Lucene search
K

3349 matches found

NVD
NVD
added 2019/05/08 5:29 p.m.22 views

CVE-2019-11510

In Pulse Secure Pulse Connect Secure PCS 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability...

10CVSS9.7AI score0.99999EPSS
Exploits22References12
Cvelist
Cvelist
added 2019/05/08 4:18 p.m.25 views

CVE-2019-11510

In Pulse Secure Pulse Connect Secure PCS 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability...

9.9CVSS9.7AI score0.99999EPSS
Exploits22References11
Vulnrichment
Vulnrichment
added 2019/05/08 4:18 p.m.9 views

CVE-2019-11510

In Pulse Secure Pulse Connect Secure PCS 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability...

9.9CVSS9.8AI score0.99999EPSS
Exploits22References11
CVE
CVE
added 2019/05/08 4:18 p.m.2495 views

CVE-2019-11510

CVE-2019-11510 affects Pulse Secure Pulse Connect Secure (PCS). An unauthenticated remote attacker can exploit a crafted URI to perform an arbitrary file read on PCS appliances. Impact is described as reading arbitrary files from the device, which can facilitate further intrusion steps. Affected ...

10CVSS9.6AI score0.99999EPSS
In wildExploits22References12Affected Software1
ATTACKERKB
ATTACKERKB
added 2019/05/08 12:0 a.m.124 views

CVE-2019-11510

In Pulse Secure Pulse Connect Secure PCS 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability . Recent assessments: dmelcher5151 at April 15, 2020 4:11pm UTC reported...

10CVSS1.7AI score0.99999EPSS
In wildExploits22References17
Tenable Nessus
Tenable Nessus
added 2019/05/06 12:0 a.m.24 views

Debian DLA-1774-1 : otrs2 security update

A flaw was discovered in OTRS, the Open Ticket Request System. An attacker who is logged into OTRS as an agent user with appropriate permissions may try to import carefully crafted Report Statistics XML that will result in reading of arbitrary files of OTRS filesystem. For Debian 8 'Jessie', this...

6.5CVSS5.7AI score0.01097EPSS
Exploits0References3
Debian
Debian
added 2019/05/03 11:42 a.m.68 views

[SECURITY] [DLA 1774-1] otrs2 security update

Package : otrs2 Version : 3.3.18-1+deb8u9 CVE ID : CVE-2019-9892 A flaw was discovered in OTRS, the Open Ticket Request System. An attacker who is logged into OTRS as an agent user with appropriate permissions may try to import carefully crafted Report Statistics XML that will result in reading o...

6.5CVSS6.7AI score0.01097EPSS
Exploits0
Packet Storm
Packet Storm
added 2019/04/24 12:0 a.m.1927 views

Sony Smart TV Information Disclosure / File Read

UNCLASSIFIED ADVISORY INFORMATION TITLE: Multiple vulnerabilities in Sony Smart TVs ADVISORY URL: https://www.darkmatter.ae/blogs/security-flaws-uncovered-in-sony-smart-tvs/ DATE PUBLISHED: 23/04/2019 AFFECTED VENDORS: Sony RELEASE MODE: Coordinated release CVE: CVE-2019-10886, CVE-2019-11336...

4.3CVSS6.9AI score0.03206EPSS
Exploits4
CVE
CVE
added 2019/04/23 1:34 p.m.52 views

CVE-2018-17169

PrinterOn products suffer an XXE vulnerability (CVE-2018-17169) in versions 4.1.4 and earlier. A crafted XML DTD can be processed by the service, allowing remote authenticated users to read arbitrary files or perform server-side request forgery (SSRF). The publicly available sources confirm the f...

7.7CVSS7.1AI score0.01543EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2019/04/18 6:29 p.m.18 views

Xxe

An XML external entity XXE vulnerability in Kofax Front Office Server Administration Console version 4.1.1.11.0.5212 allows remote authenticated users to read arbitrary files via crafted XML inside an imported package configuration .ZIP file within the Kofax/KFS/Admin/PackageService/package/uploa...

