Lucene search
K

3348 matches found

Prion
Prion
added 2018/09/24 11:29 p.m.18 views

Design/Logic Flaw

This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Samsung Email Fixed in version 5.0.02.16. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...

2.1CVSS5.5AI score0.00374EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2018/09/18 12:0 a.m.2 views

Arbitrary file reading vulnerability in Laoban CMS backend

Laoban CMS content management system referred to as: Laoban CMS is developed by Laoban based on PHP + MYSQL environment of the open source station-building system. There is an arbitrary file reading vulnerability in the background of Laoban CMS. An attacker can exploit the vulnerability to read...

6.9AI score
Exploits0
OSV
OSV
added 2018/09/17 9:55 p.m.14 views

GHSA-6834-R92F-JJ42 Moderate severity vulnerability that affects actionview

Withdrawn, accidental duplicate publish. Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestrict...

7.5CVSS7.3AI score0.95537EPSS
Exploits11References2
CVE
CVE
added 2018/09/14 9:0 p.m.98 views

CVE-2018-16288

Affected product: LG SuperSign EZ CMS 2.5. Vulnerability: Local File Inclusion (LFI) in signEzUI/playlist/edit/upload/..%2f URIs allows reading arbitrary files on the device. The Nuclei template and Open Source disclosures confirm this LFI condition, with paths such as signEzUI/playlist/edit/uplo...

8.6CVSS8.5AI score0.35258EPSS
Exploits5References2Affected Software1
Exploit DB
Exploit DB
added 2018/09/05 12:0 a.m.38 views

FUJI XEROX DocuCentre-V 3065 Printer - Remote Command Execution

Exploit Title: FUJI XEROX DocuCentre-V 3065 Printer - Remote Command Execution Date: 2018-09-05 Exploit Author: vrsystem Vendor Homepage: https://www.fujixerox.com.cn/ Software Link: https://www.fujixerox.com.cn/ Version: DocuCentre-IV,DocuCentre-VI,DocuCentre-V,ApeosPort-VI,ApeosPort-V Tested on...

7.4AI score
Exploits0
Prion
Prion
added 2018/08/30 2:29 p.m.14 views

Authentication flaw

A lack of authentication, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows remote attackers to conduct a variety of attacks, including file reading/writing...

7.5CVSS9.3AI score0.02681EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2018/08/30 2:29 p.m.12 views

CVE-2018-13821

A lack of authentication, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows remote attackers to conduct a variety of attacks, including file reading/writing...

9.8CVSS9.5AI score0.02681EPSS
Exploits0References2
Cvelist
Cvelist
added 2018/08/30 2:0 p.m.17 views

CVE-2018-13821

A lack of authentication, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows remote attackers to conduct a variety of attacks, including file reading/writing...

9.4AI score0.02681EPSS
Exploits0References2
Exploit DB
Exploit DB
added 2018/08/27 12:0 a.m.60 views

Responsive FileManager < 9.13.4 - Directory Traversal

The following vulnerabilities were fixed in the version 9.13.4. https://responsivefilemanager.com 1 Path Traversal Allows to Read Any File Reserved CVE: CVE-2018-15535 Discovered By: Simon Uvarov Vendor Status: Fixed Details: The following request allows a user to read any file on the system. GET...

7.5CVSS6.4AI score0.45242EPSS
Exploits6
UbuntuCve
UbuntuCve
added 2018/08/22 9:29 p.m.21 views

CVE-2016-9605

A flaw was found in cobbler software component version 2.6.11-1. It suffers from an invalid parameter validation vulnerability, leading the arbitrary file reading. The flaw is triggered by navigating to a vulnerable URL via cobbler-web on a default installation...

6.1CVSS6.6AI score0.00799EPSS
Exploits0References3
Prion
Prion
added 2018/08/22 9:29 p.m.15 views

Input validation

A flaw was found in cobbler software component version 2.6.11-1. It suffers from an invalid parameter validation vulnerability, leading the arbitrary file reading. The flaw is triggered by navigating to a vulnerable URL via cobbler-web on a default installation...

