Multiple vulnerabilities in jeecms JSPGOU

jspgou is based on java technology development of e-commerce management software. jeecms JSPGOU has stored cross-site scripting, CSRF and arbitrary file reading vulnerabilities. Due to the front-end input filtering is not strict, the background operation does not verify the source , allowing...

CVE-2016-10187

The E-book viewer in calibre before 2.75 allows remote attackers to read arbitrary files via a crafted epub file with JavaScript...

CVE-2017-5583

The CVE-2017-5583 vulnerability affects Palo Alto Networks PAN-OS prior to 6.1.16, 7.0.x prior to 7.0.13, and 7.1.x prior to 7.1.8. It is a post-authentication information-disclosure flaw in the Management Web Interface that allows remote authenticated users to read arbitrary files via unspecifie...

Design/Logic Flaw

Special element injection vulnerability in Intel Security VirusScan Enterprise Linux VSEL 2.0.3 and earlier allows authenticated remote attackers to read files on the webserver via a crafted user input...

CVE-2016-8017

CVE-2016-8017 is a concrete vulnerability in McAfee VirusScan Enterprise for Linux (VSEL) up to version 2.0.3 where the web interface handles special elements (tplt) in user input, enabling an authenticated remote attacker to read files on the webserver. The underlying issue is a Special Element ...

Multiple IP-Cameras (P2P) WIFICAM Cameras Multiple Vulnerabilities

Multiple IP-Camera devices are prone to multiple vulnerabilities. This vulnerability was known to be exploited by the IoT Botnet SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

The vulnerability of Google Chrome allows a hacker to install a malicious extension.

The vulnerability of Google Chrome’s DevTools URLs component is related to the lack of protection for service data. Exploiting this vulnerability allows a malicious actor to install a malicious extension and gain access to file readings through a specially crafted HTML page...

SUSE-SU-2017:0586-1 Security update for ImageMagick

This update for ImageMagick fixes the following issues: - CVE-2016-10046: Prevent buffer overflow in draw.c caused by an incorrect length calculation bsc1017308 - CVE-2016-10048: Arbitrary module could have been load because relative path were not escaped bsc1017310 - CVE-2016-10049: Corrupt RLE...

SUSE-SU-2017:0518-1 Security update for GraphicsMagick

This update for GraphicsMagick fixes several issues. These security issues were fixed: - CVE-2016-10048: Arbitrary module could have been load because relative path were not escaped bsc1017310. - CVE-2016-10049: Corrupt RLE files could have overflowed a buffer due to a incorrect length calculatio...

tika: XML External Entity vulnerability

It was found that the parsing of OOXML, XMP in PDF, and some other file formats by Apache Tika would expand entity references. A remote, unauthenticated attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XX...

Advantech WebAccess < 7.2-2013.11.14 Multiple Vulnerabilities

Binary data 9957.prm...

CVE-2016-9364

An issue was discovered in Fidelix FX-20 series controllers, versions prior to 11.50.19. Arbitrary file reading via path traversal allows an attacker to access arbitrary files and directories on the server...

CVE-2016-9364

An issue was discovered in Fidelix FX-20 series controllers, versions prior to 11.50.19. Arbitrary file reading via path traversal allows an attacker to access arbitrary files and directories on the server...

Path traversal

An issue was discovered in Fidelix FX-20 series controllers, versions prior to 11.50.19. Arbitrary file reading via path traversal allows an attacker to access arbitrary files and directories on the server...

CVE-2016-9364

CVE-2016-9364 affects Fidelix FX-20 series controllers (versions prior to 11.50.19). The vulnerability is a path traversal weakness that allows an attacker to perform arbitrary file reading, accessing files and directories on the server. Exploitation is described as remote in the ICS-CERT advisor...

CVE-2016-9364

An issue was discovered in Fidelix FX-20 series controllers, versions prior to 11.50.19. Arbitrary file reading via path traversal allows an attacker to access arbitrary files and directories on the server...

Authentication flaw

bsnmpd, as used in FreeBSD 9.3, 10.1, and 10.2, uses world-readable permissions on the snmpd.config file, which allows local users to obtain the secret key for USM authentication by reading the file...

CVE-2016-10184

An issue was discovered on the D-Link DWR-932B router. qmiweb allows file reading with ..%2f traversal...

CVE-2016-10184

An issue was discovered on the D-Link DWR-932B router. qmiweb allows file reading with ..%2f traversal...

Cross site scripting

An issue was discovered on the D-Link DWR-932B router. qmiweb allows file reading with ..%2f traversal...