based buffer overflow in PCIDSK::CPCIDSKFile::ReadFromFile called from PCIDSK::CPCIDSKSegment::ReadFromFile and PCIDSK::CPCIDSKBinarySegment::CPCIDSKBinarySegment...
Mozilla Rust messagepack-rs crate file reading vulnerability (CNVD-2022-04510)
Rust is a general-purpose, compiled programming language from the Mozilla Foundation. rust messagepack-rs crate has a security vulnerability in versions prior to 2021-01-26, which can be exploited by attackers to deserializebinary to read data from an uninitialized memory location...
Mozilla Rust rdiff crate file reading vulnerability
Rust is a general-purpose, compiled programming language from the Mozilla Foundation. rust rdiff crate has a security vulnerability in versions prior to 2021-02-03, which can be exploited to read data from uninitialized memory locations...
Mozilla Rust messagepack-rs crate file reading vulnerability
Rust is a general-purpose, compiled programming language from the Mozilla Foundation. rust messagepack-rs crate has a security vulnerability in versions prior to 2021-01-26, which could be exploited by attackers to read data from uninitialized memory locations...
Design/Logic Flaw
Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects RBK352 before 4.4.0.10, RBR350 before 4.4.0.10, and RBS350 before 4.4.0.10...
CVE-2021-45494
Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects RBK352 before 4.4.0.10, RBR350 before 4.4.0.10, and RBS350 before 4.4.0.10...
Vim 缓冲区错误漏洞
Vim is a UNIX-based editor. vim suffers from a buffer overflow vulnerability, which stems from the fact that vim is vulnerable to out -bounds Read attacks, which can be exploited by attackers to read files out of bounds...
Garrett Metal Detectors iC Module CMA CLI readfile stack-based buffer overflow vulnerabilities
Summary Two stack-based buffer overflow vulnerabilities exist in how the CMA readfile function of Garrett Metal Detectors iC Module CMA Version 5.0 is used at various locations. Convincing the system to call readfile on a specially-crafted file can lead to stack-based buffer overflows. An attacke...
Grafana Unauthorized Arbitrary File Reading Vulnerability
Grafana Data Visualization Web Application Platform. Grafana Unauthorized Arbitrary File Reading vulnerability can be exploited by attackers to obtain sensitive information...
CVE-2021-37086
Technical details for CVE-2021-37086 are not publicly available in the provided documents; monitor for updates from vendors and security advisories.
PT-2021-5603 · Unknown · Crafter Cms
Name of the Vulnerable Software and Affected Versions: Crafter CMS versions affected versions not specified Description: The issue allows unauthenticated remote attackers to read textual content via FreeMarker, including files in /scripts/, /templates/, and some non-binary files in /.git/. This i...
RUSTSEC-2021-0126 RustEmbed generated `get` method allows for directory traversal when reading files from disk
When running in debug mode and the debug-embed off by default feature is not enabled, the generated get method does not check that the input path is a child of the folder given. This allows attackers to read arbitrary files in the file system if they have control over the filename given. The...
UBUNTU-CVE-2021-21707
In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexmlloadfile, URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the...
CVE-2021-21707 Special characters break path parsing in XML functions
In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexmlloadfile, URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the...
CVE-2021-21707
In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexmlloadfile, URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the...
Arbitrary File Read Vulnerability in Cyber-Sign's NetSign Digital Signature System
Ltd. is the earliest professional vendor engaged in the research, development and application of PKI technology in China. There is an arbitrary file reading vulnerability in the NetSign digital signature system, which can be exploited by an attacker to read server files...
Arbitrary file reading vulnerability in Aim
Impact A path traversal attack aims to access files and directories that are stored outside the web root folder. By manipulating variables that reference files with “dot-dot-slash ../” sequences and its variations or by using absolute file paths, it may be possible to access arbitrary files and...