3348 matches found
CVE-2020-21524
There is a XML external entity XXE vulnerability in halo v1.1.3, The function of importing other blogs in the background/api/admin/migrations/wordpress needs to parse the xml file, but it is not used for security defense, This vulnerability can detect the intranet, read files, enable ddos attacks...
CVE-2020-21524
There is a XML external entity XXE vulnerability in halo v1.1.3, The function of importing other blogs in the background/api/admin/migrations/wordpress needs to parse the xml file, but it is not used for security defense, This vulnerability can detect the intranet, read files, enable ddos attacks...
CVE-2020-21525
Halo V1.1.3 is affected by: Arbitrary File reading. In an interface that reads files in halo v1.1.3, a directory traversal check is performed on the input path parameter, but the startsWith function can be used to bypass it...
Directory traversal
Halo V1.1.3 is affected by: Arbitrary File reading. In an interface that reads files in halo v1.1.3, a directory traversal check is performed on the input path parameter, but the startsWith function can be used to bypass it...
Xxe
There is a XML external entity XXE vulnerability in halo v1.1.3, The function of importing other blogs in the background/api/admin/migrations/wordpress needs to parse the xml file, but it is not used for security defense, This vulnerability can detect the intranet, read files, enable ddos attacks...
CVE-2020-21525
CVE-2020-21525 affects Halo V1.1.3. The issue is an arbitrary file reading vulnerability caused by a directory traversal check on the input path that can be bypassed using the startsWith function. The connected documents confirm the same description across multiple sources, but do not provide con...
CVE-2020-21525
Halo V1.1.3 is affected by: Arbitrary File reading. In an interface that reads files in halo v1.1.3, a directory traversal check is performed on the input path parameter, but the startsWith function can be used to bypass it...
CVE-2020-21524
There is a XML external entity XXE vulnerability in halo v1.1.3, The function of importing other blogs in the background/api/admin/migrations/wordpress needs to parse the xml file, but it is not used for security defense, This vulnerability can detect the intranet, read files, enable ddos attacks...
Ubuntu 20.04 LTS : kramdown vulnerability (USN-4562-1)
The remote Ubuntu 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4562-1 advisory. It was discovered that kramdown insecurely handled certain crafted input. An attacker could use this vulnerability to read restricted files or execute arbitrary...
CVE-2020-8256
A vulnerability in the Pulse Connect Secure 9.1R8.2 admin web interface could allow an authenticated attacker to gain arbitrary file reading access through Pulse Collaboration via XML External Entity XXE vulnerability...
CVE-2020-8256
A vulnerability in the Pulse Connect Secure 9.1R8.2 admin web interface could allow an authenticated attacker to gain arbitrary file reading access through Pulse Collaboration via XML External Entity XXE vulnerability...
CVE-2020-8256
CVE-2020-8256 is a vulnerability in the Pulse Connect Secure admin web interface prior to 9.1R8.2 that allows an authenticated attacker to read arbitrary files via XML External Entity (XXE) through Pulse Collaboration. The issue is confirmed across multiple sources (Red Hat advisory, Nessus plugi...
HPE Pay Path Traversal Vulnerability (CNVD-2021-18034)
Hewlett Packard Enterprise, HPE HPE PPU service is a pay-per-use network service from Hewlett Packard Enterprise HPE in the United States. A path traversal vulnerability exists in HPE Pay prior to version 1.9 that originates in the doGet method of the ReceiverServlet class of PPU and UCS. An...
HPE Pay Path Traversal Vulnerability (CNVD-2021-18033)
Hewlett Packard Enterprise, HPE HPE PPU service is a pay-per-use network service from Hewlett Packard Enterprise HPE in the United States. A path traversal vulnerability exists in HPE Pay prior to version 1.9 that originates in the execute method of the DownloadServlet class of PPU and UCS. An...
CVE-2020-25248
An issue was discovered in Hyland OnBase through 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. Directory traversal exists for reading files, as demonstrated by the FileName parameter...
CVE-2020-25248
CVE-2020-25248 affects Hyland OnBase prior to certain incremental updates (as listed in the description). The issue is a directory traversal vulnerability that permits reading files via the FileName parameter , implying improper validation of file paths. The vulnerability type is a path traversal...
CVE-2020-25248
An issue was discovered in Hyland OnBase through 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. Directory traversal exists for reading files, as demonstrated by the FileName parameter...
CVE-2018-17766
Ingenico Telium 2 POS Telium2 OS allow bypass of file-reading restrictions via the NTPT3 protocol. This is fixed in Telium 2 SDK v9.32.03 patch N...
CVE-2018-17766
Ingenico Telium 2 POS Telium2 OS allow bypass of file-reading restrictions via the NTPT3 protocol. This is fixed in Telium 2 SDK v9.32.03 patch N...
Authorization
Ingenico Telium 2 POS Telium2 OS allow bypass of file-reading restrictions via the NTPT3 protocol. This is fixed in Telium 2 SDK v9.32.03 patch N...