3349 matches found
Apache Druid LoadData has an arbitrary file reading vulnerability
A security vulnerability exists in Apache Druid, a column-oriented open source distributed database written in Java by the Apache Foundation, which stems from the fact that InputSource is used to read data from a data source in the Druid ingestion system. However, the HTTP InputSource allows an...
CVE-2021-40745 Adobe Campaign Path Traversal Leads to Information Exposure
Adobe Campaign version 21.2.1 and earlier is affected by a Path Traversal vulnerability that could lead to reading arbitrary server files. By leveraging an exposed XML file, an unauthenticated attacker can enumerate other files on the server...
CVE-2021-43277
An out-of-bounds read vulnerability exists in the U3D file reading procedure in Open Design Alliance PRC SDK before 2022.10. Crafted data in a U3D file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute...
CVE-2021-43275
A Use After Free vulnerability exists in the DGN file reading procedure in Open Design Alliance Drawings SDK before 2022.8. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute...
Cross site scripting
An Out-of-bounds Read vulnerability exists in the DGN file reading procedure in Open Design Alliance Drawings SDK before 2022.11. Crafted data in a DGN file and lack of verification of input data can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability t...
CVE-2021-43275
A Use After Free vulnerability exists in the DGN file reading procedure in Open Design Alliance Drawings SDK before 2022.8. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute...
The vulnerability of the automated information system “Registration in OO” arises from the lack of measures taken to protect the structure of the web page, allowing attackers to read arbitrary files.
The vulnerability of the automated information system “Registration in OO” is related to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to remotely read arbitrary files by sending a specially crafted POST request...
Kingdee Cloud Star Management Center has an arbitrary file reading vulnerability
Kingdee Cloud Star Management Center is a new generation of strategic enterprise management software developed by Kingdee Software China Co. based on cloud computing, big data, social, artificial intelligence, Internet of Things and other cutting-edge technologies. There is an arbitrary file...
GHSA-6V6P-P97V-G2P7 Out-of-bounds Write in OpenCV
OpenCV Open Source Computer Vision Library through 3.3 corresponding to OpenCV-Python and OpenCV-Contrib-Python 3.3.0.9 has an invalid write in the cv::RLByteStream::getBytes function in modules/imgcodecs/src/bitstrm.cpp when reading an image file by using cv::imread, as demonstrated by the...
GHSA-33H2-69J3-R336 Out-of-bounds Read in OpenCV
OpenCV Open Source Computer Vision Library through 3.3 corresponding to OpenCV-Python 3.3.0.9 has an out-of-bounds read error in the cv::RBaseStream::readBlock function in modules/imgcodecs/src/bitstrm.cpp when reading an image file by using cv::imread, as demonstrated by the...
Online Traffic Offense Management System 1.0 - Privilage escalation Vulnerability
Exploit Title: Online Traffic Offense Management System 1.0 - Privilage escalation Unauthenticated Exploit Author: Hubert Wojciechowski Contact Author: email protected Vendor Homepage: https://www.sourcecodester.com Software Link:...
CVE-2021-3856
ClassLoaderTheme and ClasspathThemeResourceProviderFactory allows reading any file available as a resource to the classloader. By sending requests for theme resources with a relative path from an external HTTP client, the client will receive the content of random files if available...
PortlandLabs Concrete CMS Path Traversal Vulnerability (CNVD-2021-76081)
PortlandLabs Concrete Cms is a team-oriented open source content management system for the United States PortlandLabs . A path traversal vulnerability exists in PortlandLabs Concrete CMS, which stems from the product's failure to securely handle user input data. The vulnerability can be exploited...
CVE-2021-40103
An issue was discovered in Concrete CMS through 8.5.5. Path Traversal can lead to Arbitrary File Reading and SSRF...
CVE-2021-40103
An issue was discovered in Concrete CMS through 8.5.5. Path Traversal can lead to Arbitrary File Reading and SSRF...
CVE-2021-40103
An issue was discovered in Concrete CMS through 8.5.5. Path Traversal can lead to Arbitrary File Reading and SSRF...
Path traversal
An issue was discovered in Concrete CMS through 8.5.5. Path Traversal can lead to Arbitrary File Reading and SSRF...
CVE-2021-40103
Concrete CMS (affected: up to version 8.5.5) is vulnerable to a path traversal issue that can lead to arbitrary file reading and SSRF. The CVE entry CVE-2021-40103 documents this vulnerability with impact stated as partial confidentiality exposure and potential SSRF, but explicit exploit details ...
CVE-2021-40103
An issue was discovered in Concrete CMS through 8.5.5. Path Traversal can lead to Arbitrary File Reading and SSRF...
Directory Traversal
jms-core is vulnerable to directory traversal. Lack of secure handling of paths allows an attacker to traverse into the WEB-INF folder and read files...