3349 matches found
SIYUCMS backend has arbitrary file reading vulnerability
SIYUCMS is a content management system based on ThinkPHP + AdminLTE. An arbitrary file read vulnerability exists in the backend of SIYUCMS. Attackers can use the vulnerability to obtain sensitive information...
WordPress Simple Board Job plugin path traversal vulnerability
Wordpress Simple Board Job Plugin is a plugin from the WordPress Wordpress Foundation that provides job posting functionality job boards for Wordpress. A security vulnerability exists in WordPress Simple Board Job plugin 2.9.3 and earlier versions, which stems from a path traversal vulnerability ...
CVE-2021-21602
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows reading arbitrary files using the file browser for workspaces and archived artifacts by following symlinks...
MiniCMS Directory Traversal Vulnerability (CNVD-2021-02038)
MiniCMS is a micro content management system designed for personal websites. A directory traversal vulnerability exists in pageedit.php in MiniCMS V1.10. A remote attacker can exploit this vulnerability to read arbitrary files via the state parameter...
Exploit for Improper Input Validation in Cisco Adaptive_Security_Appliance_Software
CISCO CVE-2020-3452 Scanner & Exploiter It will scan the targ...
Arbitrary File Read Vulnerability in SeaCMS
SeaCMS is designed to solve the core needs of station owners and a set of program adaptive computer, cell phone, tablet, APP multiple terminal entrance content management system. SeaCMS has an arbitrary file reading vulnerability that can be exploited by attackers to obtain sensitive information...
CVE-2020-15246
October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.421 and before version 1.0.469, an attacker can read local files on an October CMS server via a specially crafted request. Issue has been patched in Build 469 v1.0.469 and...
Design/Logic Flaw
An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.8.9. A specially crafted request could bypass Multipart protection and read files in certain specific paths on the server. Affected versions are: =8.8.9, =13.4, =13.5, 13.5.2...
CVE-2020-13356
An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.8.9. A specially crafted request could bypass Multipart protection and read files in certain specific paths on the server. Affected versions are: =8.8.9, =13.4, =13.5, 13.5.2...
Shenzhen Yuanmeng Cloud Technology Co., Ltd. WeiPHP has file reading vulnerability
WeiPHP is an open source microsoft public platform development framework. Shenzhen Yuanmeng Yun Technology Co., Ltd WeiPHP has a file reading vulnerability, which can be exploited by attackers to obtain sensitive information...
CVE-2020-13356
An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.8.9. A specially crafted request could bypass Multipart protection and read files in certain specific paths on the server. Affected versions are: =8.8.9, =13.4, =13.5, 13.5.2...
CVE-2020-13356
GitLab CE/EE versions affected: >=8.8.9, =13.4, =13.5,
About the security content of iTunes 12.11 for Windows - Apple Support
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. Apple security documents reference...
CVE-2020-27123
A vulnerability in the interprocess communication IPC channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to read arbitrary files on the underlying operating system of an affected device. The vulnerability is due to an exposed IPC function. ...
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) XXE Vulnerability
Trend Micro InterScan Messaging Security Virtual Appliance IMSVA is an appliance for securing communications from Trend Micro. A XXE vulnerability exists in the Trend Micro InterScan Messaging Security Virtual Appliance IMSVA. An attacker can exploit the vulnerability to read arbitrary local file...
Mail.ru: file read on MCS servers via supplying a QCOW2 image with external backing file
Local file read in mcs.mail.ru by providing QCOW2 disk image with backing image pointing to external file Mail.ru Cloud Solutions allows uploading custom images for disks. This functionality supported QCOW2 disk images. A QCOW2 disk image can have a so-called "backing image" - a file to read...
XML Entity Injection Vulnerability in the JeewxBoot WeChat Butler Platform
JeewxBoot WeChat Butler Platform is a free JAVA WeChat Butler Platform that supports WeChat public number, small program, WeChat third-party platforms, sweepstakes and so on. JeewxBoot WeChat Butler Platform suffers from an XML entity injection vulnerability, which can be exploited by attackers t...
CVE-2020-8255
A vulnerability in the Pulse Connect Secure 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary file reading vulnerability is fixed using encrypted URL blacklisting that prevents these messages...
CVE-2020-8255
A vulnerability in the Pulse Connect Secure 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary file reading vulnerability is fixed using encrypted URL blacklisting that prevents these messages...
CVE-2020-8255
The CVE-2020-8255 entry applies to Pulse Connect Secure (PCS) admin web interface prior to 9.1R9. Reported issue: an authenticated attacker can read arbitrary files due to an input/URL handling flaw; fix implemented via encrypted URL blacklisting. Red Hat and other advisories corroborate the same...