Lucene search
K

3349 matches found

CNVD
CNVD
added 2021/01/21 12:0 a.m.3 views

SIYUCMS backend has arbitrary file reading vulnerability

SIYUCMS is a content management system based on ThinkPHP + AdminLTE. An arbitrary file read vulnerability exists in the backend of SIYUCMS. Attackers can use the vulnerability to obtain sensitive information...

6.8AI score
Exploits0
CNVD
CNVD
added 2021/01/18 12:0 a.m.10 views

WordPress Simple Board Job plugin path traversal vulnerability

Wordpress Simple Board Job Plugin is a plugin from the WordPress Wordpress Foundation that provides job posting functionality job boards for Wordpress. A security vulnerability exists in WordPress Simple Board Job plugin 2.9.3 and earlier versions, which stems from a path traversal vulnerability ...

7.7CVSS6.9AI score0.30479EPSS
Exploits7References1
AlpineLinux
AlpineLinux
added 2021/01/13 3:55 p.m.48 views

CVE-2021-21602

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows reading arbitrary files using the file browser for workspaces and archived artifacts by following symlinks...

6.5CVSS7.1AI score0.02226EPSS
Exploits0
CNVD
CNVD
added 2021/01/06 12:0 a.m.6 views

MiniCMS Directory Traversal Vulnerability (CNVD-2021-02038)

MiniCMS is a micro content management system designed for personal websites. A directory traversal vulnerability exists in pageedit.php in MiniCMS V1.10. A remote attacker can exploit this vulnerability to read arbitrary files via the state parameter...

7.5CVSS6.9AI score0.01972EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2021/01/05 2:41 p.m.135 views

Exploit for Improper Input Validation in Cisco Adaptive_Security_Appliance_Software

CISCO CVE-2020-3452 Scanner & Exploiter It will scan the targ...

7.5CVSS7.9AI score0.99992EPSS
Exploits24
CNVD
CNVD
added 2020/12/02 12:0 a.m.3 views

Arbitrary File Read Vulnerability in SeaCMS

SeaCMS is designed to solve the core needs of station owners and a set of program adaptive computer, cell phone, tablet, APP multiple terminal entrance content management system. SeaCMS has an arbitrary file reading vulnerability that can be exploited by attackers to obtain sensitive information...

7AI score
Exploits0
OSV
OSV
added 2020/11/23 8:15 p.m.18 views

CVE-2020-15246

October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.421 and before version 1.0.469, an attacker can read local files on an October CMS server via a specially crafted request. Issue has been patched in Build 469 v1.0.469 and...

7.5CVSS7.5AI score
Exploits0References2
Prion
Prion
added 2020/11/19 12:15 a.m.20 views

Design/Logic Flaw

An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.8.9. A specially crafted request could bypass Multipart protection and read files in certain specific paths on the server. Affected versions are: =8.8.9, =13.4, =13.5, 13.5.2...

6.4CVSS7.8AI score0.01764EPSS
Exploits0References3Affected Software1
UbuntuCve
UbuntuCve
added 2020/11/19 12:15 a.m.23 views

CVE-2020-13356

An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.8.9. A specially crafted request could bypass Multipart protection and read files in certain specific paths on the server. Affected versions are: =8.8.9, =13.4, =13.5, 13.5.2...

8.2CVSS7AI score0.01764EPSS
Exploits0References1
CNVD
CNVD
added 2020/11/19 12:0 a.m.2 views

Shenzhen Yuanmeng Cloud Technology Co., Ltd. WeiPHP has file reading vulnerability

WeiPHP is an open source microsoft public platform development framework. Shenzhen Yuanmeng Yun Technology Co., Ltd WeiPHP has a file reading vulnerability, which can be exploited by attackers to obtain sensitive information...

6.8AI score
In wildExploits0
Cvelist
Cvelist
added 2020/11/18 11:35 p.m.25 views

CVE-2020-13356

An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.8.9. A specially crafted request could bypass Multipart protection and read files in certain specific paths on the server. Affected versions are: =8.8.9, =13.4, =13.5, 13.5.2...

8.2CVSS8AI score0.01764EPSS
Exploits0References3
CVE
CVE
added 2020/11/18 11:35 p.m.75 views

CVE-2020-13356

GitLab CE/EE versions affected: >=8.8.9, =13.4, =13.5,

8.2CVSS7.8AI score0.01764EPSS
Exploits0References3Affected Software1
Apple
Apple
added 2020/11/17 9:59 a.m.119 views

About the security content of iTunes 12.11 for Windows - Apple Support

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. Apple security documents reference...

9.3CVSS1AI score0.03207EPSS
Exploits0Affected Software1
NVD
NVD
added 2020/11/06 7:15 p.m.35 views

CVE-2020-27123

A vulnerability in the interprocess communication IPC channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to read arbitrary files on the underlying operating system of an affected device. The vulnerability is due to an exposed IPC function. ...

5.5CVSS5.3AI score0.00329EPSS
Exploits0References1
CNVD
CNVD
added 2020/11/06 12:0 a.m.7 views

Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) XXE Vulnerability

Trend Micro InterScan Messaging Security Virtual Appliance IMSVA is an appliance for securing communications from Trend Micro. A XXE vulnerability exists in the Trend Micro InterScan Messaging Security Virtual Appliance IMSVA. An attacker can exploit the vulnerability to read arbitrary local file...

4.9CVSS6.5AI score0.06392EPSS
Exploits2References1
Hacker One
Hacker One
added 2020/11/03 1:2 a.m.58 views

Mail.ru: file read on MCS servers via supplying a QCOW2 image with external backing file

Local file read in mcs.mail.ru by providing QCOW2 disk image with backing image pointing to external file Mail.ru Cloud Solutions allows uploading custom images for disks. This functionality supported QCOW2 disk images. A QCOW2 disk image can have a so-called "backing image" - a file to read...

0.3AI score
Exploits0
CNVD
CNVD
added 2020/10/30 12:0 a.m.1 views

XML Entity Injection Vulnerability in the JeewxBoot WeChat Butler Platform

JeewxBoot WeChat Butler Platform is a free JAVA WeChat Butler Platform that supports WeChat public number, small program, WeChat third-party platforms, sweepstakes and so on. JeewxBoot WeChat Butler Platform suffers from an XML entity injection vulnerability, which can be exploited by attackers t...

7.4AI score
Exploits0
NVD
NVD
added 2020/10/28 1:15 p.m.18 views

CVE-2020-8255

A vulnerability in the Pulse Connect Secure 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary file reading vulnerability is fixed using encrypted URL blacklisting that prevents these messages...

4.9CVSS5AI score0.02264EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/10/28 12:46 p.m.24 views

CVE-2020-8255

A vulnerability in the Pulse Connect Secure 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary file reading vulnerability is fixed using encrypted URL blacklisting that prevents these messages...

5AI score0.02264EPSS
Exploits0References1
CVE
CVE
added 2020/10/28 12:46 p.m.73 views

CVE-2020-8255

The CVE-2020-8255 entry applies to Pulse Connect Secure (PCS) admin web interface prior to 9.1R9. Reported issue: an authenticated attacker can read arbitrary files due to an input/URL handling flaw; fix implemented via encrypted URL blacklisting. Red Hat and other advisories corroborate the same...

4.9CVSS4.9AI score0.02264EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder