Lucene search
K

3348 matches found

Vulnrichment
Vulnrichment
added 2020/01/21 8:30 p.m.8 views

CVE-2019-18426

A vulnerability in WhatsApp Desktop versions prior to 0.3.9309 when paired with WhatsApp for iPhone versions prior to 2.20.10 allows cross-site scripting and local file reading. Exploiting the vulnerability requires the victim to click a link preview from a specially crafted text message...

6AI score0.67859EPSS
Exploits5References2
CVE
CVE
added 2020/01/21 8:30 p.m.1114 views

CVE-2019-18426

CVE-2019-18426 affects WhatsApp Desktop versions prior to 0.3.9309 when paired with WhatsApp for iPhone prior to 2.20.10. The vulnerability is a cross-site scripting flaw that can lead to local file reading; exploitation requires the victim to click a link preview from a specially crafted text me...

8.2CVSS7.5AI score0.67859EPSS
In wildExploits5References3Affected Software1
Positive Technologies
Positive Technologies
added 2020/01/01 12:0 a.m.9 views

PT-2020-07: Arbitrary file reading in Oracle WebLogic Server

A vulnerability in Oracle WebLogic Server allows remote attackers to read local files in the context of the web server using a service URL and a specially crafted request. To exploit the vulnerability an adversary should have an administrative account. Access to the administrative panel is not...

4.9CVSS4.9AI score0.01451EPSS
Exploits0
NVD
NVD
added 2019/12/23 7:15 p.m.14 views

CVE-2019-3429

All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have a file reading vulnerability. Attackers could obtain log file information without authorization, causing the disclosure of sensitive information...

5.3CVSS5.1AI score0.00862EPSS
Exploits0References1
Prion
Prion
added 2019/12/23 7:15 p.m.17 views

Authorization

All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have a file reading vulnerability. Attackers could obtain log file information without authorization, causing the disclosure of sensitive information...

5CVSS5.1AI score0.00862EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/12/23 6:9 p.m.18 views

CVE-2019-3429

All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have a file reading vulnerability. Attackers could obtain log file information without authorization, causing the disclosure of sensitive information...

5.1AI score0.00862EPSS
Exploits0References1
CVE
CVE
added 2019/12/23 6:9 p.m.44 views

CVE-2019-3429

CVE-2019-3429 affects ZTE ZXCLOUD GoldenData VAP, with all versions prior to 4.01.01.02 vulnerable to a file-read vulnerability that allows an attacker to obtain log file information and disclose sensitive data. The linked sources consistently identify the affected product and version boundary (p...

5.3CVSS5AI score0.00862EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2019/12/18 9:15 p.m.13 views

Path traversal

A Path traversal exists in httpserver which allows an attacker to read arbitrary system files...

5CVSS7.4AI score0.02509EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2019/11/19 12:0 a.m.3 views

SAS Institute SAS XML Mapper XML External Entity (XXE) Vulnerability

SAS Institute SAS XML Mapper is an XML mapper from the U.S. SAS SAS Institute. The product automatically analyzes the structure of XML files and generates basic metadata. An XML External Entity XXE vulnerability exists in SAS Institute SAS XML Mapper version 9.45. The vulnerability stems from an...

10CVSS7AI score0.02951EPSS
Exploits1References1
NVD
NVD
added 2019/11/14 9:15 p.m.11 views

CVE-2019-14678

SAS XML Mapper 9.45 has an XML External Entity XXE vulnerability that can be leveraged by malicious attackers in multiple ways. Examples are Local File Reading, Out Of Band File Exfiltration, Server Side Request Forgery, and/or Potential Denial of Service attacks. This vulnerability also affects...

10CVSS9.5AI score0.02951EPSS
Exploits1References2
Prion
Prion
added 2019/11/14 9:15 p.m.18 views

Xxe

SAS XML Mapper 9.45 has an XML External Entity XXE vulnerability that can be leveraged by malicious attackers in multiple ways. Examples are Local File Reading, Out Of Band File Exfiltration, Server Side Request Forgery, and/or Potential Denial of Service attacks. This vulnerability also affects...

7.5CVSS9.3AI score0.02951EPSS
Exploits1References2Affected Software2
CVE
CVE
added 2019/11/14 8:59 p.m.85 views

CVE-2019-14678

SAS XML Mapper 9.45 contains an XML External Entity (XXE) vulnerability in its XML parsing, also affecting the XMLV2 LIBNAME engine when AUTOMAP is used. The issue enables attackers to perform Local File Reading, Out Of Band File Exfiltration, Server-Side Request Forgery, and Potential Denial of ...

10CVSS9.3AI score0.02951EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2019/11/14 8:59 p.m.15 views

CVE-2019-14678

SAS XML Mapper 9.45 has an XML External Entity XXE vulnerability that can be leveraged by malicious attackers in multiple ways. Examples are Local File Reading, Out Of Band File Exfiltration, Server Side Request Forgery, and/or Potential Denial of Service attacks. This vulnerability also affects...

9.5AI score0.02951EPSS
Exploits1References2
CNVD
CNVD
added 2019/11/11 12:0 a.m.2 views

Valleylab FT10 and Valleylab FX8 Trust Management Issues Vulnerability

The Medtronic Valleylab FT10 and Valleylab FX8 are both power supply devices for the medical industry from Medtronic. The Valleylab FT10 and Valleylab FX8 have a trust management issue vulnerability that can be exploited by an attacker to read files on the devices...

7.5CVSS6.8AI score0.01895EPSS
Exploits0References1
NVD
NVD
added 2019/11/09 3:15 a.m.32 views

CVE-2009-3614

liboping 1.3.2 allows users reading arbitrary files upon the local system...

3.3CVSS4AI score0.00347EPSS
Exploits0References2
Prion
Prion
added 2019/10/29 7:15 p.m.14 views

Design/Logic Flaw

An issue was discovered in LabKey Server 19.1.0. Sending an SVG containing an XXE payload to the endpoint visualization-exportImage.view or visualization-exportPDF.view allows local files to be read...

5CVSS7.4AI score0.37336EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2019/10/13 7:15 p.m.9 views

CVE-2019-17538

Jiangnan Online Judge aka jnoj 0.8.0 has Directory Traversal for file reading via the web/polygon/problem/viewfile?id=1&name=../ substring...

7.5CVSS7AI score
Exploits0References1
Prion
Prion
added 2019/10/13 7:15 p.m.11 views

Directory traversal

Jiangnan Online Judge aka jnoj 0.8.0 has Directory Traversal for file reading via the web/polygon/problem/viewfile?id=1&name=../ substring...

5CVSS7.6AI score0.11648EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/10/13 6:8 p.m.20 views

CVE-2019-17538

Jiangnan Online Judge aka jnoj 0.8.0 has Directory Traversal for file reading via the web/polygon/problem/viewfile?id=1&name=../ substring...

7.6AI score0.11648EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2019/10/04 9:57 p.m.16 views

CVE-2008-1291

ViewVC before 1.0.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read files and list folders under the hidden CVSROOT folder...

4.3CVSS6.5AI score0.0137EPSS
Exploits0References3
Rows per page
Query Builder