CVE-2015-4988

Directory traversal vulnerability in the replay server in IBM Tealeaf Customer Experience before 8.7.1.8818, 8.8 before 8.8.0.9026, 9.0.0, 9.0.0A, 9.0.1 before 9.0.1.1083, 9.0.1A before 9.0.1.5073, 9.0.2 before 9.0.2.1095, and 9.0.2A before 9.0.2.5144 allows remote attackers to read arbitrary fil...

PT-2016-4911 · FFmpeg +1 · Ffmpeg +1

Name of the Vulnerable Software and Affected Versions: FFmpeg versions 2.x Description: The issue allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the subfile protocol in an HTTP Live Streaming HLS M3U8 file. This leads to an external HTTP request in which...

GlassFish 任意文件读取漏洞

java把"%c0%ae"解析为"\uC0AE"，最后转义为ASCCII字符"." 访问如下链接即可看到效果： http://localhost:4848/theme/META-INF/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd 参考链接： 《漏洞预警：应用服务器glassfish任意文件读取漏洞》 !/usr/bin/env python coding...

CVE-2015-7548

OpenStack Compute Nova before 2015.1.3 kilo and 12.0.x before 12.0.1 liberty, when using libvirt to spawn instances and usecowimages is set to false, allow remote authenticated users to read arbitrary files by overwriting an instance disk with a crafted image and requesting a snapshot...

Code injection

ownCloud Server before 7.0.12, 8.0.x before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2, when the "fileversions" application is enabled, does not properly check the return value of getOwner, which allows remote authenticated users to read the files with names starting with ".v" and belongi...

CVE-2016-1500

CVE-2016-1500 affects ownCloud Server releases prior to certain patch levels (7.0.12; 8.0.x < 8.0.10; 8.1.x < 8.1.5; 8.2.x

ownCloud: XXE at host vpn.owncloud.com

Improper XML parser configuration provide attacker to read arbitrary files and make HTTP requests from server side. Exploit example is listed below: POST /user/login HTTP/1.1 Host: 144.76.105.208 Accept: / Content-type: application/xml Accept-Language: en User-Agent: Mozilla/5.0 compatible; MSIE...

CVE-2015-6419

Cisco FireSIGHT Management Center (versions 4.10.3, 5.2.0, 5.3.0, 5.3.1, 5.4.0) contains an information-disclosure vulnerability in the GET request handling. An authenticated, remote attacker can trigger the flaw by sending crafted GET requests due to improper sanitation of user-supplied input, p...

CVE-2015-6127

Windows Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8, and Windows 8.1 allows remote attackers to read arbitrary files via a crafted .mcl file, aka "Windows Media Center Information Disclosure Vulnerability."...

SAP NetWeaver 7.4 XXE Injection

Application: SAP NetWeaver Versions Affected: SAP NetWeaver 7.4, probably others Vendor URL: http://SAP.com Bugs: XML External Entity Send: 16.04.2015 Reported: 16.04.2015 Vendor response: 16.04.2015 Date of Public Advisory: 11.08.2015 Reference: SAP Security Note 2168485 Author: Roman Bezhan...

Huawei CPE devices there is a remote arbitrary file reading vulnerability reference EXP-a vulnerability warning-the black bar safety net

The CPE is what CPE is a high-speed 4G signal is converted into tablets, smartphones, laptops and other mobile devices universal WiFi signal of the device, can simultaneously support multi-terminal access, the size of a book, in a 4G signal coverage place, plug in the power it can use, without...

CVE-2015-5650

Directory traversal vulnerability in AjaXplorer 2.0 allows remote attackers to read arbitrary files via unspecified vectors...

Amazon Linux: Security Advisory (ALAS-2012-135)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2015-5688

Geddy (Node.js framework) prior to version 13.0.8 contains a directory traversal vulnerability in lib/app/index.js that allows an attacker to read arbitrary files by supplying a URI PATH_INFO with a dot-dot-encoded slash (e.g., ..%2f). Exploitation targets the default URI and can read local files...

Xxe

Office Viewer in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...

Design/Logic Flaw

Schneider Electric InduSoft Web Studio before 7.1.3.5 Patch 5 and Wonderware InTouch Machine Edition through 7.1 SP3 Patch 4 use cleartext for project-window password storage, which allows local users to obtain sensitive information by reading a file...

CVE-2015-1009

Schneider Electric InduSoft Web Studio before 7.1.3.5 Patch 5 and Wonderware InTouch Machine Edition through 7.1 SP3 Patch 4 use cleartext for project-window password storage, which allows local users to obtain sensitive information by reading a file...

Oracle E-Business Suite – XXE injection vulnerability

Application: Oracle E-Business Suite Vendor: Oracle Versions Affected: Oracle E-Business Suite 12.1.3, probably others Bugs: XXE injection Reported: 17.07.2015 Vendor response: 24.07.2015 Date of Public Advisory: 19.01.2016 Reference: Oracle CPU Jan 2016 Author: Nikita Kelesis, Ivan Chalykin,...

PT-2015-4368

Name of the Vulnerable Software and Affected Versions Slider Revolution revslider plugin versions prior to 4.2 for WordPress Description The issue allows remote attackers to read arbitrary files by exploiting a directory traversal vulnerability in the Slider Revolution plugin. This is achieved by...

CVE-2015-1851

OpenStack Cinder before 2014.1.5 icehouse, 2014.2.x before 2014.2.4 juno, and 2015.1.x before 2015.1.1 kilo allows remote authenticated users to read arbitrary files via a crafted qcow2 signature in an image to the upload-to-image command...