3349 matches found
Arbitrary File Read Vulnerability in Flash Flood Monitoring and Early Warning System of Chengdu Wanjiang Gangli Technology Co.
Founded in 2007, Chengdu Wanjiang Gangli Technology Co., Ltd. is positioned as a full chain service provider of water technology under the framework of artificial intelligence. There is an arbitrary file read vulnerability in the flash flood monitoring and warning system of Chengdu Wanjiang Gangl...
YzmCMS Server-Side Request Forgery Vulnerability
YzmCMS is a lightweight open source content management system based on PHP+Mysql architecture developed by Yuan Zhimeng alone. YzmCMS 5.8 version of the back-end collection management server-side request forgery vulnerability, an attacker can use the vulnerability to read any file...
YzmCMS 代码问题漏洞
YzmCMS is a lightweight open source content management system based on PHP+Mysql architecture developed by Yuan Zhimeng alone. YzmCMS 5.8 version of the back-end collection management server-side request forgery vulnerability, an attacker can use the vulnerability to read any file...
CVE-2021-33184
Synology Download Station (task management component) is affected by CVE-2021-33184. The vulnerability is a Server-Side Request Forgery (SSRF) that can be exploited by remote authenticated users to read arbitrary files via unspecified vectors. Affected versions are before 3.8.15-3563. The connect...
ofcms v1.1.4 backend existence of arbitrary file reading vulnerability
OFCMS is a content management system developed based on java technology. OFCMS v1.1.4 there are arbitrary file reading vulnerabilities in the background, the vulnerability stems from the program fails to properly validate the user data, remote attackers can use the vulnerability to read the...
Microhome Software Technology (Hangzhou) Co., Ltd. website builder system suffers from an arbitrary file read vulnerability
Microsoft Technology Hangzhou Co., Ltd. is a professional ECM Collaboration Management Software and BPM Business Process Management Software R & D and solution provider. There is an arbitrary file reading vulnerability in the website building system of Microhome Software Technology Hangzhou Co. A...
Plone server-side request forgery vulnerability (CNVD-2021-37196)
Plone is an open source content management system CMS built on the Zope application server. A server-side request forgery vulnerability exists in Plone 5.2.4 and earlier versions. An authenticated remote attacker can exploit this vulnerability to read a line in a file...
Station Master CMS has arbitrary file reading vulnerability
Station Helpers CMS is a CMS open source system dedicated to creating a full-featured ... Station Helpers CMS has an arbitrary file read vulnerability that can be exploited by attackers to obtain sensitive information...
Chamilo XML External Entity Injection Vulnerability
Chamilo is a learning management system focused on ease of use and accessibility. Chamilo version 1.11.14 suffers from an XML external entity injection vulnerability. The vulnerability stems from reading XML data without disabling the ability to load external entities in admin/userimport.php, whi...
Adobe After Effects Out-of-Bounds Read Vulnerability (CNVD-2021-34733)
Adobe After Effects is a set of visual effects and motion graphics production software from the American company Audobee Adobe. The software is mainly used for 2D and 3D synthesis, animation and visual effects production. An out-of-bounds read vulnerability exists in Adobe After Effects 18.1 and...
Debian DLA-2658-1 : redmine security update
Several issues were found in Redmine, a project management web application, which could lead to cross-site scripting, information disclosure, and reading arbitrary files from the server. For Debian 9 stretch, these problems have been fixed in version 3.3.1-4+deb9u4. We recommend that you upgrade...
Chamilo 信息泄露漏洞
Chamilo is a learning management system focused on ease of use and accessibility. Chamilo version 1.11.14 suffers from an XML external entity injection vulnerability. The vulnerability stems from reading XML data without disabling the ability to load external entities in admin/userimport.php, whi...
CVE-2021-32093
CVE-2021-32093 affects NSA Emissary 5.9.0. The issue resides in the ConfigFileAction component, where an authenticated user can read arbitrary files via the ConfigName parameter, resulting in information disclosure. The connected documents corroborate the vulnerability description across multiple...
CVE-2020-36332
A flaw was found in libwebp. When reading a file libwebp allocates an excessive amount of memory. The highest threat from this vulnerability is to the service availability...
CVE-2021-31784
An out-of-bounds write vulnerability exists in the file-reading procedure in Open Design Alliance Drawings SDK before 2021.6 on all supported by ODA platforms in static configuration. This can allow attackers to cause a crash, potentially enabling a denial of service attack Crash, Exit, or Restar...
CVE-2021-31784
An out-of-bounds write vulnerability exists in the file-reading procedure in Open Design Alliance Drawings SDK before 2021.6 on all supported by ODA platforms in static configuration. This can allow attackers to cause a crash, potentially enabling a denial of service attack Crash, Exit, or Restar...
About the security content of Security Update 2021-002 Catalina
About the security content of Security Update 2021-002 Catalina This document describes the security content of Security Update 2021-002 Catalina. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has...
XML Entity Injection Vulnerability in Oracle WebLogic Server
Oracle WebLogic Server is an Oracle Oracle application service middleware for cloud and traditional environments, which provides a modern lightweight development platform that supports the entire lifecycle management of applications from development to production and simplifies application...
Arbitrary file reading vulnerability exists in Saida Technology's CloudVision video conferencing terminal
Anhui Saida Technology Co., Ltd. focuses on intelligent cloud video industry, based on the network of communication carriers, using a new generation of information technology to create a "cloud video application engine", focusing on big data application platforms, intelligent terminal product...
CVE-2021-20023
SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to read an arbitrary file on the remote host...