Missing Authorization

Overview github.com/filebrowser/filebrowser/v2/http is a web file browser. Affected versions of this package are vulnerable to Missing Authorization in the resourceGetHandler process. An attacker can access the full content of text files within their authorized scope by sending requests to the...

Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query

Summary The contents of arbitrary files can be returned to the browser. Impact Only apps explicitly exposing the Vite dev server to the network using --host or server.host config option are affected. Details - base64 encoded content of non-allowed files is exposed using ?inline&import originally...

GHSA-4R4M-QW57-CHR8 Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query

Summary The contents of arbitrary files can be returned to the browser. Impact Only apps explicitly exposing the Vite dev server to the network using --host or server.host config option are affected. Details - base64 encoded content of non-allowed files is exposed using ?inline&import originally...

CVE-2023-0923 Odh-notebook-controller-container: missing authorization allows for file contents disclosure

A flaw was found in the Kubernetes service for notebooks in RHODS, where it does not prevent pods from other namespaces and applications from making requests to the Jupyter API. This flaw can lead to file content exposure and other issues...

PT-2023-8613 · Xwiki · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions prior to 13.10.11 XWiki Platform versions prior to 14.10.1 XWiki Platform versions prior to 14.4.8 XWiki Platform versions prior to 15.0-rc-1 Description: The office document viewer macro in XWiki Platform allows anyon...

CVE-2023-0923

A flaw was found in the Kubernetes service for notebooks in RHODS, where it does not prevent pods from other namespaces and applications from making requests to the Jupyter API. This flaw can lead to file content exposure and other issues...

UBUNTU-CVE-2017-16790

An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. When a form is submitted by the user, the request handler classes of the Form component merge POST data and uploaded files data into one array. This big array forms the data that are then bound to...

py-amf -- input sanitization errors

oCERT reports: A specially crafted AMF payload, containing malicious references to XML external entities, can be used to trigger Denial of Service DoS conditions or arbitrarily return the contents of files that are accessible with the running application privileges...

Локальные дырки в Cisco Content Services

Пользователи могут вызвать DoS, кроме того возможен просмотре содержимого файлов...

NSFOCUS Security Advisory 2000.2

ISBASE Security AdvisorySA2000-02 Topic: IIS ISM.DLL truncation exposes file content Release Date: July 17, 2000 Affected software version: =========================== Microsoft Internet Information Server 4.0 Microsoft Internet Information Server 5.0 Platform: ========== Windows NT 4.0 and Windo...

ISBASE Security Advisory(SA2000-02)

ISBASE Security AdvisorySA2000-02 Topic: IIS ISM.DLL truncation exposes file content Release Date: July 17, 2000 Affected software version: =========================== Microsoft Internet Information Server 4.0 Microsoft Internet Information Server 5.0 Platform: ========== Windows NT 4.0 and Windo...