3348 matches found
CVE-2019-18426
A vulnerability in WhatsApp Desktop versions prior to 0.3.9309 when paired with WhatsApp for iPhone versions prior to 2.20.10 allows cross-site scripting and local file reading. Exploiting the vulnerability requires the victim to click a link preview from a specially crafted text message...
CVE-2019-18426
CVE-2019-18426 affects WhatsApp Desktop versions prior to 0.3.9309 when paired with WhatsApp for iPhone prior to 2.20.10. The vulnerability is a cross-site scripting flaw that can lead to local file reading; exploitation requires the victim to click a link preview from a specially crafted text me...
PT-2020-07: Arbitrary file reading in Oracle WebLogic Server
A vulnerability in Oracle WebLogic Server allows remote attackers to read local files in the context of the web server using a service URL and a specially crafted request. To exploit the vulnerability an adversary should have an administrative account. Access to the administrative panel is not...
CVE-2019-3429
All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have a file reading vulnerability. Attackers could obtain log file information without authorization, causing the disclosure of sensitive information...
Authorization
All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have a file reading vulnerability. Attackers could obtain log file information without authorization, causing the disclosure of sensitive information...
CVE-2019-3429
All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have a file reading vulnerability. Attackers could obtain log file information without authorization, causing the disclosure of sensitive information...
CVE-2019-3429
CVE-2019-3429 affects ZTE ZXCLOUD GoldenData VAP, with all versions prior to 4.01.01.02 vulnerable to a file-read vulnerability that allows an attacker to obtain log file information and disclose sensitive data. The linked sources consistently identify the affected product and version boundary (p...
Path traversal
A Path traversal exists in httpserver which allows an attacker to read arbitrary system files...
SAS Institute SAS XML Mapper XML External Entity (XXE) Vulnerability
SAS Institute SAS XML Mapper is an XML mapper from the U.S. SAS SAS Institute. The product automatically analyzes the structure of XML files and generates basic metadata. An XML External Entity XXE vulnerability exists in SAS Institute SAS XML Mapper version 9.45. The vulnerability stems from an...
CVE-2019-14678
SAS XML Mapper 9.45 has an XML External Entity XXE vulnerability that can be leveraged by malicious attackers in multiple ways. Examples are Local File Reading, Out Of Band File Exfiltration, Server Side Request Forgery, and/or Potential Denial of Service attacks. This vulnerability also affects...
Xxe
SAS XML Mapper 9.45 has an XML External Entity XXE vulnerability that can be leveraged by malicious attackers in multiple ways. Examples are Local File Reading, Out Of Band File Exfiltration, Server Side Request Forgery, and/or Potential Denial of Service attacks. This vulnerability also affects...
CVE-2019-14678
SAS XML Mapper 9.45 contains an XML External Entity (XXE) vulnerability in its XML parsing, also affecting the XMLV2 LIBNAME engine when AUTOMAP is used. The issue enables attackers to perform Local File Reading, Out Of Band File Exfiltration, Server-Side Request Forgery, and Potential Denial of ...
CVE-2019-14678
SAS XML Mapper 9.45 has an XML External Entity XXE vulnerability that can be leveraged by malicious attackers in multiple ways. Examples are Local File Reading, Out Of Band File Exfiltration, Server Side Request Forgery, and/or Potential Denial of Service attacks. This vulnerability also affects...
Valleylab FT10 and Valleylab FX8 Trust Management Issues Vulnerability
The Medtronic Valleylab FT10 and Valleylab FX8 are both power supply devices for the medical industry from Medtronic. The Valleylab FT10 and Valleylab FX8 have a trust management issue vulnerability that can be exploited by an attacker to read files on the devices...
CVE-2009-3614
liboping 1.3.2 allows users reading arbitrary files upon the local system...
Design/Logic Flaw
An issue was discovered in LabKey Server 19.1.0. Sending an SVG containing an XXE payload to the endpoint visualization-exportImage.view or visualization-exportPDF.view allows local files to be read...
CVE-2019-17538
Jiangnan Online Judge aka jnoj 0.8.0 has Directory Traversal for file reading via the web/polygon/problem/viewfile?id=1&name=../ substring...
Directory traversal
Jiangnan Online Judge aka jnoj 0.8.0 has Directory Traversal for file reading via the web/polygon/problem/viewfile?id=1&name=../ substring...
CVE-2019-17538
Jiangnan Online Judge aka jnoj 0.8.0 has Directory Traversal for file reading via the web/polygon/problem/viewfile?id=1&name=../ substring...
CVE-2008-1291
ViewVC before 1.0.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read files and list folders under the hidden CVSROOT folder...