CVE-2012-1986

Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise PE Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with an authorized SSL key and certain permissions on the puppet master to read arbitrary files via a symlink attack in conjunction...

CVE-2012-1986

Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise PE Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with an authorized SSL key and certain permissions on the puppet master to read arbitrary files via a symlink attack in conjunction...

CVE-2012-2926

Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; FishEye and Crucible before 2.5.8, 2.6 before 2.6.8, and 2.7 before 2.7.12; Bamboo before 3.3.4 and 3.4.x before 3.4.5; and Crowd before 2.0.9, 2.1 before 2.1.2, 2.2 before 2.2.9, 2.3 before 2.3.7, and...

Specially crafted webdav request allows reading of local files on liferay 6.0.x

Specially crafted webdav request allows reading of local files on liferay 6.0.x Description: Liferay Portal is an enterprise portal written in Java By creating a specially crafted webdav request that contains an external entity it is possible to read files from a liferay server. and echo these ba...

Liferay 6.0.x - WebDAV File Reading

Liferay 6.0.x - WebDAV File Reading Specially crafted webdav request allows reading of local files on liferay 6.0.x Description: Liferay Portal is an enterprise portal written in Java By creating a specially crafted webdav request that contains an external entity it is possible to read files from...

Liferay 6.0.x - WebDAV File Reading

Specially crafted webdav request allows reading of local files on liferay 6.0.x Description: Liferay Portal is an enterprise portal written in Java By creating a specially crafted webdav request that contains an external entity it is possible to read files from a liferay server. and echo these ba...

OneFileCMS 1.1.5 Local File Inclusion

Exploit Title: OneFileCMS v.1.1.5 Local File Inclusion Vulnerability Google Dork: -- Date: 16/03/2012 Author: mr.pr0n @pr0n Homepage: http://ghostinthelab.wordpress.com/ - http://s3cure.gr Software Link: https://github.com/rocktronica/OneFileCMS Version: OneFileCMS v.1.1.5 Tested on: Linux Fedora...

CVE-2011-4643

Multiple directory traversal vulnerabilities in Splunk 4.x before 4.2.5 allow remote authenticated users to read arbitrary files via a .. dot dot in a URI to 1 Splunk Web or 2 the Splunkd HTTP Server, aka SPL-45243...

SAE Sina cloud after the end of an arbitrary file read vulnerability and fix-vulnerability warning-the black bar safety net

Describe: Sina SAE uses an unsafe third-party components, may result in any read after end of file Detailed description: http://pma.tools.sinaapp.com/ Is a mysql management client, using phpmyadmin, according to a recent 80sec in the tick published on phpmyadmin arbitrary file reading vulnerabili...

CVE-2011-4404

The default configuration of the HTTP server in Jetty in vSphere Update Manager in VMware vCenter Update Manager 4.0 before Update 4 and 4.1 before Update 2 allows remote attackers to conduct directory traversal attacks and read arbitrary files via unspecified vectors, a related issue to...

CVE-2011-4107

The simplexmlloadstring function in the XML import plug-in libraries/import/xml.php in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity references, aka an XML external entity XXE injection...

PhpMyadmin arbitrary file reading vulnerability-vulnerability warning-the black bar safety net

PhpMyadmin to achieve the wrong using the simplexmlloadstring function for parsing xml, but this function is in default and did not deal with external entities of safety, causing the user can by means of xml files to read and access the application has permission to access system and network...

Code injection

The JavaServer Faces JSF application functionality in IBM WebSphere Application Server 8.x before 8.0.0.1 does not properly handle requests, which allows remote attackers to read unspecified files via unknown vectors...

Windows Gather Windows Host File Enumeration

This module returns a list of entries in the target system's hosts file. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Gather Windows Host File Enumeration', 'Description' = %q This...

CVE-2011-3579

server/webmail.php in IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service CPU and memory consumption, via an XML external entity declaration in conjunction with an...

WordPress Zingiri Web Shop Plugin Remote File Inclusion Vulnerability

WordPress Zingiri Web Shop Plugin is prone to a remote file inclusion vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

PT-2011-29: Arbitrary file reading and arbitrary code execution in Router Manager for D-Link DIR-300

Positive Research Center has discovered a vulnerability that allows one to obtain content of arbitrary files and execute arbitrary code. How to fix Update your software up to the latest version Update link Advisory status 09.09.2011 - Vendor is notified 09.09.2011 - Vendor gets vulnerability...

CVE-2011-2746

Unspecified vulnerability in Kernel/Modules/AdminPackageManager.pm in OTRS-Core in Open Ticket Request System OTRS 2.x before 2.4.11 and 3.x before 3.0.10 allows remote authenticated administrators to read arbitrary files via unknown vectors...

CVE-2011-2746

CVE-2011-2746 affects Open Ticket Request System (OTRS) – specifically OTRS-Core kernel module Kernel/Modules/AdminPackageManager.pm. Affected are OTRS 2.x prior to 2.4.11 and 3.x prior to 3.0.10. The vulnerability allows remote authenticated administrators to read arbitrary files via unknown vec...

Code injection

EMC Captiva eInput 2.1.1 before 2.1.1.37 does not restrict the origin of calls to ActiveX functions, which allows remote attackers to read arbitrary files or cause a denial of service via a crafted web site...