Lucene search
K

3348 matches found

NVD
NVD
added 2017/12/27 5:8 p.m.22 views

CVE-2017-7158

An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Screen Sharing Server" component. It allows attackers to obtain root privileges for reading files by leveraging screen-sharing access...

6.8CVSS5.9AI score0.01127EPSS
Exploits0References1
Zero Science Lab
Zero Science Lab
added 2017/12/27 12:0 a.m.112 views

Xerox DC260 EFI Fiery Controller Webtools 2.0 Arbitrary File Disclosure

Summary Drive production profitability with Fiery servers and workflow products. See which Fiery digital front end is right for your current or future print engines and business needs. Manage all your printers from a single screen using this intuitive print job management interface. Description...

5.9AI score
Exploits0
OSV
OSV
added 2017/11/20 8:29 p.m.8 views

CVE-2017-3157

By exploiting the way Apache OpenOffice before 4.1.4 renders embedded objects, an attacker could craft a document that allows reading in a file from the user's filesystem. Information could be retrieved by the attacker by, e.g., using hidden sections to store the information, tricking the user in...

5.5CVSS5.6AI score0.03122EPSS
Exploits0References6
CVE
CVE
added 2017/11/20 8:0 p.m.174 views

CVE-2017-3157

CVE-2017-3157 affects Apache OpenOffice versions older than 4.1.4. The flaw arises in Calc/Writer when rendering embedded objects, enabling an attacker to craft a document that discloses files from the user’s filesystem (e.g., via hidden sections) and trick the user into saving/shipping the docum...

5.5CVSS5.4AI score0.03122EPSS
Exploits0References6Affected Software1
Prion
Prion
added 2017/11/13 3:29 a.m.17 views

Code injection

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Dictionary Widget" component. It allows attackers to read local files if pasted text is used in a search...

2.1CVSS2.8AI score0.00303EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2017/11/10 9:29 a.m.14 views

CVE-2017-16762

Sanic before 0.5.1 allows reading arbitrary files with directory traversal, as demonstrated by the /static/..%2f substring...

7.5CVSS7.6AI score
Exploits0References2
Cvelist
Cvelist
added 2017/11/10 9:0 a.m.19 views

CVE-2017-16762

Sanic before 0.5.1 allows reading arbitrary files with directory traversal, as demonstrated by the /static/..%2f substring...

7.5AI score0.02426EPSS
Exploits1References2
CVE
CVE
added 2017/11/08 5:0 a.m.71 views

CVE-2017-16661

Cacti 1.1.27 is affected by CVE-2017-16661 (arbitrary filesystem access) via a vulnerability where a remote authenticated administrator can set a private Log Path and request clog.php?filename= to read files (example /etc/passwd). The issue is part of a set of CVEs (including CVE-2017-16641, CVE-...

4.9CVSS5.5AI score0.01474EPSS
Exploits1References1Affected Software1
Github Security Blog
Github Security Blog
added 2017/10/24 6:33 p.m.18 views

Mail Gem Path Traversal vulnerability

Directory traversal vulnerability in lib/mail/network/deliverymethods/filedelivery.rb in the Mail gem before 2.4.4 for Ruby allows remote attackers to read arbitrary files via a .. dot dot in the to parameter...

5CVSS6.3AI score0.04923EPSS
Exploits1References10Affected Software1
Github Security Blog
Github Security Blog
added 2017/10/24 6:33 p.m.42 views

Directory traversal vulnerability in Action View in Ruby on Rails

Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing...

7.5CVSS6.4AI score0.95537EPSS
Exploits11References21Affected Software2
Exploit DB
Exploit DB
added 2017/10/20 12:0 a.m.1082 views

Axis SSI - Remote Command Execution / Read Files

STX Subject: SSI Remote Execute and Read Files Researcher: bashis August 2016 Release date: October, 2017 Old stuff that I've forgotten, fixed Q3/2016 by Axis Attack Vector: Remote Authentication: Anonymous no credentials needed Conditions: The cam must be configure to allow anonymous view Execut...

