3349 matches found
CVE-2021-40323
A flaw was found in cobbler. This flaw lies in the generatescript RPC method, which accepts unsanitized parameters. This flaw allows an attacker to read arbitrary files on the system as root. Further, the attacker could gain arbitrary code execution using template injection against the default...
CVE-2019-9060
CMS Made Simple 2.2.8 is affected by CVE-2019-9060 via the CGExtensions module (action.setdefaulttemplate.php) using m1_filename for unauthenticated path traversal and through action.showmessage.php with m1_prefname cg_errormsg and m1_resettodefault=1 to read arbitrary files. Impact: partial conf...
CVE-2021-39109
Atlasboard (Atlasian Atlasboard) prior to version 1.1.9 is vulnerable to a path traversal in the renderWidgetResource resource, allowing remote attackers to read arbitrary files. The underlying issue is improper filtering of path elements, enabling access outside restricted directories. Affected ...
The vulnerability of the Adobe DNG Software Development Kit’s file reading and writing software lies in its ability to read data beyond the buffer boundaries, allowing an attacker to disclose protected information.
The vulnerability of the Adobe DNG Software Development Kit’s file reading and writing software relates to reading beyond the buffer boundaries. Exploiting this vulnerability can allow a malicious actor to disclose protected information remotely...
CVE-2020-25351
CVE-2020-25351 affects the open-source config management tool rConfig prior to version 3.9.6. A flaw in the file path /lib/crud/configcompare.crud.php could allow remote authenticated attackers to read arbitrary files, constituting an information-disclosure vulnerability. The fixed version is 3.9...
CVE-2021-26086
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to read particular files via a path traversal vulnerability in the /WEB-INF/web.xml endpoint. The affected versions are before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1...
CVE-2021-26086
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to read particular files via a path traversal vulnerability in the /WEB-INF/web.xml endpoint. The affected versions are before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1...
Adobe Photoshop Multiple Vulnerabilities (APSB21-63) - Mac OS X
The host is missing an important security update according to Adobe August update. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Siemens JT2Go < 13.2.0.1 Multiple Vulnerabilities (SSA-365397)
The version of Siemens JT2Go installed on the remote Windows hosts is prior to 13.2.0.1. It is, therefore, affected by multiple vulnerabilities, including the following: - An out-of-bounds write issue exists in the DXF file-recovering procedure in the Drawings SDK resulting from the lack of prope...
CVE-2015-2073
The File RepositoRy Server FRS CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to read arbitrary files via a full pathname, aka SAP Note 2018682...
Arbitrary File Read Vulnerability in ECShop of Shanghai Shangpai Network Technology Co.
ECShop is a B2C independent online store system developed based on PHP language and MYSQL database framework, suitable for enterprises and individuals to quickly build a personalized online store. Ltd. ECShop has an arbitrary file read vulnerability, which can be exploited by attackers to obtain...
CVE-2021-32018
An issue was discovered in JUMP AMS 3.6.0.04.009-2487. The JUMP SOAP API was vulnerable to arbitrary file reading due to an improper limitation of file loading on the server filesystem, aka directory traversal...
CVE-2021-32018
An issue was discovered in JUMP AMS 3.6.0.04.009-2487. The JUMP SOAP API was vulnerable to arbitrary file reading due to an improper limitation of file loading on the server filesystem, aka directory traversal...
Directory traversal
An issue was discovered in JUMP AMS 3.6.0.04.009-2487. The JUMP SOAP API was vulnerable to arbitrary file reading due to an improper limitation of file loading on the server filesystem, aka directory traversal...
CVE-2021-32018
CVE-2021-32018 affects Jump AMS 3.6.0.04.009-2487 and is due to an improper limitation of file loading on the server filesystem in the JUMP SOAP API, enabling arbitrary file reads (directory traversal). Public records list CVSS metrics: CVSSv3.1 base 6.5 (Network, Low complexity, Privileges Low, ...
CVE-2021-32018
An issue was discovered in JUMP AMS 3.6.0.04.009-2487. The JUMP SOAP API was vulnerable to arbitrary file reading due to an improper limitation of file loading on the server filesystem, aka directory traversal...
Fortinet FortiPortal 路径遍历漏洞
Fortinet FortiPortal is an advanced, feature-rich managed security analysis and management support tool for Fortinet's FortiGate, FortiWiFi, and FortiAP product lines, available as a virtual machine for MSPs. A path traversal vulnerability exists in Fortinet FortiPortal, which is caused by an inp...
CVE-2021-37445
In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via logprop?file=/.. for file reading...
CVE-2021-37446
In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via documentprop?file=/.. for file reading...
Directory traversal
In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via documentprop?file=/.. for file reading...