Lucene search
K

3348 matches found

CNVD
CNVD
added 2019/08/07 12:0 a.m.3 views

X3.4 suffers from arbitrary file reading vulnerability

Discuz! is a general-purpose community forum software system. X3.4 has an arbitrary file reading vulnerability that can be exploited by attackers to read file information...

6.9AI score
Exploits0
NVD
NVD
added 2019/08/02 5:15 p.m.12 views

CVE-2017-18436

cPanel before 64.0.21 allows demo accounts to read files via a Fileman::getfileactions API2 call SEC-239...

3.5CVSS3.9AI score0.00382EPSS
Exploits0References2
OSV
OSV
added 2019/07/26 12:15 a.m.5 views

CVE-2019-10976

Mitsubishi Electric FR Configurator2, Version 1.16S and prior. This vulnerability is triggered when input passed to the XML parser is not sanitized while parsing the XML project and/or template file .frc2. Once a user opens the file, the attacker could read arbitrary files...

5.5CVSS5.9AI score0.01019EPSS
Exploits0References1
CVE
CVE
added 2019/07/18 4:5 p.m.97 views

CVE-2019-1010268

CVE-2019-1010268 : Ladon (since 0.6.1) is affected by an XML External Entity (XXE) vulnerability in SOAP request handlers. The attack vector is a specially crafted SOAP call, leading to information disclosure, including local file reads and access to internal network endpoints. Affected component...

9.8CVSS9.3AI score0.05711EPSS
Exploits1References2Affected Software1
Veracode
Veracode
added 2019/07/11 3:5 a.m.23 views

XML External Entity (XXE)

Odata4j is vulnerable to XML External Entity because the library does not disable reading external entities in StaxXMLInputFactory2. A remote attacker could submit a request containing an external XML entity that, when resolved, allows that attacker to read files on the application server with us...

5CVSS6AI score0.0211EPSS
Exploits1References5Affected Software2
Tenable Nessus
Tenable Nessus
added 2019/07/09 12:0 a.m.70 views

FreeBSD : python 3.6 -- multiple vulnerabilities (18ed9650-a1d6-11e9-9b17-fcaa147e860e)

Python changelog : bpo-35907: CVE-2019-9948: Avoid file reading by disallowing local-file:// and localfile:// URL schemes in URLopener.open and URLopener.retrieve of urllib.request. bpo-36742: Fixes mishandling of pre-normalization characters in urlsplit. bpo-30458: Address CVE-2019-9740 by...

9.1CVSS6.9AI score0.11844EPSS
Exploits2References4
OSV
OSV
added 2019/07/05 9:15 p.m.12 views

CVE-2019-13358

lib/DocumentToText.php in OpenCats before 0.9.4-3 has XXE that allows remote users to read files on the underlying operating system. The attacker must upload a file in the docx or odt format...

7.5CVSS6.7AI score
Exploits0References4
CVE
CVE
added 2019/07/03 6:40 p.m.231 views

CVE-2018-14865

The CVE-2018-14865 case concerns Odoo, specifically the Report engine in Odoo Community versions 9.0–11.0 and earlier and Odoo Enterprise versions 9.0–11.0 and earlier. The vulnerability stems from the Report engine not using secure options when passing documents to wkhtmltopdf, which can allow a...

6.5CVSS6.3AI score0.01533EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2019/07/02 12:0 a.m.4 views

Odoo Permission License and Access Control Issues Vulnerability

Odoo is an open source commercial system from the Belgian company Odoo. A privilege-permission and access-control issue vulnerability exists in the module-description renderer in Odoo 11.0 and earlier versions Community and Enterprise, which can be exploited by an attacker to read local files...

4.9CVSS6.5AI score0.01252EPSS
Exploits0References1
Hacker One
Hacker One
added 2019/06/17 6:51 p.m.90 views

Uber: Arbitrary File Reading on Uber SSL VPN

The hacker has found a series of 0 day related to Pulse Secure SSL VPN...