4.3CVSS7AI score0.00799EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2018/08/22 9:29 p.m.21 views

CVE-2016-9605

A flaw was found in cobbler software component version 2.6.11-1. It suffers from an invalid parameter validation vulnerability, leading the arbitrary file reading. The flaw is triggered by navigating to a vulnerable URL via cobbler-web on a default installation...

6.1CVSS6.2AI score0.00799EPSS
Exploits0References1
CVE
CVE
added 2018/08/22 9:0 p.m.55 views

CVE-2016-9605

CVE-2016-9605 affects cobbler version 2.6.11-1, where an invalid parameter validation vulnerability in Cobbler-Web allows arbitrary file reading when a vulnerable URL is accessed on a default install. The issue is described across multiple connected advisories (SUSE/OpenSUSE OSV entries, SUSE CVE...

6.1CVSS6.1AI score0.00799EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/08/22 9:0 p.m.32 views

CVE-2016-9605

A flaw was found in cobbler software component version 2.6.11-1. It suffers from an invalid parameter validation vulnerability, leading the arbitrary file reading. The flaw is triggered by navigating to a vulnerable URL via cobbler-web on a default installation...

6.1CVSS6.2AI score0.00799EPSS
Exploits0References1
OSV
OSV
added 2018/08/13 8:48 p.m.12 views

GHSA-2PWF-XWR3-HP55 Moderate severity vulnerability that affects actionview

Withdrawn, accidental duplicate publish. Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.2 and 4.x before 4.1.14.2 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. dot dot in a...

5.3CVSS7.3AI score0.04423EPSS
Exploits1References2
Atlassian
Atlassian
added 2018/08/07 4:20 a.m.66 views

The bundled Atlassian Universal Plugin Manager plugin had a XXE issue - CVE-2018-20233

The version of the bundled Atlassian Universal Plugin Manager plugin had a XML External Entity vulnerability that allowed remote attackers with system administrator privileges to read files, make network requests and perform a denial of service attack via an XML External Entity vulnerability in t...

6.5CVSS3.7AI score0.01818EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2018/08/07 4:20 a.m.38 views

The bundled Atlassian Universal Plugin Manager plugin had a XXE issue - CVE-2018-20233

The version of the bundled Atlassian Universal Plugin Manager plugin had a XML External Entity vulnerability that allowed remote attackers with system administrator privileges to read files, make network requests and perform a denial of service attack via an XML External Entity vulnerability in t...

6.5CVSS3.7AI score0.01818EPSS
Exploits0Affected Software1
Hacker One
Hacker One
added 2018/08/03 11:6 p.m.18 views

Brave Software: Local files reading from the "file://" origin through `brave://`

Summary: Sadly, fix for 390013 works only for web. Loading brave:// from the file:// origin allows reading local files on the device. I said that fix could be insufficient 😈 file:// and brave:// both are local origins. That means it's possible to access brave:// from file:// and vice versa...

6.8AI score
Exploits0
CNVD
CNVD
added 2018/07/31 12:0 a.m.1 views

ChamaNet MemoCGI Directory Traversal Vulnerability

ChamaNet MemoCGI is a notepad application. A directory traversal vulnerability exists in ChamaNet MemoCGI versions 2.1800 through 2.2200. A remote attacker can exploit this vulnerability to read arbitrary files...

7.5CVSS7.6AI score0.0218EPSS
Exploits0References1
CNVD
CNVD
added 2018/07/23 12:0 a.m.2 views

AppCMS backend template management system has arbitrary file reading vulnerability

APPCMS is a professional APP content management system that provides a variety of extension modules, such as information, recommended positions, topics, friendly links, body internal links and so on, to help webmasters better personalize their own websites. There is an arbitrary file reading...

6.8AI score
Exploits0
Rows per page
Query Builder