3348 matches found
Continued Exploitation of Pulse Secure VPN Vulnerability
Summary Unpatched Pulse Secure VPN servers continue to be an attractive target for malicious actors. Affected organizations that have not applied the software patch to fix an arbitrary file reading vulnerability, known as CVE-2019-11510, can become compromised in an attack. 1 Although Pulse Secur...
CVE-2019-12814
A new polymorphic typing flaw was discovered in FasterXML jackson-databind, versions 2.x through 2.9.9. With default typing enabled, an attacker can send a specifically crafted JSON message to the server that allows them to read arbitrary local files. Mitigation This vulnerability relies on jdom...
CVE-2020-11527
In Zoho ManageEngine OpManager before 12.4.181, an unauthenticated remote attacker can send a specially crafted URI to read arbitrary files...
Ocean cms has arbitrary file reading vulnerability
Ocean CMS is a building system based on PHP+MYSQL architecture and supports cross-platform operation. Ocean cms there are arbitrary file reading vulnerability, attackers can use the vulnerability to obtain sensitive information...
OPENSUSE-SU-2020:0429-1 Security update for GraphicsMagick
This update for GraphicsMagick fixes the following issues: - CVE-2019-12921: Fixed an issue where text filename components potentially coulf have allowed reading of arbitrary files via TranslateTextEx boo1167208. - CVE-2020-10938: Fixed an integer overflow and resultant heap-based buffer overflow...
[SECURITY] [DLA 2152-1] graphicsmagick security update
Package : graphicsmagick Version : 1.3.20-3+deb8u9 CVE ID : CVE-2019-12921 A vulnerability was discovered in graphicsmagick, a collection of image processing tools, that allows allows an attacker to read arbitrary files via a crafted image because of TranslateTextEx for SVG. For Debian 8 "Jessie"...
CVE-2019-12921
In GraphicsMagick before 1.3.32, the text filename component allows remote attackers to read arbitrary files via a crafted image because of TranslateTextEx for SVG...
CVE-2019-20191
Oxygen XML Editor 21.1.1 allows XXE to read any file...
CVE-2019-17636
In Eclipse Theia versions 0.3.9 through 0.15.0, one of the default pre-packaged Theia extensions is "Mini-Browser", published as "@theia/mini-browser" on npmjs.com. This extension, for its own needs, exposes a HTTP endpoint that allows to read the content of files on the host's filesystem, given...
Arbitrary file reading vulnerability in XunYou cms
Hengshui Xunchi Internet Information Service Co., Ltd. is based on the Internet to provide domain name registration, marketing website construction, SEO optimization, Alibaba hosting, comprehensive promotion and other comprehensive e-commerce consulting and solutions to the IT company, the compan...
CVE-2019-12183
Incorrect Access Control in Safescan Timemoto TM-616 and TA-8000 series allows remote attackers to read any file via the administrative API...
Wireshark 3.2.x < 3.2.2 Multiple Vulnerabilities (macOS)
The version of Wireshark installed on the remote macOS / Mac OS X host is prior to 3.2.2. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-3.2.2 advisory. - In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the LTE RRC dissector could leak...
CVE-2014-4659
Ansible before 1.5.5 sets 0644 permissions for sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by reading a file that uses the "deb http://user:pass@server:port/" format...
XML Entity Injection Vulnerability in YouDianCMS
YouDianCMS is an enterprise website management system developed by Changsha YouDian Software Technology Co. YouDianCMS suffers from an XML entity injection vulnerability. An attacker can exploit the vulnerability to read arbitrary files, execute system commands, and probe intranet ports...
Security Bulletin: IBM FileNet Content Manager and Case Foundation security vulnerability in Administration Console for Content Platform Engine (ACCE)
Summary IBM FileNet Content Manager and Case Foundation have multiple security vulnerabilities in Administration Console for Content Platform Engine ACCE. Vulnerability Details CVEID: CVE-2019-4642 DESCRIPTION: IBM FileNet Content Manager allows web pages to be stored locally which can be read by...
PT-2020-1704
Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 7.0.0 through 7.0.99 Apache Tomcat versions 8.5.0 through 8.5.50 Apache Tomcat versions 9.0.0.M1 through 9.0.0.30 Description The issue is related to the Apache JServ Protocol AJP connector in Apache Tomcat, which can...
WordPress WP Database Backup File Read Vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WP Database Backup is a data backup plugin used in it. A security vulnerability exists in WordPress WP Database Backup 5.5 and earlier...
CVE-2019-18426
A vulnerability in WhatsApp Desktop versions prior to 0.3.9309 when paired with WhatsApp for iPhone versions prior to 2.20.10 allows cross-site scripting and local file reading. Exploiting the vulnerability requires the victim to click a link preview from a specially crafted text message...
Cross site scripting
A vulnerability in WhatsApp Desktop versions prior to 0.3.9309 when paired with WhatsApp for iPhone versions prior to 2.20.10 allows cross-site scripting and local file reading. Exploiting the vulnerability requires the victim to click a link preview from a specially crafted text message...
CVE-2019-18426
A vulnerability in WhatsApp Desktop versions prior to 0.3.9309 when paired with WhatsApp for iPhone versions prior to 2.20.10 allows cross-site scripting and local file reading. Exploiting the vulnerability requires the victim to click a link preview from a specially crafted text message...