7.5CVSS1.2AI score0.99999EPSS
Exploits38
CNVD
CNVD
added 2019/06/12 12:0 a.m.2 views

zzzphp V1.7.0 official version of the backend of the existence of arbitrary file reading vulnerability

zzphp is a free open source website builder. zzzphp v1.7.0 exists arbitrary file reading vulnerability , an attacker can exploit the vulnerability to read arbitrary files...

6.9AI score
Exploits0
Kitploit
Kitploit
added 2019/06/06 12:26 p.m.2221 views

H8Mail v2.0 - Email OSINT And Password Breach Hunting

Powerful and user-friendly password finder. Use h8mail to find passwords through different breach and reconnaissance services, or using local breaches such as Troy Hunt's "Collection1" or the infamous "Breach Compilation" torrent. Features Email pattern matching reg exp, useful for reading from...

7.3AI score
Exploits0References10
ATTACKERKB
ATTACKERKB
added 2019/06/05 12:0 a.m.30 views

CVE-2019-18426

A vulnerability in WhatsApp Desktop versions prior to 0.3.9309 when paired with WhatsApp for iPhone versions prior to 2.20.10 allows cross-site scripting and local file reading. Exploiting the vulnerability requires the victim to click a link preview from a specially crafted text message. Recent...

8.2CVSS3.5AI score0.67859EPSS
In wildExploits5References3
OSV
OSV
added 2019/05/30 6:29 p.m.3 views

CVE-2019-9723

LogicalDOC Community Edition 8.x before 8.2.1 has a path traversal vulnerability that allows reading arbitrary files and the creation of directories, in the class PluginRegistry...

7.1CVSS7.2AI score0.01309EPSS
Exploits1References1
OSV
OSV
added 2019/05/22 12:29 a.m.20 views

CVE-2019-9892

An issue was discovered in Open Ticket Request System OTRS 5.x through 5.0.34, 6.x through 6.0.17, and 7.x through 7.0.6. An attacker who is logged into OTRS as an agent user with appropriate permissions may try to import carefully crafted Report Statistics XML that will result in reading of...

6.5CVSS6.7AI score
Exploits0References5
NVD
NVD
added 2019/05/22 12:29 a.m.16 views

CVE-2019-9892

An issue was discovered in Open Ticket Request System OTRS 5.x through 5.0.34, 6.x through 6.0.17, and 7.x through 7.0.6. An attacker who is logged into OTRS as an agent user with appropriate permissions may try to import carefully crafted Report Statistics XML that will result in reading of...

6.5CVSS6.9AI score0.01097EPSS
Exploits0References5
Cvelist
Cvelist
added 2019/05/21 11:17 p.m.21 views

CVE-2019-9892

An issue was discovered in Open Ticket Request System OTRS 5.x through 5.0.34, 6.x through 6.0.17, and 7.x through 7.0.6. An attacker who is logged into OTRS as an agent user with appropriate permissions may try to import carefully crafted Report Statistics XML that will result in reading of...

6.8AI score0.01097EPSS
Exploits0References5
CVE
CVE
added 2019/05/21 11:17 p.m.153 views

CVE-2019-9892

CVE-2019-9892 affects Open Ticket Request System (OTRS) versions 5.x (up to 5.0.34), 6.x (up to 6.0.17), and 7.x (up to 7.0.6). An agent with appropriate permissions can import a specially crafted Report Statistics XML, triggering an XML External Entity (XXE) processing flaw that may cause the sy...

6.5CVSS6.5AI score0.01097EPSS
Exploits0References5Affected Software1
Debian
Debian
added 2019/05/21 12:59 p.m.136 views

[SECURITY] [DLA 1798-1] jackson-databind security update

Package : jackson-databind Version : 2.4.2-2+deb8u6 CVE ID : CVE-2019-12086 Debian Bug : 929177 A Polymorphic Typing issue was discovered in jackson-databind, a JSON library for Java. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint...

7.5CVSS8.5AI score0.21949EPSS
Exploits2
NVD
NVD
added 2019/05/08 5:29 p.m.21 views

CVE-2019-11510

In Pulse Secure Pulse Connect Secure PCS 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability...

10CVSS9.7AI score0.99999EPSS
Exploits22References12
Rows per page
Query Builder