3348 matches found
Design/Logic Flaw
This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Samsung Email Fixed in version 5.0.02.16. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...
Arbitrary file reading vulnerability in Laoban CMS backend
Laoban CMS content management system referred to as: Laoban CMS is developed by Laoban based on PHP + MYSQL environment of the open source station-building system. There is an arbitrary file reading vulnerability in the background of Laoban CMS. An attacker can exploit the vulnerability to read...
GHSA-6834-R92F-JJ42 Moderate severity vulnerability that affects actionview
Withdrawn, accidental duplicate publish. Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestrict...
CVE-2018-16288
Affected product: LG SuperSign EZ CMS 2.5. Vulnerability: Local File Inclusion (LFI) in signEzUI/playlist/edit/upload/..%2f URIs allows reading arbitrary files on the device. The Nuclei template and Open Source disclosures confirm this LFI condition, with paths such as signEzUI/playlist/edit/uplo...
FUJI XEROX DocuCentre-V 3065 Printer - Remote Command Execution
Exploit Title: FUJI XEROX DocuCentre-V 3065 Printer - Remote Command Execution Date: 2018-09-05 Exploit Author: vrsystem Vendor Homepage: https://www.fujixerox.com.cn/ Software Link: https://www.fujixerox.com.cn/ Version: DocuCentre-IV,DocuCentre-VI,DocuCentre-V,ApeosPort-VI,ApeosPort-V Tested on...
Authentication flaw
A lack of authentication, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows remote attackers to conduct a variety of attacks, including file reading/writing...
CVE-2018-13821
A lack of authentication, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows remote attackers to conduct a variety of attacks, including file reading/writing...
CVE-2018-13821
A lack of authentication, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows remote attackers to conduct a variety of attacks, including file reading/writing...
Responsive FileManager < 9.13.4 - Directory Traversal
The following vulnerabilities were fixed in the version 9.13.4. https://responsivefilemanager.com 1 Path Traversal Allows to Read Any File Reserved CVE: CVE-2018-15535 Discovered By: Simon Uvarov Vendor Status: Fixed Details: The following request allows a user to read any file on the system. GET...
CVE-2016-9605
A flaw was found in cobbler software component version 2.6.11-1. It suffers from an invalid parameter validation vulnerability, leading the arbitrary file reading. The flaw is triggered by navigating to a vulnerable URL via cobbler-web on a default installation...
Input validation
A flaw was found in cobbler software component version 2.6.11-1. It suffers from an invalid parameter validation vulnerability, leading the arbitrary file reading. The flaw is triggered by navigating to a vulnerable URL via cobbler-web on a default installation...
CVE-2016-9605
A flaw was found in cobbler software component version 2.6.11-1. It suffers from an invalid parameter validation vulnerability, leading the arbitrary file reading. The flaw is triggered by navigating to a vulnerable URL via cobbler-web on a default installation...
CVE-2016-9605
CVE-2016-9605 affects cobbler version 2.6.11-1, where an invalid parameter validation vulnerability in Cobbler-Web allows arbitrary file reading when a vulnerable URL is accessed on a default install. The issue is described across multiple connected advisories (SUSE/OpenSUSE OSV entries, SUSE CVE...
CVE-2016-9605
A flaw was found in cobbler software component version 2.6.11-1. It suffers from an invalid parameter validation vulnerability, leading the arbitrary file reading. The flaw is triggered by navigating to a vulnerable URL via cobbler-web on a default installation...
GHSA-2PWF-XWR3-HP55 Moderate severity vulnerability that affects actionview
Withdrawn, accidental duplicate publish. Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.2 and 4.x before 4.1.14.2 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. dot dot in a...
The bundled Atlassian Universal Plugin Manager plugin had a XXE issue - CVE-2018-20233
The version of the bundled Atlassian Universal Plugin Manager plugin had a XML External Entity vulnerability that allowed remote attackers with system administrator privileges to read files, make network requests and perform a denial of service attack via an XML External Entity vulnerability in t...
The bundled Atlassian Universal Plugin Manager plugin had a XXE issue - CVE-2018-20233
The version of the bundled Atlassian Universal Plugin Manager plugin had a XML External Entity vulnerability that allowed remote attackers with system administrator privileges to read files, make network requests and perform a denial of service attack via an XML External Entity vulnerability in t...
Brave Software: Local files reading from the "file://" origin through `brave://`
Summary: Sadly, fix for 390013 works only for web. Loading brave:// from the file:// origin allows reading local files on the device. I said that fix could be insufficient 😈 file:// and brave:// both are local origins. That means it's possible to access brave:// from file:// and vice versa...
ChamaNet MemoCGI Directory Traversal Vulnerability
ChamaNet MemoCGI is a notepad application. A directory traversal vulnerability exists in ChamaNet MemoCGI versions 2.1800 through 2.2200. A remote attacker can exploit this vulnerability to read arbitrary files...
AppCMS backend template management system has arbitrary file reading vulnerability
APPCMS is a professional APP content management system that provides a variety of extension modules, such as information, recommended positions, topics, friendly links, body internal links and so on, to help webmasters better personalize their own websites. There is an arbitrary file reading...