Lucene search
K

3348 matches found

OSV
OSV
added 2020/09/30 6:15 p.m.3 views

CVE-2020-21524

There is a XML external entity XXE vulnerability in halo v1.1.3, The function of importing other blogs in the background/api/admin/migrations/wordpress needs to parse the xml file, but it is not used for security defense, This vulnerability can detect the intranet, read files, enable ddos attacks...

9.1CVSS7.3AI score0.0151EPSS
Exploits1References1
NVD
NVD
added 2020/09/30 6:15 p.m.12 views

CVE-2020-21524

There is a XML external entity XXE vulnerability in halo v1.1.3, The function of importing other blogs in the background/api/admin/migrations/wordpress needs to parse the xml file, but it is not used for security defense, This vulnerability can detect the intranet, read files, enable ddos attacks...

9.1CVSS0.0151EPSS
Exploits1References1
NVD
NVD
added 2020/09/30 6:15 p.m.19 views

CVE-2020-21525

Halo V1.1.3 is affected by: Arbitrary File reading. In an interface that reads files in halo v1.1.3, a directory traversal check is performed on the input path parameter, but the startsWith function can be used to bypass it...

7.5CVSS0.01917EPSS
Exploits1References1
Prion
Prion
added 2020/09/30 6:15 p.m.13 views

Directory traversal

Halo V1.1.3 is affected by: Arbitrary File reading. In an interface that reads files in halo v1.1.3, a directory traversal check is performed on the input path parameter, but the startsWith function can be used to bypass it...

5CVSS7.5AI score0.01917EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2020/09/30 6:15 p.m.18 views

Xxe

There is a XML external entity XXE vulnerability in halo v1.1.3, The function of importing other blogs in the background/api/admin/migrations/wordpress needs to parse the xml file, but it is not used for security defense, This vulnerability can detect the intranet, read files, enable ddos attacks...

6.4CVSS8.9AI score0.0151EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2020/09/30 2:38 p.m.44 views

CVE-2020-21525

CVE-2020-21525 affects Halo V1.1.3. The issue is an arbitrary file reading vulnerability caused by a directory traversal check on the input path that can be bypassed using the startsWith function. The connected documents confirm the same description across multiple sources, but do not provide con...

7.5CVSS7.5AI score0.01917EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2020/09/30 2:38 p.m.22 views

CVE-2020-21525

Halo V1.1.3 is affected by: Arbitrary File reading. In an interface that reads files in halo v1.1.3, a directory traversal check is performed on the input path parameter, but the startsWith function can be used to bypass it...

7.5AI score0.01917EPSS
Exploits1References1
Cvelist
Cvelist
added 2020/09/30 2:34 p.m.11 views

CVE-2020-21524

There is a XML external entity XXE vulnerability in halo v1.1.3, The function of importing other blogs in the background/api/admin/migrations/wordpress needs to parse the xml file, but it is not used for security defense, This vulnerability can detect the intranet, read files, enable ddos attacks...

9.1AI score0.0151EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2020/09/30 12:0 a.m.32 views

Ubuntu 20.04 LTS : kramdown vulnerability (USN-4562-1)

The remote Ubuntu 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4562-1 advisory. It was discovered that kramdown insecurely handled certain crafted input. An attacker could use this vulnerability to read restricted files or execute arbitrary...

9.8CVSS8.6AI score0.0456EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2020/09/29 1:41 p.m.15 views

CVE-2020-8256

A vulnerability in the Pulse Connect Secure 9.1R8.2 admin web interface could allow an authenticated attacker to gain arbitrary file reading access through Pulse Collaboration via XML External Entity XXE vulnerability...

6.9AI score0.03356EPSS
Exploits1References2
Cvelist
Cvelist
added 2020/09/29 1:41 p.m.29 views

CVE-2020-8256

A vulnerability in the Pulse Connect Secure 9.1R8.2 admin web interface could allow an authenticated attacker to gain arbitrary file reading access through Pulse Collaboration via XML External Entity XXE vulnerability...

5.2AI score0.03356EPSS
Exploits1References2
CVE
CVE
added 2020/09/29 1:41 p.m.79 views

CVE-2020-8256

CVE-2020-8256 is a vulnerability in the Pulse Connect Secure admin web interface prior to 9.1R8.2 that allows an authenticated attacker to read arbitrary files via XML External Entity (XXE) through Pulse Collaboration. The issue is confirmed across multiple sources (Red Hat advisory, Nessus plugi...

4.9CVSS5.2AI score0.03356EPSS
Exploits1References2Affected Software2
CNVD
CNVD
added 2020/09/25 12:0 a.m.5 views

HPE Pay Path Traversal Vulnerability (CNVD-2021-18034)

Hewlett Packard Enterprise, HPE HPE PPU service is a pay-per-use network service from Hewlett Packard Enterprise HPE in the United States. A path traversal vulnerability exists in HPE Pay prior to version 1.9 that originates in the doGet method of the ReceiverServlet class of PPU and UCS. An...

7.5CVSS6.7AI score0.01588EPSS
Exploits0
CNVD
CNVD
added 2020/09/25 12:0 a.m.8 views

HPE Pay Path Traversal Vulnerability (CNVD-2021-18033)

Hewlett Packard Enterprise, HPE HPE PPU service is a pay-per-use network service from Hewlett Packard Enterprise HPE in the United States. A path traversal vulnerability exists in HPE Pay prior to version 1.9 that originates in the execute method of the DownloadServlet class of PPU and UCS. An...

7.5CVSS6.9AI score0.01588EPSS
Exploits0References1
NVD
NVD
added 2020/09/11 3:15 a.m.15 views

CVE-2020-25248

An issue was discovered in Hyland OnBase through 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. Directory traversal exists for reading files, as demonstrated by the FileName parameter...

7.5CVSS0.02099EPSS
Exploits0References3
CVE
CVE
added 2020/09/11 2:20 a.m.58 views

CVE-2020-25248

CVE-2020-25248 affects Hyland OnBase prior to certain incremental updates (as listed in the description). The issue is a directory traversal vulnerability that permits reading files via the FileName parameter , implying improper validation of file paths. The vulnerability type is a path traversal...

7.5CVSS7.5AI score0.02099EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2020/09/11 2:20 a.m.17 views

CVE-2020-25248

An issue was discovered in Hyland OnBase through 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. Directory traversal exists for reading files, as demonstrated by the FileName parameter...

7.6AI score0.02099EPSS
Exploits0References3
OSV
OSV
added 2020/09/09 7:15 p.m.4 views

CVE-2018-17766

Ingenico Telium 2 POS Telium2 OS allow bypass of file-reading restrictions via the NTPT3 protocol. This is fixed in Telium 2 SDK v9.32.03 patch N...

4.6CVSS5.8AI score
Exploits0References4
NVD
NVD
added 2020/09/09 7:15 p.m.17 views

CVE-2018-17766

Ingenico Telium 2 POS Telium2 OS allow bypass of file-reading restrictions via the NTPT3 protocol. This is fixed in Telium 2 SDK v9.32.03 patch N...

4.6CVSS0.00527EPSS
Exploits1References4
Prion
Prion
added 2020/09/09 7:15 p.m.16 views

Authorization

Ingenico Telium 2 POS Telium2 OS allow bypass of file-reading restrictions via the NTPT3 protocol. This is fixed in Telium 2 SDK v9.32.03 patch N...

2.1CVSS4.7AI score0.00527EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder