CVE-2023-47140

IBM CICS Transaction Gateway 9.3 (Containers) is affected by CVE-2023-47140 due to improper access controls that could allow a user to transfer or view files. The IBM Security Bulletin (CA480D0E529A...) states affected product: CICS Transaction Gateway Containers 9.3, with remediation guidance po...

VulnCheck KEV: CVE-2023-38831

RARLAB WinRAR contains an unspecified vulnerability that allows an attacker to execute code when a user attempts to view a benign file within a ZIP archive...

CVE-2023-35786

Zoho ManageEngine ADManager Plus before 7183 allows admin users to exploit an XXE issue to view files...

CVE-2023-35786

CVE-2023-35786 affects Zoho ManageEngine ADManager Plus; before build 7183, authenticated administrators can trigger an XML External Entity (XXE) injection to view server files. The issue is constrained to versions prior to 7183, with the vulnerability arising from XXE in the application’s handli...

CVE-2023-29159

Directory traversal vulnerability in Starlette versions 0.13.5 and later and prior to 0.27.0 allows a remote unauthenticated attacker to view files in a web service which was built using Starlette...

Autolab path traversal vulnerability

Autolab is a course management service. Autolab supports automatic grading of programming assignments. a path traversal vulnerability exists in Autolab. An attacker could exploit this vulnerability to view the contents of a file...

CVE-2017-15684

Crafter CMS Crafter Studio 3.0.1 has a directory traversal vulnerability which allows unauthenticated attackers to view files from the operating system...

CVE-2020-14946

downloadFile.ashx in the Administrator section of the Surveillance module in Global RADAR BSA Radar 1.6.7234.24750 and earlier allows users to download transaction files. When downloading the files, a user is able to view local files on the web server by manipulating the FileName and FilePath...

WordPress Loco Translate 2.2.1 Local File Inclusion

Exploit Title: Wordpress Loco Translate Version 2.2.1 Plugin LFI Google Dork: N/A Date: 03 / 26 / 2019 Exploit Author: Ali S. Ahmad S4R1N Vendor Homepage: https://localise.biz/ Software Link: https://wordpress.org/plugins/loco-translate/ Version: Version 2.2.1 Tested on: Debian GNU/Linux 9 Docker...

WordPress Plugin Loco Translate 2.2.1 - Local File Inclusion

WordPress Plugin Loco Translate 2.2.1 - Local File Inclusion Exploit Title: Wordpress Loco Translate Version 2.2.1 Plugin LFI Google Dork: N/A Date: 03 / 26 / 2019 Exploit Author: Ali S. Ahmad S4R1N Vendor Homepage: https://localise.biz/ Software Link: https://wordpress.org/plugins/loco-translate...

Loco Translate < 2.2.2 - Authenticated LFI

WordPress plugin Loco Translate version appears to have an Authenticated LFI Vulnerability under the 'Edit Template' Functionality. The following vulnerability can be exploited by any user with access to the plugin access can range from Admin to Subscriber WPScanTeam Note: Was not able to reprodu...

Loco Translate < 2.2.2 - Authenticated LFI

WordPress plugin Loco Translate version appears to have an Authenticated LFI Vulnerability under the 'Edit Template' Functionality. The following vulnerability can be exploited by any user with access to the plugin access can range from Admin to Subscriber WPScanTeam Note: Was not able to reprodu...

CVE-2018-0573

baserCMS baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions allows remote attackers to bypass access restriction for a content to view a file which is uploaded by a site user via unspecified vectors...

CVE-2018-10522

In CMS Made Simple CMSMS through 2.2.7, the "file view" operation in the admin dashboard contains a sensitive information disclosure vulnerability, exploitable by ordinary users, because the product exposes unrestricted access to the PHP filegetcontents function...

CVE-2015-0269

Directory traversal vulnerability in Contao before 3.2.19, and 3.4.x before 3.4.4 allows remote authenticated "back end" users to view files outside their file mounts or the document root via unspecified vectors...

DEBIAN-CVE-2017-5595

A file disclosure and inclusion vulnerability exists in web/views/file.php in ZoneMinder 1.x through v1.30.0 because of unfiltered user-input being passed to readfile, which allows an authenticated attacker to read local system files e.g., /etc/passwd in the context of the web server user www-dat...

DSA-3715-1 moin - security update

Bulletin has no description...

CVE-2015-7676

Ipswitch MOVEit File Transfer formerly DMZ 8.1 and earlier, when configured to support file view on download, allows remote authenticated users to conduct cross-site scripting XSS attacks by uploading HTML files...

VoipSwitch - user.php Local File Inclusion

VoipSwitch - user.php Local File Inclusion source: https://www.securityfocus.com/bid/69109/info VoipSwitch is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker can exploit this vulnerability to view files and execute local scrip...

etomite 1.1 - Multiple Vulnerabilities

No description provided by source. Vulnerability ID: HTB22710 Reference: http://www.htbridge.ch/advisory/sqlinjectioninetomite.html Product: Etomite Vendor: http://www.etomite.org/ http://www.etomite.org/ Vulnerable Version: 1.1 Vendor Notification: 18 November 2010 Vulnerability Type: SQL...