7AI score
Exploits0
CNVD
CNVD
added 2017/10/13 12:0 a.m.2 views

File Containment Vulnerability in iWebShop Open Source Mall System

iWebShop is an open source WEB e-commerce B2B2C platform self-supporting + merchants stationed station-building system based on PHP language + MYSQL database development, using the MVC architecture Yii framework thinking design pattern carefully designed a product. iWebShop open source mall syste...

6.6AI score
Exploits0
Prion
Prion
added 2017/10/12 8:29 a.m.19 views

Xxe

XML external entity XXE vulnerability in Umbraco CMS before 7.7.3 allows attackers to obtain sensitive information by reading files on the server or sending TCP requests to intranet hosts aka SSRF, related to Umbraco.Web/umbraco.presentation/umbraco/dialogs/importDocumenttype.aspx.cs...

4.3CVSS5.2AI score0.0106EPSS
Exploits0References2Affected Software1
Kitploit
Kitploit
added 2017/10/03 9:11 p.m.28 views

XCat - Automate XPath Injection Attacks to Retrieve Documents

XCat is a command line program that aides in the exploitation of blind XPath injection vulnerabilities. It can be used to retrieve the whole XML document being processed by a vulnerable XPath query, read arbitrary files on the hosts filesystem and utilize out of bound HTTP requests to make the...

7.9AI score
Exploits0References1
OSV
OSV
added 2017/10/03 1:29 a.m.3 views

CVE-2017-14759

OpenText Document Sciences xPression formerly EMC Document Sciences xPression v4.5SP1 Patch 13 older versions might be affected as well is prone to an XML External Entity vulnerability: /xFramework/services/QuickDoc.QuickDocHttpSoap11Endpoint/. An unauthenticated user is able to read directory...

9.8CVSS5.8AI score0.01311EPSS
Exploits1References2
NVD
NVD
added 2017/09/28 1:29 a.m.24 views

CVE-2017-14526

Multiple XML external entity XXE vulnerabilities in the OpenText Documentum Administrator 7.2.0180.0055 allow remote authenticated users to list the contents of arbitrary directories, read arbitrary files, cause a denial of service, or, on Windows, obtain Documentum user hashes via a 1 crafted DT...

8.8CVSS8.5AI score0.01155EPSS
Exploits2References2
Exploit DB
Exploit DB
added 2017/09/25 12:0 a.m.53 views

FLIR Thermal Camera F/FC/PT/D - Information Disclosure

FLIR Systems FLIR Thermal Camera F/FC/PT/D Multiple Information Disclosures Vendor: FLIR Systems, Inc. Product web page: http://www.flir.com Affected version: Firmware version: 8.0.0.64 Software version: 10.0.2.43 Release: 1.4.1, 1.4, 1.3.4 GA, 1.3.3 GA and 1.3.2 FC-Series S FC-334-NTSC FC-Series...

7.4AI score
Exploits0
n0where
n0where
added 2017/08/30 4:21 a.m.27 views

Domain Analyzer

Domain analyzer is a security analysis tool which automatically discovers and reports information about the given domain. Its main purpose is to analyze domains in an unattended way. Domain analyzer takes a domain name and finds information about it, such as DNS servers, mail servers, IP addresse...

6.5AI score
Exploits0References1
NVD
NVD
added 2017/08/25 6:29 p.m.13 views

CVE-2015-4181

Directory traversal vulnerability in getfile.php in phpMyBackupPro 2.1 through 2.5 allows remote attackers to read arbitrary files via a .. dot dot in the view parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this...

7.5CVSS7.4AI score0.11574EPSS
Exploits0References1
NVD
NVD
added 2017/08/25 6:29 p.m.19 views

CVE-2015-4180

Directory traversal vulnerability in getfile.php in phpMyBackupPro 2.1 through 2.4 allows remote attackers to read arbitrary files via a .. dot dot in the view parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this...

7.5CVSS7.4AI score0.02921EPSS
Exploits0References1
Rows per page
Query Builder