4CVSS6.2AI score0.01543EPSS
Exploits1References1Affected Software1
myhack58
myhack58
added 2019/04/06 12:0 a.m.235 views

Confluence Server Remote Code Execution Vulnerability-vulnerability warning-the black bar safety net

Atlassian company for Confluence Server and Data Center products used in the widgetconnecter Assemblyversion Network Vine CRS/ARS products have full support for the vulnerability detection and verification, 网藤用户可直接登陆www.riskivy.com for verification. ! A, scope of impact Product Confluence Server...

1.3AI score
Exploits0
Positive Technologies
Positive Technologies
added 2019/03/22 12:0 a.m.2 views

PT-2019-3001

Name of the Vulnerable Software and Affected Versions Pulse Secure Pulse Connect Secure PCS versions 8.2 through 8.2R12.1 Pulse Secure Pulse Connect Secure PCS versions 8.3 through 8.3R7.1 Pulse Secure Pulse Connect Secure PCS versions 9.0 through 9.0R3.4 Description The issue is related to error...

10CVSS9.8AI score0.99999EPSS
Exploits22References69
CVE
CVE
added 2019/03/14 1:0 a.m.43 views

CVE-2019-9761

CVE-2019-9761 is an XXE vulnerability in PHPSHE 1.7. The issue arises from the call to wechat_getxml in include/plugin/payment/wechat/notify_url.php, allowing an unauthenticated attacker to read arbitrary files or scan internal networks. CVSS details (NVD) indicate network attack vector, high imp...

7.5CVSS7.4AI score0.01713EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/03/06 10:0 p.m.24 views

CVE-2019-1588 Cisco Nexus 9000 Series Fabric Switches Application-Centric Infrastructure Mode Arbitrary File Read Vulnerability

A vulnerability in the Cisco Nexus 9000 Series Fabric Switches running in Application-Centric Infrastructure ACI mode could allow an authenticated, local attacker to read arbitrary files on an affected device. The vulnerability is due to a lack of proper input and validation checking mechanisms o...

4.4CVSS4.6AI score0.00343EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2019/01/26 5:0 p.m.272 views

CVE-2019-6799

An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access. This is related to the mysql.allowlocalinfile PHP...

5.9CVSS5.9AI score0.15586EPSS
Exploits0
Kitploit
Kitploit
added 2019/01/11 9:12 p.m.937 views

H8Mail - Email OSINT And Password Breach Hunting

Email OSINT and password finder. Use h8mail to find passwords through different breach and reconnaissance services, or the infamous "Breach Compilation" torrent. Features Email pattern matching reg exp, useful for all those raw HTML files Small and fast Alpine Dockerfile available CLI or Bulk...

7.4AI score
Exploits0References2
Prion
Prion
added 2018/12/26 3:29 a.m.15 views

Code injection

An issue was discovered in S-CMS 1.0. It allows reading certain files, such as PHP source code, via the admin/download.php DownName parameter with a mixed-case extension, as demonstrated by a DownName=download.Php value...

5CVSS7.5AI score0.01208EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2018/12/26 3:29 a.m.20 views

CVE-2018-20478

An issue was discovered in S-CMS 1.0. It allows reading certain files, such as PHP source code, via the admin/download.php DownName parameter with a mixed-case extension, as demonstrated by a DownName=download.Php value...

7.5CVSS7.6AI score0.01208EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/12/26 3:0 a.m.25 views

CVE-2018-20478

An issue was discovered in S-CMS 1.0. It allows reading certain files, such as PHP source code, via the admin/download.php DownName parameter with a mixed-case extension, as demonstrated by a DownName=download.Php value...

7.6AI score0.01208EPSS
Exploits1References1
CVE
CVE
added 2018/12/26 3:0 a.m.50 views

CVE-2018-20478

S-CMS 1.0 contains a file-read vulnerability exploited via the admin/download.php DownName parameter. By passing a mixed-case extension (e.g., DownName=download.Php), an attacker can read files such as PHP source code. The issue is documented in CVE-2018-20478 and reflected in multiple feeds (NVD...

7.5CVSS7.5AI score0.01208EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder