Lucene search
K

3348 matches found

CNVD
CNVD
added 2019/09/23 12:0 a.m.2 views

Rice Shell enterprise website system backend exists arbitrary file reading vulnerability

Rice Shell enterprise station building system is a tailor-made for enterprises, webmasters, developers, network companies, VI planning and design companies, SEO promotion and marketing companies, website beginners and other users of a new enterprise station, content management system, services fo...

6.7AI score
Exploits0
0day.today
0day.today
added 2019/09/23 12:0 a.m.51 views

Hisilicon HiIpcam V100R003 Remote ADSL - Credentials Disclosure Exploit

!/usr/bin/perl -w Hisilicon HiIpcam V100R003 Remote ADSL Credentials Disclosure Copyright 2019 c Todor Donev Hisilicon HiIpcam V100R003 Remote ADSL Credentials Disclosure ============================================================= Exploit Author: Todor Donev 2019 Disclaimer: This or previous...

7.4AI score
Exploits0
EUVD
EUVD
added 2019/09/20 7:26 p.m.4 views

EUVD-2015-9246

Directory traversal vulnerability in the mTheme-Unus theme before 2.3 for WordPress allows an attacker to read arbitrary files via a .. dot dot in the files parameter to css/css.php...

7.5CVSS7.8AI score0.55008EPSS
Exploits1References2
Hacker One
Hacker One
added 2019/09/18 9:34 a.m.114 views

Semmle: Worker container escape lead to arbitrary file reading in host machine [again]

Summary: After a successful build, LGTM allow user to view the file list. By default, only source code files and build config files are reserved lgtm.yml and .lgtm.yml. If there are both files in folder, LGTM will process lgtm.yml file and skip .lgtm.yml, but it still keeps both of files in...

Exploits0
Hacker One
Hacker One
added 2019/09/17 7:31 a.m.33 views

U.S. Dept Of Defense: Arbitrary File Reading leads to RCE in the Pulse Secure SSL VPN on the https://██████ (███)

The Pulse Secure SSL VPN was found to be vulnerable to multiple issues, including pre-authentication arbitrary file reading CVE-2019-11510 and post-authentication command injection CVE-2019-11539. These vulnerabilities were discovered and disclosed by security researcher Orange Tsai. The...

10CVSS9.2AI score0.99999EPSS
Exploits38
Hacker One
Hacker One
added 2019/09/14 10:51 p.m.401 views

U.S. Dept Of Defense: Arbitrary File Reading leads to RCE in the Pulse Secure SSL VPN on the https://████

Description Hello. Some time ago, researcher Orange Tsai from DEVCORE team had a talk on Defcon/BlackHat regarding Pulse Secure SSL VPN vulnerabilities fixed on 2019/4/25: CVE-2019-11510 - Pre-auth Arbitrary File Reading CVE-2019-11542 - Post-auth Stack Buffer Overflow CVE-2019-11539 - Post-auth...

7.5CVSS0.6AI score0.99999EPSS
Exploits38
OSV
OSV
added 2019/08/23 6:15 p.m.2 views

CVE-2019-11654

Path traversal vulnerability in Micro Focus Verastream Host Integrator VHI, versions 7.7 SP2 and earlier, The vulnerability allows remote unauthenticated attackers to read arbitrary files...

7.5CVSS5.9AI score0.0257EPSS
Exploits0References1
Prion
Prion
added 2019/08/22 8:15 p.m.13 views

Code injection

The advanced-ajax-page-loader plugin before 2.7.7 for WordPress has no protection against the reading of uploaded files when not logged in...

5CVSS7.2AI score0.01332EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/08/22 7:39 p.m.24 views

CVE-2016-10929

The advanced-ajax-page-loader plugin before 2.7.7 for WordPress has no protection against the reading of uploaded files when not logged in...

5.5AI score0.01332EPSS
Exploits0References1
OSV
OSV
added 2019/08/22 7:15 p.m.3 views

CVE-2019-15330

The webp-express plugin before 0.14.11 for WordPress has insufficient protection against arbitrary file reading...

7.5CVSS7.2AI score0.01779EPSS
Exploits0References1
NVD
NVD
added 2019/08/22 7:15 p.m.16 views

CVE-2019-15330

The webp-express plugin before 0.14.11 for WordPress has insufficient protection against arbitrary file reading...

7.5CVSS7.7AI score0.01779EPSS
Exploits0References1
Prion
Prion
added 2019/08/22 7:15 p.m.14 views

Design/Logic Flaw

The webp-express plugin before 0.14.11 for WordPress has insufficient protection against arbitrary file reading...

5CVSS7.7AI score0.01779EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2019/08/22 6:59 p.m.75 views

CVE-2019-15330

The CVE concerns the WordPress plugin WebP Express (before version 0.14.11). It has insufficient protection against arbitrary file reading, enabling potential information disclosure. Affected component: webp-express plugin for WordPress; vulnerability arises from inadequate access controls around...

7.5CVSS7.6AI score0.01779EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/08/22 6:59 p.m.22 views

CVE-2019-15330

The webp-express plugin before 0.14.11 for WordPress has insufficient protection against arbitrary file reading...

7.7AI score0.01779EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2019/08/22 8:18 a.m.108 views

Exploit for Path Traversal in Ivanti Connect_Secure

CVE-2019-11510-poc Pulse Secure SSL VPN pre-auth file reading...

10CVSS9.4AI score0.99999EPSS
Exploits22
NVD
NVD
added 2019/08/21 8:15 p.m.18 views

CVE-2019-11603

A HTTP Traversal Attack in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.0.2 allows remote attackers to read files outside the http root...

7.5CVSS7.5AI score0.0242EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/08/21 7:29 p.m.15 views

CVE-2019-11603 Path traversal in ProSyst mBS SDK and Bosch IoT Gateway Software

A HTTP Traversal Attack in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.0.2 allows remote attackers to read files outside the http root...

7.5CVSS7.5AI score0.0242EPSS
Exploits0References1
Hacker One
Hacker One
added 2019/08/21 1:3 p.m.338 views

U.S. Dept Of Defense: Arbitrary File Reading leads to RCE in the Pulse Secure SSL VPN on the https://███

Description Hello. Some time ago, researcher Orange Tsai from DEVCORE team had a talk on Defcon/BlackHat regarding Pulse Secure SSL VPN vulnerabilities fixed on 2019/4/25: CVE-2019-11510 - Pre-auth Arbitrary File Reading CVE-2019-11542 - Post-auth Stack Buffer Overflow CVE-2019-11539 - Post-auth...

7.5CVSS0.6AI score0.99999EPSS
Exploits38
OSV
OSV
added 2019/08/15 6:15 p.m.3 views

UBUNTU-CVE-2018-14672

In ClickHouse before 18.12.13, functions for loading CatBoost models allowed path traversal and reading arbitrary files through error messages...

5.3CVSS6.1AI score0.01741EPSS
Exploits0References3
CVE
CVE
added 2019/08/15 5:54 p.m.97 views

CVE-2018-14672

CVE-2018-14672 affects ClickHouse prior to 18.12.13. The issue is in functions for loading CatBoost models, allowing path traversal and reading arbitrary files via error messages. Affected versions are prior to 18.12.13; the root cause is improper handling in those loading functions. Red Hat, Ubu...

5.3CVSS5.4AI score0.01741EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder