252 matches found
CVE-2020-14976
GNS3 ubridge through 0.9.18 on macOS, as used in GNS3 server before 2.1.17, allows a local attacker to read arbitrary files because it handles configuration-file errors by printing the configuration file while executing in a setuid root context...
CVE-2013-1223
The log viewer in Cisco Unified Customer Voice Portal CVP Software before 9.0.1 ES 11 does not properly validate an unspecified parameter, which allows remote attackers to read arbitrary files via a crafted 1 HTTP or 2 HTTPS request, aka Bug ID CSCub38372...
CVE-2012-2597
Multiple directory traversal vulnerabilities in Siemens WinCC 7.0 SP3 before Update 2 allow remote authenticated users to read arbitrary files via a crafted parameter in a URL...
CVE-2013-5979
Directory traversal vulnerability in Spring Signage Xibo 1.2.x before 1.2.3 and 1.4.x before 1.4.2 allows remote attackers to read arbitrary files via a .. dot dot in the p parameter to index.php...
CVE-2013-3617
The XML API in Openbravo ERP 2.5, 3.0, and earlier allows remote authenticated users to read arbitrary files via an XML document with an external entity declaration in conjunction with an entity reference to /ws/dal/ADUser or other /ws/dal/XXX interfaces, related to an XML External Entity XXE iss...
CVE-2013-3406
The "Files Available for Download" implementation in the Cisco Intelligent Automation for Cloud component in Cisco Services Portal 9.41 allows remote authenticated users to read arbitrary files via a crafted request, aka Bug ID CSCug65687...
CVE-2010-4769
Directory traversal vulnerability in the Jimtawl comjimtawl component 1.0.2 Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. dot dot in the task parameter to index.php...
CVE-2010-4731
Absolute path traversal vulnerability in cgi-bin/read.cgi in WebSCADA WS100 and WS200, Easy Connect EC150, Modbus RTU - TCP Gateway MB100, and Serial Ethernet Server SS100 on the IntelliCom NetBiter NB100 and NB200 platforms allows remote authenticated administrators to read arbitrary files via a...
CVE-2024-54188
Infoblox NETMRI is affected prior to version 7.6.1. The issue allows remote authenticated users to read arbitrary files with root access due to a vulnerability in NETMRI. A fix is available: upgrade to NETMRI 7.6.1 or later. If upgrading is not immediately possible, apply the vendor’s recommended...
CVE-2006-7001
Directory traversal vulnerability in avatar.php in PhpMyChat Plus 1.9 and earlier allows remote attackers to read arbitrary files via a .. dot dot in the L parameter, a different issue than CVE-2006-5897. NOTE: the provenance of this information is unknown; the details are obtained solely from...
CVE-2005-4758
Unspecified vulnerability in the Administration server in BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier allows remote authenticated Admin users to read arbitrary files via unknown attack vectors related to an "internal servlet" accessed through HTTP...
CVE-2002-1818
ezhttpbench.php in eZ httpbench 1.1 allows remote attackers to read arbitrary files via a full pathname in the AnalyseSite parameter...
CVE-2025-27409
CVE-2025-27409 affects Joplin Server prior to version 3.3.3, where path traversal is possible when static files are requested under css/pluginAssets or js/pluginAssets. The default route’s findLocalFile calls localFileFromUrl and, if it returns a path, the result is sent without validating path t...
CVE-2025-1021
Missing authorization vulnerability in synocopy in Synology DiskStation Manager DSM before 7.1.1-42962-8, 7.2.1-69057-7 and 7.2.2-72806-3 allows remote attackers to read arbitrary files via unspecified vectors...
CVE-2025-3424
The IntelliSpace portal application utilizes .NET Remoting for its functionality. The vulnerability arises from the exploitation of port 755 through the "Object Marshalling" technique, which allows an attacker to read internal files without any authentication. This is possible by crafting specifi...
Exploit for CVE-2025-30208
ViteVulScan Vulnerabilities Overview This project involves...
Exploit for CVE-2025-30208
CVE-2025-30208-EXP A vulnerability in Vite’s server’s arbitr...
CVE-2024-45480 Unauthorized local file reading in B&R APROL
An improper control of generation of code 'Code Injection' vulnerability in the AprolCreateReport component of B&R APROL 4.4-00P5 may allow an unauthenticated network-based attacker to read files from the local system...
Exploit for CVE-2025-30208
Blog Recommendations https://w8ay.fun/toc Recently, a po...
CVE-2024-8438
Summary: CVE-2024-8438 describes a path traversal in modelscope/agentscope v0.0.4 where the /api/file endpoint does not sanitize the path parameter, enabling reading arbitrary server files. The underlying impact is information disclosure with a high severity (CVSS3/7.5) but no exploitation detail...