CVE-2016-10184

CVE-2016-10184 affects the D-Link DWR-932B router. The qmiweb component enables arbitrary file reading via directory traversal ("..%2f"), allowing read access to files on the device. This aligns with the CVSS details: Confidentiality impact is PARTIAL, with no integrity or availability impact rep...

CVE-2016-10184

An issue was discovered on the D-Link DWR-932B router. qmiweb allows file reading with ..%2f traversal...

CVE-2016-9379

The CVE-2016-9379 issue affects the Xen pygrub boot loader emulator: when S-expression output is requested, string quotes and S-expressions in the bootloader config can cause information disclosure (read/delete host files) and potential privilege escalation. The vulnerability is caused by delimit...

CVE-2016-5220

CVE-2016-5220: PDFium in Chromium/Google Chrome allowed local file access via a crafted PDF, affecting Chrome/Chromium up to version 55.0.2883.75 (Mac/Win/Linux) and 55.0.2883.84 on Android. Affected component is PDFium; the underlying issue is a local file access path in PDF rendering. Remediati...

CVE-2016-7459

VMware vCenter Server 5.5 before U3e and 6.0 before U2a allows remote authenticated users to read arbitrary files via a 1 Log Browser, 2 Distributed Switch setup, or 3 Content Library XML document containing an external entity declaration in conjunction with an entity reference, related to an XML...

CVE-2016-7458

VMware vSphere Client 5.5 before U3e and 6.0 before U2a allows remote vCenter Server and ESXi instances to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...

CVE-2016-9177

Directory traversal vulnerability in Spark 2.5 allows remote attackers to read arbitrary files via a .. dot dot in the URI...

2345 browser 8. 1. 0. 13750 arbitrary local file reading

No description provided by source...

Ghostscript Remote File Disclosure Vulnerability

Ghostscript is a set of Adobe-based, PostScript and portable document format PDF page description language and compiled into the free software. A remote file disclosure vulnerability exists in Ghostscript due to an unchecked PermitFileReading array, which can be exploited to cause remote file...

CVE-2016-6038

Directory traversal vulnerability in Eclipse Help in IBM Tivoli Lightweight Infrastructure aka LWI, as used in AIX 5.3, 6.1, and 7.1, allows remote authenticated users to read arbitrary files via a crafted URL...

Directory traversal

Directory traversal vulnerability in IBM Security Privileged Identity Manager ISPIM Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to read arbitrary files via a .. dot dot in a URL...

CVE-2016-6408

Cisco Prime Home 5.2.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue, aka Bug ID CSCvb17814...

Adobe ColdFusion < 11 Update 10 - XML external entity injection

Discovered by: Dawid Golunski - http://legalhackers.com - dawid at legalhackers.com - APSB16-30 - Release date: 31.08.2016 I. VULNERABILITY Adobe ColdFusion = 11 XML External Entity XXE Injection II. BACKGROUND "Adobe ColdFusion 11 Enterprise Edition offers a single platform to rapidly build and...

Adobe ColdFusion 11 XML External Entity Injection

============================================= - Discovered by: Dawid Golunski - http://legalhackers.com - dawid at legalhackers.com - CVE-2016-4264 - APSB16-30 - Release date: 31.08.2016 - Severity: Critical ============================================= I. VULNERABILITY -------------------------...

KLA10852 Multiple vulnerabilities in Mozilla Firefox and Firefox ESR

Multiple serious vulnerabilities have been found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to cause denial of service, obtain sensitive information, execute arbitrary code, spoof user interface, bypass security restrictions, conduct cross-site scripting or read local...

The vulnerability of the libxml2 library allows a attacker to trigger a service failure or read arbitrary files.

The vulnerability of the xmlSAX2ResolveEntity and xmlSetExternalEntityLoader functions in the libxml2 library is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to cause service failures or read arbitrary files using a specially crafted XML...

OLX: Arbitrary File Reading

Hi! The script for video downloading doesn't properly filter the input filename, and it's possible to read arbitrary files from File System PoC http://makeyourad1.olx.in/converted/final/ready/madeit/download.php?file=download.php...

WordPress < 4.5.2 Multiple Vulnerabilities (ImageTragick)

Binary data 9387.prm...

CVE-2016-4815

Directory traversal vulnerability on BUFFALO WZR-600DHP3 devices with firmware 2.16 and earlier and WZR-S600DHP devices with firmware 2.16 and earlier allows remote attackers to read arbitrary files via unspecified vectors...

Design/Logic Flaw

NTT Data TERASOLUNA Server Framework for JavaWEB 2.0.0.1 through 2.0.6.1, as used in Fujitsu Interstage Business Application Server and other products, allows remote attackers to bypass a file-extension protection mechanism, and consequently read arbitrary files, via a crafted pathname...