Lucene search
K

666 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 6:19 a.m.5 views

CVE-2024-48647

A file disclosure vulnerability exists in Sage 1000 v7.0.0. This vulnerability allows remote attackers to retrieve arbitrary files from the server's file system by manipulating the URL parameter in HTTP requests. The attacker can exploit this flaw to access sensitive information, including...

7.2CVSS6.9AI score0.00757EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:13 a.m.15 views

CVE-2023-41314

The api /api/snapshot and /api/getlogfile would allow unauthenticated access. It could allow a DoS attack or get arbitrary files from FE node. Please upgrade to 2.0.3 to fix these issues...

8.2CVSS7.1AI score0.00898EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 1:45 a.m.11 views

CVE-2023-20261

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to retrieve arbitrary files from an affected system. This vulnerability is due to improper validation of parameters that are sent to the web UI. An attacker could exploit this vulnerabilit...

6.5CVSS6.8AI score0.00529EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:10 a.m.7 views

CVE-2022-44008

An issue was discovered in BACKCLICK Professional 5.9.63. Due to improper validation, arbitrary local files can be retrieved by accessing the back-end Tomcat server directly...

6.5CVSS6.8AI score0.0082EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:0 a.m.5 views

CVE-2022-24659

Goldshell ASIC Miners v2.2.1 and below was discovered to contain a path traversal vulnerability which allows unauthenticated attackers to retrieve arbitrary files from the device...

7.5CVSS7.6AI score0.01278EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:40 p.m.9 views

CVE-2022-28213

When a user access SOAP Web services in SAP BusinessObjects Business Intelligence Platform - version 420, 430, it does not sufficiently validate the XML document accepted from an untrusted source, which might result in arbitrary files retrieval from the server and in successful exploits of DoS...

8.1CVSS7AI score0.12476EPSS
Exploits4References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:49 p.m.11 views

CVE-2022-27485

A improper neutralization of special elements used in an sql command 'sql injection' vulnerability CWE-89 in Fortinet FortiSandbox version 4.2.0, 4.0.0 through 4.0.2, 3.2.0 through 3.2.3, 3.1.x and 3.0.x allows a remote and authenticated attacker with read permission to retrieve arbitrary files...

6.5CVSS6.8AI score0.00628EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:51 p.m.6 views

CVE-2021-42773

Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, could allow a user to retrieve an arbitrary file from a remote host with the GetDumpFile command. In non-secure mode, the user is unauthenticated...

7.5CVSS7.1AI score0.00964EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 11:16 a.m.10 views

CVE-2013-2738

minidlna has SQL Injection that may allow retrieval of arbitrary files...

9.8CVSS8.1AI score0.02177EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:47 a.m.11 views

CVE-2017-15683

In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band...

8.6CVSS6.8AI score0.01531EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 10:16 p.m.7 views

CVE-2002-1859

Orion Application Server 1.5.3, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot "WEB-INF."...

5CVSS7AI score0.02519EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 8:25 p.m.11 views

CVE-2002-1861

Sybase Enterprise Application Server 4.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot "WEB-INF."...

5CVSS7AI score0.02119EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 8:25 p.m.6 views

CVE-2002-1860

Pramati Server 3.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot "WEB-INF."...

5CVSS7AI score0.02119EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 8:25 p.m.9 views

CVE-2002-1858

Oracle Oracle9i Application Server 1.0.2.2 and 9.0.2 through 9.0.2.0.1, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot "WEB-INF."...

5CVSS6.7AI score0.04534EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 8:25 p.m.7 views

CVE-2002-1856

HP Application Server 8.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot "WEB-INF."...

5CVSS7AI score0.03709EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 8:25 p.m.7 views

CVE-2002-1855

Macromedia JRun 3.0 through 4.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot "WEB-INF."...

5CVSS7AI score0.02178EPSS
Exploits0References1
OSV
OSV
added 2025/05/07 7:13 p.m.7 views

RLSA-2024:6192 Moderate: wget security update

The wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols. Security Fixes: wget: Misinterpretation of input may lead to improper behavior CVE-2024-38428 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and othe...

5.5CVSS9.4AI score0.00672EPSS
Exploits0References2
OSV
OSV
added 2025/05/07 7:11 p.m.6 views

RLSA-2024:5299 Moderate: wget security update

The wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols. Security Fixes: wget: Misinterpretation of input may lead to improper behavior CVE-2024-38428 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and othe...

5.5CVSS9.4AI score0.00672EPSS
Exploits0References2
Rockylinux
Rockylinux
added 2025/05/07 7:11 p.m.5 views

wget security update

An update is available for wget. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, a...

9.1CVSS9.2AI score0.00672EPSS
Exploits0
GithubExploit
GithubExploit
added 2025/03/29 10:19 p.m.653 views

Exploit for CVE-2023-46988

ONLYOFFICE Path Traversal Exploit CVE-2023-46988 📌 Overv...

6.7CVSS6.5AI score0.00498EPSS
Exploits2
Rows per page
Query Builder