3348 matches found
Rice Shell enterprise website system backend exists arbitrary file reading vulnerability
Rice Shell enterprise station building system is a tailor-made for enterprises, webmasters, developers, network companies, VI planning and design companies, SEO promotion and marketing companies, website beginners and other users of a new enterprise station, content management system, services fo...
Hisilicon HiIpcam V100R003 Remote ADSL - Credentials Disclosure Exploit
!/usr/bin/perl -w Hisilicon HiIpcam V100R003 Remote ADSL Credentials Disclosure Copyright 2019 c Todor Donev Hisilicon HiIpcam V100R003 Remote ADSL Credentials Disclosure ============================================================= Exploit Author: Todor Donev 2019 Disclaimer: This or previous...
EUVD-2015-9246
Directory traversal vulnerability in the mTheme-Unus theme before 2.3 for WordPress allows an attacker to read arbitrary files via a .. dot dot in the files parameter to css/css.php...
Semmle: Worker container escape lead to arbitrary file reading in host machine [again]
Summary: After a successful build, LGTM allow user to view the file list. By default, only source code files and build config files are reserved lgtm.yml and .lgtm.yml. If there are both files in folder, LGTM will process lgtm.yml file and skip .lgtm.yml, but it still keeps both of files in...
U.S. Dept Of Defense: Arbitrary File Reading leads to RCE in the Pulse Secure SSL VPN on the https://██████ (███)
The Pulse Secure SSL VPN was found to be vulnerable to multiple issues, including pre-authentication arbitrary file reading CVE-2019-11510 and post-authentication command injection CVE-2019-11539. These vulnerabilities were discovered and disclosed by security researcher Orange Tsai. The...
U.S. Dept Of Defense: Arbitrary File Reading leads to RCE in the Pulse Secure SSL VPN on the https://████
Description Hello. Some time ago, researcher Orange Tsai from DEVCORE team had a talk on Defcon/BlackHat regarding Pulse Secure SSL VPN vulnerabilities fixed on 2019/4/25: CVE-2019-11510 - Pre-auth Arbitrary File Reading CVE-2019-11542 - Post-auth Stack Buffer Overflow CVE-2019-11539 - Post-auth...
CVE-2019-11654
Path traversal vulnerability in Micro Focus Verastream Host Integrator VHI, versions 7.7 SP2 and earlier, The vulnerability allows remote unauthenticated attackers to read arbitrary files...
Code injection
The advanced-ajax-page-loader plugin before 2.7.7 for WordPress has no protection against the reading of uploaded files when not logged in...
CVE-2016-10929
The advanced-ajax-page-loader plugin before 2.7.7 for WordPress has no protection against the reading of uploaded files when not logged in...
CVE-2019-15330
The webp-express plugin before 0.14.11 for WordPress has insufficient protection against arbitrary file reading...
CVE-2019-15330
The webp-express plugin before 0.14.11 for WordPress has insufficient protection against arbitrary file reading...
Design/Logic Flaw
The webp-express plugin before 0.14.11 for WordPress has insufficient protection against arbitrary file reading...
CVE-2019-15330
The CVE concerns the WordPress plugin WebP Express (before version 0.14.11). It has insufficient protection against arbitrary file reading, enabling potential information disclosure. Affected component: webp-express plugin for WordPress; vulnerability arises from inadequate access controls around...
CVE-2019-15330
The webp-express plugin before 0.14.11 for WordPress has insufficient protection against arbitrary file reading...
Exploit for Path Traversal in Ivanti Connect_Secure
CVE-2019-11510-poc Pulse Secure SSL VPN pre-auth file reading...
CVE-2019-11603
A HTTP Traversal Attack in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.0.2 allows remote attackers to read files outside the http root...
CVE-2019-11603 Path traversal in ProSyst mBS SDK and Bosch IoT Gateway Software
A HTTP Traversal Attack in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.0.2 allows remote attackers to read files outside the http root...
U.S. Dept Of Defense: Arbitrary File Reading leads to RCE in the Pulse Secure SSL VPN on the https://███
Description Hello. Some time ago, researcher Orange Tsai from DEVCORE team had a talk on Defcon/BlackHat regarding Pulse Secure SSL VPN vulnerabilities fixed on 2019/4/25: CVE-2019-11510 - Pre-auth Arbitrary File Reading CVE-2019-11542 - Post-auth Stack Buffer Overflow CVE-2019-11539 - Post-auth...
UBUNTU-CVE-2018-14672
In ClickHouse before 18.12.13, functions for loading CatBoost models allowed path traversal and reading arbitrary files through error messages...
CVE-2018-14672
CVE-2018-14672 affects ClickHouse prior to 18.12.13. The issue is in functions for loading CatBoost models, allowing path traversal and reading arbitrary files via error messages. Affected versions are prior to 18.12.13; the root cause is improper handling in those loading functions. Red Hat, Ubu...