Lucene search
K

3349 matches found

CNVD
CNVD
added 2021/11/19 12:0 a.m.27 views

Apache Druid LoadData has an arbitrary file reading vulnerability

A security vulnerability exists in Apache Druid, a column-oriented open source distributed database written in Java by the Apache Foundation, which stems from the fact that InputSource is used to read data from a data source in the Druid ingestion system. However, the HTTP InputSource allows an...

6.5CVSS1.7AI score0.81038EPSS
Exploits3References1
Vulnrichment
Vulnrichment
added 2021/11/17 3:44 p.m.7 views

CVE-2021-40745 Adobe Campaign Path Traversal Leads to Information Exposure

Adobe Campaign version 21.2.1 and earlier is affected by a Path Traversal vulnerability that could lead to reading arbitrary server files. By leveraging an exposed XML file, an unauthenticated attacker can enumerate other files on the server...

7.5CVSS7.2AI score0.03604EPSS
Exploits0References1
OSV
OSV
added 2021/11/14 9:15 p.m.3 views

CVE-2021-43277

An out-of-bounds read vulnerability exists in the U3D file reading procedure in Open Design Alliance PRC SDK before 2022.10. Crafted data in a U3D file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute...

7.8CVSS5.6AI score0.00814EPSS
Exploits0References1
OSV
OSV
added 2021/11/14 9:15 p.m.2 views

CVE-2021-43275

A Use After Free vulnerability exists in the DGN file reading procedure in Open Design Alliance Drawings SDK before 2022.8. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute...

7.8CVSS6AI score0.00855EPSS
Exploits0References1
Prion
Prion
added 2021/11/14 9:15 p.m.14 views

Cross site scripting

An Out-of-bounds Read vulnerability exists in the DGN file reading procedure in Open Design Alliance Drawings SDK before 2022.11. Crafted data in a DGN file and lack of verification of input data can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability t...

4.3CVSS4AI score0.01405EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2021/11/14 8:50 p.m.19 views

CVE-2021-43275

A Use After Free vulnerability exists in the DGN file reading procedure in Open Design Alliance Drawings SDK before 2022.8. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute...

7.9AI score0.00855EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2021/11/11 12:0 a.m.4 views

The vulnerability of the automated information system “Registration in OO” arises from the lack of measures taken to protect the structure of the web page, allowing attackers to read arbitrary files.

The vulnerability of the automated information system “Registration in OO” is related to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to remotely read arbitrary files by sending a specially crafted POST request...

8.6CVSS5.6AI score
Exploits0Affected Software1
CNVD
CNVD
added 2021/10/25 12:0 a.m.23 views

Kingdee Cloud Star Management Center has an arbitrary file reading vulnerability

Kingdee Cloud Star Management Center is a new generation of strategic enterprise management software developed by Kingdee Software China Co. based on cloud computing, big data, social, artificial intelligence, Internet of Things and other cutting-edge technologies. There is an arbitrary file...

2.9AI score
Exploits0
OSV
OSV
added 2021/10/12 10:1 p.m.27 views

GHSA-6V6P-P97V-G2P7 Out-of-bounds Write in OpenCV

OpenCV Open Source Computer Vision Library through 3.3 corresponding to OpenCV-Python and OpenCV-Contrib-Python 3.3.0.9 has an invalid write in the cv::RLByteStream::getBytes function in modules/imgcodecs/src/bitstrm.cpp when reading an image file by using cv::imread, as demonstrated by the...

8.8CVSS8.5AI score0.0197EPSS
Exploits0References8
OSV
OSV
added 2021/10/12 10:0 p.m.25 views

GHSA-33H2-69J3-R336 Out-of-bounds Read in OpenCV

OpenCV Open Source Computer Vision Library through 3.3 corresponding to OpenCV-Python 3.3.0.9 has an out-of-bounds read error in the cv::RBaseStream::readBlock function in modules/imgcodecs/src/bitstrm.cpp when reading an image file by using cv::imread, as demonstrated by the...

8.8CVSS8.4AI score0.0197EPSS
Exploits0References10
0day.today
0day.today
added 2021/10/08 12:0 a.m.240 views

Online Traffic Offense Management System 1.0 - Privilage escalation Vulnerability

Exploit Title: Online Traffic Offense Management System 1.0 - Privilage escalation Unauthenticated Exploit Author: Hubert Wojciechowski Contact Author: email protected Vendor Homepage: https://www.sourcecodester.com Software Link:...

7.4AI score
Exploits0
RedhatCVE
RedhatCVE
added 2021/10/04 2:39 p.m.63 views

CVE-2021-3856

ClassLoaderTheme and ClasspathThemeResourceProviderFactory allows reading any file available as a resource to the classloader. By sending requests for theme resources with a relative path from an external HTTP client, the client will receive the content of random files if available...

4.3CVSS1AI score0.00897EPSS
Exploits0References3
CNVD
CNVD
added 2021/09/29 12:0 a.m.14 views

PortlandLabs Concrete CMS Path Traversal Vulnerability (CNVD-2021-76081)

PortlandLabs Concrete Cms is a team-oriented open source content management system for the United States PortlandLabs . A path traversal vulnerability exists in PortlandLabs Concrete CMS, which stems from the product's failure to securely handle user input data. The vulnerability can be exploited...

6.4CVSS6.7AI score0.00521EPSS
Exploits0References1
NVD
NVD
added 2021/09/27 12:15 p.m.16 views

CVE-2021-40103

An issue was discovered in Concrete CMS through 8.5.5. Path Traversal can lead to Arbitrary File Reading and SSRF...

7.5CVSS0.01436EPSS
Exploits0References2
OSV
OSV
added 2021/09/27 12:15 p.m.4 views

CVE-2021-40103

An issue was discovered in Concrete CMS through 8.5.5. Path Traversal can lead to Arbitrary File Reading and SSRF...

7.5CVSS6.9AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2021/09/27 12:15 p.m.3 views

CVE-2021-40103

An issue was discovered in Concrete CMS through 8.5.5. Path Traversal can lead to Arbitrary File Reading and SSRF...

7.5CVSS7.1AI score0.01436EPSS
Exploits0References3
Prion
Prion
added 2021/09/27 12:15 p.m.14 views

Path traversal

An issue was discovered in Concrete CMS through 8.5.5. Path Traversal can lead to Arbitrary File Reading and SSRF...

5CVSS7.5AI score0.01436EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2021/09/27 11:10 a.m.43 views

CVE-2021-40103

Concrete CMS (affected: up to version 8.5.5) is vulnerable to a path traversal issue that can lead to arbitrary file reading and SSRF. The CVE entry CVE-2021-40103 documents this vulnerability with impact stated as partial confidentiality exposure and potential SSRF, but explicit exploit details ...

7.5CVSS7.9AI score0.01436EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/09/27 11:10 a.m.16 views

CVE-2021-40103

An issue was discovered in Concrete CMS through 8.5.5. Path Traversal can lead to Arbitrary File Reading and SSRF...

8.2AI score0.01436EPSS
Exploits0References2
Veracode
Veracode
added 2021/09/24 2:16 a.m.19 views

Directory Traversal

jms-core is vulnerable to directory traversal. Lack of secure handling of paths allows an attacker to traverse into the WEB-INF folder and read files...

7.5CVSS4.1AI score0.52926EPSS
Exploits6References8Affected Software1
Rows per page
Query Builder