Apache Solr XXE Vulnerability (SOLR-11971) - Linux

Apache Solr is prone to a XXE vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:solr"; if description...

CVE-2018-9851

In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\TplAction.class.php allows remote attackers to read any file via a modified pathname in an Admin-Tpl request, as demonstrated by use of '|' instead of '/' as a directory separator, in conjunction with a ".." sequence...

MGASA-2018-0188 Updated squirrelmail packages fix CVE-2018-8741

Updated squirrelmail packages fix security vulnerabilities: Filenames of attachment files are not sanitized, so attackers could read arbitrary files. CVE-2018-8741...

The vulnerability of the Zabbix universal monitoring system arises from incorrect restrictions on XML links to external objects, allowing a perpetrator to execute arbitrary code or read arbitrary files.

The vulnerability of the Zabbix universal monitoring system is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or read arbitrary files using a specially crafted XML request...

CVE-2018-1000124

I Librarian I-librarian version 4.8 and earlier contains a XML External Entity (XXE) vulnerability in importmetadata.php (line 154) via simplexml_load_string, enabling an attacker to read local files and perform SSRF. Exploitation is described as possible by posting XML in the form_import_textare...

Directory Traversal

node-srv is vulnerable to directory traversal attacks. The vulnerability exists due to the lack of sanitization when handling file paths, allowing the ../ payload to be interpreted and reading files out of the server's scope...

Selenium Server Unauthorized Access Vulnerability

Selenium is a tool for web application testing.Selenium tests run directly in the browser, just as a real user would do. Supported browsers include IE 7, 8, 9, 10, 11, Mozilla Firefox, Safari. Google Chrome, Opera, etc. An unauthorized access vulnerability exists in Selenium Server. A malicious...

Arbitrary File Read Vulnerability in Light CMS Version 1.7

Light CMS is an intelligent website building system built in PHP+MYSQL environment. Light CMS 1.7 version of the arbitrary file reading vulnerability, an attacker can exploit the vulnerability to read any file within the site to obtain sensitive information...

CVE-2017-5188

The bsworker code in open build service before 20170320 followed relative symlinks, allowing reading of files outside of the package source directory during build, allowing leakage of private information...

vulners.com: [vulners.com] nginx alias_traversal

Incorrect configuration of alias could allow an attacker to read file stored outside the target folder. https://github.com/yandex/gixy/blob/master/docs/en/plugins/aliastraversal.md Уязвимость только в конфигурации http, на https такого нет. Пример: http GET /static../monit/COPYING HTTP/1.1 Host:...

Semrush: XXE in Site Audit function exposing file and directory contents

Summary: The Project Site Audit function is vulnerable to XXE when parsing sitemap.xml files. Description: The Site Audit function spiders a given website and performs analysis on the discovered pages. In order to improve website spidering the URL of a sitemap.xml file can be provided. If provide...

CVE-2017-18038

Affected software: Atlassian Bitbucket Server (before 5.6.0). Vulnerability: repository settings resource allows path traversal via the default branch name, enabling remote attackers to read the first line of arbitrary files. Root cause: path traversal in the repository settings resource. Impact:...

Walt Disney Animation Studios PTEX Buffer Overflow Vulnerability

Walt Disney Animation Studios PTEX is a texture mapping system developed by Walt Disney Animation Studios. A buffer overflow vulnerability exists in Walt Disney Animation Studios PTEX version 2.2, which originates when the program fails to properly detect parameters when reading a file. An attack...

Out-of-bounds

An exploitable out of bounds write vulnerability exists in version 2.2 of the Per Face Texture mapping application known as PTEX. The vulnerability is present in the reading of a file without proper parameter checking. The value read in, is not verified to be valid and its use can lead to a buffe...

CVE-2018-3835

An exploitable out of bounds write vulnerability exists in version 2.2 of the Per Face Texture mapping application known as PTEX. The vulnerability is present in the reading of a file without proper parameter checking. The value read in, is not verified to be valid and its use can lead to a buffe...

QYKCMS template.php page has an arbitrary file reading vulnerability

QYKCMS is a lightweight intelligent website building system based on PHP+MySql developed by QYK. QYKCMS template.php page arbitrary file reading vulnerability. The vulnerability is caused by the system does not effectively filter parameters. Attackers can use the vulnerability to obtain sensitive...

Walt Disney Per-Face Texture Mapping faceInfoSize Code Execution Vulnerability

Summary An exploitable out of bounds write vulnerability exists in version 2.2 of the Per Face Texture mapping application known as PTEX. The vulnerability is present in the reading of a file without proper parameter checking. The value read in, is not verified to be valid and its use can lead to...

Domain Analyzer - Analyze The Security Of Any Domain By Finding All the Information Possible

Domain analyzer is a security analysis tool which automatically discovers and reports information about the given domain. Its main purpose is to analyze domains in an unattended way. How Domain analyzer takes a domain name and finds information about it, such as DNS servers, mail servers, IP...

Advantech WebAccess/SCADA Directory Traversal Vulnerability

Advantech WebAccess is a browser-based HMI software package for human machine interfaces, as well as monitoring and data acquisition SCADA. A directory traversal vulnerability exists in Advantech WebAccess/SCADA, which can be exploited by an attacker to read files in the directory structure of a...

DEBIAN-CVE-2018-5360

LibTIFF before 4.0.6 mishandles the reading of TIFF files, as demonstrated by a heap-based buffer over-read in the ReadTIFFImage function in coders/tiff.c in GraphicsMagick 1.3.27...