Lucene search
K

3349 matches found

RedhatCVE
RedhatCVE
added 2021/09/22 2:52 p.m.29 views

CVE-2021-40323

A flaw was found in cobbler. This flaw lies in the generatescript RPC method, which accepts unsanitized parameters. This flaw allows an attacker to read arbitrary files on the system as root. Further, the attacker could gain arbitrary code execution using template injection against the default...

9.8CVSS2.7AI score0.88482EPSS
Exploits0References3
CVE
CVE
added 2021/09/17 3:47 p.m.59 views

CVE-2019-9060

CMS Made Simple 2.2.8 is affected by CVE-2019-9060 via the CGExtensions module (action.setdefaulttemplate.php) using m1_filename for unauthenticated path traversal and through action.showmessage.php with m1_prefname cg_errormsg and m1_resettodefault=1 to read arbitrary files. Impact: partial conf...

7.5CVSS7.7AI score0.01465EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2021/09/01 5:20 a.m.59 views

CVE-2021-39109

Atlasboard (Atlasian Atlasboard) prior to version 1.1.9 is vulnerable to a path traversal in the renderWidgetResource resource, allowing remote attackers to read arbitrary files. The underlying issue is improper filtering of path elements, enabling access outside restricted directories. Affected ...

7.5CVSS7.4AI score0.01669EPSS
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/09/01 12:0 a.m.30 views

The vulnerability of the Adobe DNG Software Development Kit’s file reading and writing software lies in its ability to read data beyond the buffer boundaries, allowing an attacker to disclose protected information.

The vulnerability of the Adobe DNG Software Development Kit’s file reading and writing software relates to reading beyond the buffer boundaries. Exploiting this vulnerability can allow a malicious actor to disclose protected information remotely...

7.5CVSS7.4AI score0.03474EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2021/08/20 6:10 p.m.43 views

CVE-2020-25351

CVE-2020-25351 affects the open-source config management tool rConfig prior to version 3.9.6. A flaw in the file path /lib/crud/configcompare.crud.php could allow remote authenticated attackers to read arbitrary files, constituting an information-disclosure vulnerability. The fixed version is 3.9...

6.5CVSS6AI score0.01122EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2021/08/16 1:15 a.m.30 views

CVE-2021-26086

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to read particular files via a path traversal vulnerability in the /WEB-INF/web.xml endpoint. The affected versions are before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1...

5.3CVSS0.99999EPSS
Exploits6References3
Cvelist
Cvelist
added 2021/08/16 12:15 a.m.30 views

CVE-2021-26086

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to read particular files via a path traversal vulnerability in the /WEB-INF/web.xml endpoint. The affected versions are before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1...

5.8AI score0.99999EPSS
Exploits6References2
OpenVAS
OpenVAS
added 2021/08/12 12:0 a.m.24 views

Adobe Photoshop Multiple Vulnerabilities (APSB21-63) - Mac OS X

The host is missing an important security update according to Adobe August update. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

9.3CVSS5.7AI score0.05033EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2021/08/12 12:0 a.m.48 views

Siemens JT2Go < 13.2.0.1 Multiple Vulnerabilities (SSA-365397)

The version of Siemens JT2Go installed on the remote Windows hosts is prior to 13.2.0.1. It is, therefore, affected by multiple vulnerabilities, including the following: - An out-of-bounds write issue exists in the DXF file-recovering procedure in the Drawings SDK resulting from the lack of prope...

7.8CVSS7.2AI score0.02775EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2021/08/09 7:15 p.m.2 views

CVE-2015-2073

The File RepositoRy Server FRS CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to read arbitrary files via a full pathname, aka SAP Note 2018682...

7.5CVSS5.8AI score0.03959EPSS
Exploits1References5
CNVD
CNVD
added 2021/08/06 12:0 a.m.6 views

Arbitrary File Read Vulnerability in ECShop of Shanghai Shangpai Network Technology Co.

ECShop is a B2C independent online store system developed based on PHP language and MYSQL database framework, suitable for enterprises and individuals to quickly build a personalized online store. Ltd. ECShop has an arbitrary file read vulnerability, which can be exploited by attackers to obtain...

7.1AI score
Exploits0
NVD
NVD
added 2021/08/03 6:15 p.m.21 views

CVE-2021-32018

An issue was discovered in JUMP AMS 3.6.0.04.009-2487. The JUMP SOAP API was vulnerable to arbitrary file reading due to an improper limitation of file loading on the server filesystem, aka directory traversal...

8.5CVSS0.01181EPSS
Exploits0References2
OSV
OSV
added 2021/08/03 6:15 p.m.3 views

CVE-2021-32018

An issue was discovered in JUMP AMS 3.6.0.04.009-2487. The JUMP SOAP API was vulnerable to arbitrary file reading due to an improper limitation of file loading on the server filesystem, aka directory traversal...

6.5CVSS6.7AI score0.01181EPSS
Exploits0References2
Prion
Prion
added 2021/08/03 6:15 p.m.11 views

Directory traversal

An issue was discovered in JUMP AMS 3.6.0.04.009-2487. The JUMP SOAP API was vulnerable to arbitrary file reading due to an improper limitation of file loading on the server filesystem, aka directory traversal...

4CVSS6.5AI score0.01181EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2021/08/03 5:57 p.m.45 views

CVE-2021-32018

CVE-2021-32018 affects Jump AMS 3.6.0.04.009-2487 and is due to an improper limitation of file loading on the server filesystem in the JUMP SOAP API, enabling arbitrary file reads (directory traversal). Public records list CVSS metrics: CVSSv3.1 base 6.5 (Network, Low complexity, Privileges Low, ...

8.5CVSS6.5AI score0.01181EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/08/03 5:57 p.m.24 views

CVE-2021-32018

An issue was discovered in JUMP AMS 3.6.0.04.009-2487. The JUMP SOAP API was vulnerable to arbitrary file reading due to an improper limitation of file loading on the server filesystem, aka directory traversal...

8.5CVSS8.6AI score0.01181EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/08/03 12:0 a.m.4 views

Fortinet FortiPortal 路径遍历漏洞

Fortinet FortiPortal is an advanced, feature-rich managed security analysis and management support tool for Fortinet's FortiGate, FortiWiFi, and FortiAP product lines, available as a virtual machine for MSPs. A path traversal vulnerability exists in Fortinet FortiPortal, which is caused by an inp...

6.5CVSS6.7AI score0.011EPSS
Exploits0References3
NVD
NVD
added 2021/07/25 10:15 p.m.16 views

CVE-2021-37445

In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via logprop?file=/.. for file reading...

6.5CVSS0.01431EPSS
Exploits1References2
NVD
NVD
added 2021/07/25 10:15 p.m.10 views

CVE-2021-37446

In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via documentprop?file=/.. for file reading...

4.3CVSS0.01155EPSS
Exploits1References2
Prion
Prion
added 2021/07/25 10:15 p.m.13 views

Directory traversal

In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via documentprop?file=/.. for file reading...

4CVSS4.7AI score0.01155EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder