3348 matches found
X3.4 suffers from arbitrary file reading vulnerability
Discuz! is a general-purpose community forum software system. X3.4 has an arbitrary file reading vulnerability that can be exploited by attackers to read file information...
CVE-2017-18436
cPanel before 64.0.21 allows demo accounts to read files via a Fileman::getfileactions API2 call SEC-239...
CVE-2019-10976
Mitsubishi Electric FR Configurator2, Version 1.16S and prior. This vulnerability is triggered when input passed to the XML parser is not sanitized while parsing the XML project and/or template file .frc2. Once a user opens the file, the attacker could read arbitrary files...
CVE-2019-1010268
CVE-2019-1010268 : Ladon (since 0.6.1) is affected by an XML External Entity (XXE) vulnerability in SOAP request handlers. The attack vector is a specially crafted SOAP call, leading to information disclosure, including local file reads and access to internal network endpoints. Affected component...
XML External Entity (XXE)
Odata4j is vulnerable to XML External Entity because the library does not disable reading external entities in StaxXMLInputFactory2. A remote attacker could submit a request containing an external XML entity that, when resolved, allows that attacker to read files on the application server with us...
FreeBSD : python 3.6 -- multiple vulnerabilities (18ed9650-a1d6-11e9-9b17-fcaa147e860e)
Python changelog : bpo-35907: CVE-2019-9948: Avoid file reading by disallowing local-file:// and localfile:// URL schemes in URLopener.open and URLopener.retrieve of urllib.request. bpo-36742: Fixes mishandling of pre-normalization characters in urlsplit. bpo-30458: Address CVE-2019-9740 by...
CVE-2019-13358
lib/DocumentToText.php in OpenCats before 0.9.4-3 has XXE that allows remote users to read files on the underlying operating system. The attacker must upload a file in the docx or odt format...
CVE-2018-14865
The CVE-2018-14865 case concerns Odoo, specifically the Report engine in Odoo Community versions 9.0–11.0 and earlier and Odoo Enterprise versions 9.0–11.0 and earlier. The vulnerability stems from the Report engine not using secure options when passing documents to wkhtmltopdf, which can allow a...
Odoo Permission License and Access Control Issues Vulnerability
Odoo is an open source commercial system from the Belgian company Odoo. A privilege-permission and access-control issue vulnerability exists in the module-description renderer in Odoo 11.0 and earlier versions Community and Enterprise, which can be exploited by an attacker to read local files...
Uber: Arbitrary File Reading on Uber SSL VPN
The hacker has found a series of 0 day related to Pulse Secure SSL VPN...
zzzphp V1.7.0 official version of the backend of the existence of arbitrary file reading vulnerability
zzphp is a free open source website builder. zzzphp v1.7.0 exists arbitrary file reading vulnerability , an attacker can exploit the vulnerability to read arbitrary files...
H8Mail v2.0 - Email OSINT And Password Breach Hunting
Powerful and user-friendly password finder. Use h8mail to find passwords through different breach and reconnaissance services, or using local breaches such as Troy Hunt's "Collection1" or the infamous "Breach Compilation" torrent. Features Email pattern matching reg exp, useful for reading from...
CVE-2019-18426
A vulnerability in WhatsApp Desktop versions prior to 0.3.9309 when paired with WhatsApp for iPhone versions prior to 2.20.10 allows cross-site scripting and local file reading. Exploiting the vulnerability requires the victim to click a link preview from a specially crafted text message. Recent...
CVE-2019-9723
LogicalDOC Community Edition 8.x before 8.2.1 has a path traversal vulnerability that allows reading arbitrary files and the creation of directories, in the class PluginRegistry...
CVE-2019-9892
An issue was discovered in Open Ticket Request System OTRS 5.x through 5.0.34, 6.x through 6.0.17, and 7.x through 7.0.6. An attacker who is logged into OTRS as an agent user with appropriate permissions may try to import carefully crafted Report Statistics XML that will result in reading of...
CVE-2019-9892
An issue was discovered in Open Ticket Request System OTRS 5.x through 5.0.34, 6.x through 6.0.17, and 7.x through 7.0.6. An attacker who is logged into OTRS as an agent user with appropriate permissions may try to import carefully crafted Report Statistics XML that will result in reading of...
CVE-2019-9892
An issue was discovered in Open Ticket Request System OTRS 5.x through 5.0.34, 6.x through 6.0.17, and 7.x through 7.0.6. An attacker who is logged into OTRS as an agent user with appropriate permissions may try to import carefully crafted Report Statistics XML that will result in reading of...
CVE-2019-9892
CVE-2019-9892 affects Open Ticket Request System (OTRS) versions 5.x (up to 5.0.34), 6.x (up to 6.0.17), and 7.x (up to 7.0.6). An agent with appropriate permissions can import a specially crafted Report Statistics XML, triggering an XML External Entity (XXE) processing flaw that may cause the sy...
[SECURITY] [DLA 1798-1] jackson-databind security update
Package : jackson-databind Version : 2.4.2-2+deb8u6 CVE ID : CVE-2019-12086 Debian Bug : 929177 A Polymorphic Typing issue was discovered in jackson-databind, a JSON library for Java. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint...
CVE-2019-11510
In Pulse Secure Pulse Connect Secure PCS 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability...