Lucene search
+L

252 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 4:22 p.m.8 views

CVE-2020-14976

GNS3 ubridge through 0.9.18 on macOS, as used in GNS3 server before 2.1.17, allows a local attacker to read arbitrary files because it handles configuration-file errors by printing the configuration file while executing in a setuid root context...

5.5CVSS6.7AI score0.00483EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 11:21 a.m.10 views

CVE-2013-1223

The log viewer in Cisco Unified Customer Voice Portal CVP Software before 9.0.1 ES 11 does not properly validate an unspecified parameter, which allows remote attackers to read arbitrary files via a crafted 1 HTTP or 2 HTTPS request, aka Bug ID CSCub38372...

7.8CVSS7AI score0.01482EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:43 a.m.6 views

CVE-2012-2597

Multiple directory traversal vulnerabilities in Siemens WinCC 7.0 SP3 before Update 2 allow remote authenticated users to read arbitrary files via a crafted parameter in a URL...

4CVSS6.7AI score0.02328EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:7 a.m.10 views

CVE-2013-5979

Directory traversal vulnerability in Spring Signage Xibo 1.2.x before 1.2.3 and 1.4.x before 1.4.2 allows remote attackers to read arbitrary files via a .. dot dot in the p parameter to index.php...

5CVSS7AI score0.18267EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 1:48 a.m.11 views

CVE-2013-3617

The XML API in Openbravo ERP 2.5, 3.0, and earlier allows remote authenticated users to read arbitrary files via an XML document with an external entity declaration in conjunction with an entity reference to /ws/dal/ADUser or other /ws/dal/XXX interfaces, related to an XML External Entity XXE iss...

3.5CVSS6.6AI score0.21074EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2025/05/22 1:38 a.m.10 views

CVE-2013-3406

The "Files Available for Download" implementation in the Cisco Intelligent Automation for Cloud component in Cisco Services Portal 9.41 allows remote authenticated users to read arbitrary files via a crafted request, aka Bug ID CSCug65687...

6.8CVSS6.6AI score0.01128EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 1:21 a.m.9 views

CVE-2010-4769

Directory traversal vulnerability in the Jimtawl comjimtawl component 1.0.2 Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. dot dot in the task parameter to index.php...

7.5CVSS7.5AI score0.07593EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 1:18 a.m.13 views

CVE-2010-4731

Absolute path traversal vulnerability in cgi-bin/read.cgi in WebSCADA WS100 and WS200, Easy Connect EC150, Modbus RTU - TCP Gateway MB100, and Serial Ethernet Server SS100 on the IntelliCom NetBiter NB100 and NB200 platforms allows remote authenticated administrators to read arbitrary files via a...

10CVSS6.2AI score0.03361EPSS
Exploits2References1
CVE
CVE
added 2025/05/22 12:0 a.m.56 views

CVE-2024-54188

Infoblox NETMRI is affected prior to version 7.6.1. The issue allows remote authenticated users to read arbitrary files with root access due to a vulnerability in NETMRI. A fix is available: upgrade to NETMRI 7.6.1 or later. If upgrading is not immediately possible, apply the vendor’s recommended...

5.3CVSS6.3AI score0.06624EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/21 9:31 p.m.8 views

CVE-2006-7001

Directory traversal vulnerability in avatar.php in PhpMyChat Plus 1.9 and earlier allows remote attackers to read arbitrary files via a .. dot dot in the L parameter, a different issue than CVE-2006-5897. NOTE: the provenance of this information is unknown; the details are obtained solely from...

7.1CVSS6.7AI score0.01681EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/21 8:47 p.m.10 views

CVE-2005-4758

Unspecified vulnerability in the Administration server in BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier allows remote authenticated Admin users to read arbitrary files via unknown attack vectors related to an "internal servlet" accessed through HTTP...

4CVSS6.6AI score0.01557EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 8:24 p.m.7 views

CVE-2002-1818

ezhttpbench.php in eZ httpbench 1.1 allows remote attackers to read arbitrary files via a full pathname in the AnalyseSite parameter...

5CVSS7AI score0.06793EPSS
Exploits1References1
CVE
CVE
added 2025/04/30 2:55 p.m.63 views

CVE-2025-27409

CVE-2025-27409 affects Joplin Server prior to version 3.3.3, where path traversal is possible when static files are requested under css/pluginAssets or js/pluginAssets. The default route’s findLocalFile calls localFileFromUrl and, if it returns a path, the result is sent without validating path t...

7.5CVSS7.5AI score0.00545EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2025/04/23 2:49 a.m.29 views

CVE-2025-1021

Missing authorization vulnerability in synocopy in Synology DiskStation Manager DSM before 7.1.1-42962-8, 7.2.1-69057-7 and 7.2.2-72806-3 allows remote attackers to read arbitrary files via unspecified vectors...

7.5CVSS0.00481EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/09 11:24 p.m.26 views

CVE-2025-3424

The IntelliSpace portal application utilizes .NET Remoting for its functionality. The vulnerability arises from the exploitation of port 755 through the "Object Marshalling" technique, which allows an attacker to read internal files without any authentication. This is possible by crafting specifi...

7.7CVSS6.6AI score0.00234EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2025/03/31 1:43 p.m.404 views

Exploit for CVE-2025-30208

ViteVulScan Vulnerabilities Overview This project involves...

5.3CVSS6.6AI score0.74998EPSS
Exploits35
GithubExploit
GithubExploit
added 2025/03/26 3:42 p.m.339 views

Exploit for CVE-2025-30208

CVE-2025-30208-EXP A vulnerability in Vite’s server’s arbitr...

5.3CVSS6.9AI score0.74998EPSS
Exploits28
Vulnrichment
Vulnrichment
added 2025/03/25 4:50 a.m.7 views

CVE-2024-45480 Unauthorized local file reading in B&R APROL

An improper control of generation of code 'Code Injection' vulnerability in the AprolCreateReport component of B&R APROL 4.4-00P5 may allow an unauthenticated network-based attacker to read files from the local system...

9.2CVSS7.2AI score0.00375EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2025/03/21 3:32 p.m.157 views

Exploit for CVE-2025-30208

Blog Recommendations https://w8ay.fun/toc Recently, a po...

5.3CVSS6.9AI score0.74998EPSS
Exploits28
CVE
CVE
added 2025/03/20 10:9 a.m.85 views

CVE-2024-8438

Summary: CVE-2024-8438 describes a path traversal in modelscope/agentscope v0.0.4 where the /api/file endpoint does not sanitize the path parameter, enabling reading arbitrary server files. The underlying impact is information disclosure with a high severity (CVSS3/7.5) but no exploitation detail...

7.5CVSS7.5AI score0.00713EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder