The vulnerability of the PHP interpreter allows a hacker to gain access to read files.

The vulnerability of the PHP interpreter lies in the lack of checks for the sequence “%00” in the path name. Exploiting this vulnerability allows an attacker, operating remotely, to read arbitrary files using specially crafted input data for the application that calls the function...

CVE-2016-2175

It was found that the parsing of XMP and other XML formats in PDF by Apache PDFBox would expand entity references. A remote, unauthenticated attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks...

CVE-2016-3674

Multiple XML external entity XXE vulnerabilities in the 1 Dom4JDriver, 2 DomDriver, 3 JDomDriver, 4 JDom2Driver, 5 SjsxpDriver, 6 StandardStaxDriver, and 7 WstxDriver drivers in XStream before 1.4.9 allow remote attackers to read arbitrary files via a crafted XML document...

CVE-2015-3412

PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read arbitrary files via crafted input to an application that calls the streamresolveincludepath function in ext/standard/streamsfuncs.c, as...

CVE-2016-3717

The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image...

CVE-2016-3717

The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image...

ImageMagick < 7.0.1-1 / 6.x < 6.9.3-10 Multiple Vulnerabilities (ImageTragick)

The remote Windows host has a version of ImageMagick installed that is prior to 7.0.1-1 or 6.x prior to 6.9.3-10. It is, therefore, affected by the following vulnerabilities : - A remote code execution vulnerability, known as ImageTragick, exists due to a failure to properly filter shell characte...

CVE-2015-8842

tmpfiles.d/systemd.conf in systemd before 229 uses weak permissions for /var/log/journal/%m/system.journal, which allows local users to obtain sensitive information by reading the file...

Apple OSX Message cross-domain scripting attacks vulnerability details（CVE-2 0 1 6-1 7 6 4-the vulnerability warning-the black bar safety net

! Apple in 3 months to fix the CVE-2 0 1 6-1 7 6 4 out of CNNVD-2 0 1 6 0 3-3 4 7, is an application-layer vulnerabilities that can lead to a remote attacker by means of a iMessage client leaked all message content and attachments. Contrast to attack the iMessage Protocol, this is a relatively...

The vulnerability of the Debian GNU/Linux operating system, which allows a hacker to read arbitrary files

The vulnerability of the wiki.c function in DidiWiki’s kernel is related to deficiencies in pathname restrictions for the catalog. Exploiting this vulnerability could allow a malicious actor to read arbitrary files through the api/page/get parameter...

CVE-2016-2055

xymond/xymond.c in xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote attackers to read arbitrary files in the configuration directory via a "config" command...

CVE-2016-2055

xymond/xymond.c in xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote attackers to read arbitrary files in the configuration directory via a "config" command...

CVE-2016-2140

The libvirt driver in OpenStack Compute Nova before 2015.1.4 kilo and 12.0.x before 12.0.3 liberty, when using raw storage and usecowimages is set to false, allows remote authenticated users to read arbitrary files via a crafted qcow2 header in an ephemeral or root disk...

CVE-2016-2164

The 1 FileService.importFileByInternalUserId and 2 FileService.importFile SOAP API methods in Apache OpenMeetings before 3.1.1 improperly use the Java URL class without checking the specified protocol handler, which allows remote attackers to read arbitrary files by attempting to upload a file...

Directory traversal

Directory traversal vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers to read arbitrary files via a ..\ dot dot backslash in the fileName parameter to CrashFileDownloadServlet, aka SAP Security Note 2234971...

CVE-2016-3976

CVE-2016-3976 affects SAP NetWeaver AS Java versions 7.1–7.5. The vulnerability is a directory traversal in the AS Java Monitoring/CrashFileDownloadServlet component, exploitable remotely via a ..\ in the fileName parameter to read arbitrary files on the server. Public references point to SAP Sec...

CVE-2016-3976

Directory traversal vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers to read arbitrary files via a ..\ dot dot backslash in the fileName parameter to CrashFileDownloadServlet, aka SAP Security Note 2234971. Recent assessments: Assessed Attacker Value: 0 Assessed...

SOLIDserver 5.0.4 Local File Inclusion

Title: SOLIDserver =5.0.4 - Local File Inclusion Vunerability Author: Saeed reza Zamanian penetrationtest @ Linkedin Product: SOLIDserver Tested Version: : 5.0.4 and 4.0.2 Vendor: efficient IP http://www.efficientip.com Google Dork: SOLIDserver login Date: 17 Feb 2016...

CVE-2016-0752

Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing...

CVE-2015-8794

Absolute path traversal vulnerability in program/steps/addressbook/photo.inc in Roundcube before 1.0.6 and 1.1.x before 1.1.2 allows remote authenticated users to read arbitrary files via a full pathname in the alt parameter, related to contact photo handling...