3349 matches found
CVE-2019-11510
In Pulse Secure Pulse Connect Secure PCS 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability...
CVE-2019-11510
In Pulse Secure Pulse Connect Secure PCS 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability...
CVE-2019-11510
In Pulse Secure Pulse Connect Secure PCS 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability...
CVE-2019-11510
CVE-2019-11510 affects Pulse Secure Pulse Connect Secure (PCS). An unauthenticated remote attacker can exploit a crafted URI to perform an arbitrary file read on PCS appliances. Impact is described as reading arbitrary files from the device, which can facilitate further intrusion steps. Affected ...
CVE-2019-11510
In Pulse Secure Pulse Connect Secure PCS 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability . Recent assessments: dmelcher5151 at April 15, 2020 4:11pm UTC reported...
Debian DLA-1774-1 : otrs2 security update
A flaw was discovered in OTRS, the Open Ticket Request System. An attacker who is logged into OTRS as an agent user with appropriate permissions may try to import carefully crafted Report Statistics XML that will result in reading of arbitrary files of OTRS filesystem. For Debian 8 'Jessie', this...
[SECURITY] [DLA 1774-1] otrs2 security update
Package : otrs2 Version : 3.3.18-1+deb8u9 CVE ID : CVE-2019-9892 A flaw was discovered in OTRS, the Open Ticket Request System. An attacker who is logged into OTRS as an agent user with appropriate permissions may try to import carefully crafted Report Statistics XML that will result in reading o...
Sony Smart TV Information Disclosure / File Read
UNCLASSIFIED ADVISORY INFORMATION TITLE: Multiple vulnerabilities in Sony Smart TVs ADVISORY URL: https://www.darkmatter.ae/blogs/security-flaws-uncovered-in-sony-smart-tvs/ DATE PUBLISHED: 23/04/2019 AFFECTED VENDORS: Sony RELEASE MODE: Coordinated release CVE: CVE-2019-10886, CVE-2019-11336...
CVE-2018-17169
PrinterOn products suffer an XXE vulnerability (CVE-2018-17169) in versions 4.1.4 and earlier. A crafted XML DTD can be processed by the service, allowing remote authenticated users to read arbitrary files or perform server-side request forgery (SSRF). The publicly available sources confirm the f...
Xxe
An XML external entity XXE vulnerability in Kofax Front Office Server Administration Console version 4.1.1.11.0.5212 allows remote authenticated users to read arbitrary files via crafted XML inside an imported package configuration .ZIP file within the Kofax/KFS/Admin/PackageService/package/uploa...
Confluence Server Remote Code Execution Vulnerability-vulnerability warning-the black bar safety net
Atlassian company for Confluence Server and Data Center products used in the widgetconnecter Assemblyversion Network Vine CRS/ARS products have full support for the vulnerability detection and verification, 网藤用户可直接登陆www.riskivy.com for verification. ! A, scope of impact Product Confluence Server...
PT-2019-3001
Name of the Vulnerable Software and Affected Versions Pulse Secure Pulse Connect Secure PCS versions 8.2 through 8.2R12.1 Pulse Secure Pulse Connect Secure PCS versions 8.3 through 8.3R7.1 Pulse Secure Pulse Connect Secure PCS versions 9.0 through 9.0R3.4 Description The issue is related to error...
CVE-2019-9761
CVE-2019-9761 is an XXE vulnerability in PHPSHE 1.7. The issue arises from the call to wechat_getxml in include/plugin/payment/wechat/notify_url.php, allowing an unauthenticated attacker to read arbitrary files or scan internal networks. CVSS details (NVD) indicate network attack vector, high imp...
CVE-2019-1588 Cisco Nexus 9000 Series Fabric Switches Application-Centric Infrastructure Mode Arbitrary File Read Vulnerability
A vulnerability in the Cisco Nexus 9000 Series Fabric Switches running in Application-Centric Infrastructure ACI mode could allow an authenticated, local attacker to read arbitrary files on an affected device. The vulnerability is due to a lack of proper input and validation checking mechanisms o...
CVE-2019-6799
An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access. This is related to the mysql.allowlocalinfile PHP...
H8Mail - Email OSINT And Password Breach Hunting
Email OSINT and password finder. Use h8mail to find passwords through different breach and reconnaissance services, or the infamous "Breach Compilation" torrent. Features Email pattern matching reg exp, useful for all those raw HTML files Small and fast Alpine Dockerfile available CLI or Bulk...
Code injection
An issue was discovered in S-CMS 1.0. It allows reading certain files, such as PHP source code, via the admin/download.php DownName parameter with a mixed-case extension, as demonstrated by a DownName=download.Php value...
CVE-2018-20478
An issue was discovered in S-CMS 1.0. It allows reading certain files, such as PHP source code, via the admin/download.php DownName parameter with a mixed-case extension, as demonstrated by a DownName=download.Php value...
CVE-2018-20478
An issue was discovered in S-CMS 1.0. It allows reading certain files, such as PHP source code, via the admin/download.php DownName parameter with a mixed-case extension, as demonstrated by a DownName=download.Php value...
CVE-2018-20478
S-CMS 1.0 contains a file-read vulnerability exploited via the admin/download.php DownName parameter. By passing a mixed-case extension (e.g., DownName=download.Php), an attacker can read files such as PHP source code. The issue is documented in CVE-2018-20478 and reflected in multiple feeds (NVD...