9 matches found
CVE-2026-34401
XML Notepad is affected by an XXE flaw in which DTD processing was not disabled by default prior to version 2.9.0.21, allowing external entities to be resolved. The issue could cause the application to make outbound HTTP/SMB requests and potentially leak local file contents or NTLM credentials. T...
GHSA-2CPP-J2FC-QHP7 AWS API MCP File Access Restriction Bypass
Description The AWS API MCP Server is an open source Model Context Protocol MCP server that enables AI assistants to interact with AWS services and resources through AWS CLI commands. It provides programmatic access to manage your AWS infrastructure while maintaining proper security controls. Thi...
Advantech R-SeeNet 安全漏洞
Advantech R-SeeNet is an industrial monitoring software from Advantech, China. The software is based on the snmp protocol for monitoring platforms and is available for Linux and Windows platforms. A security vulnerability exists in Advantech R-SeeNet version 2.4.22, which allows a low-level user ...
CVE-2019-12154
XXE in the XML parser library in RealObjects PDFreactor before 10.1.10722 allows attackers to supply malicious XML content in externally referenced resources, leading to disclosure of local file contents and/or denial of service conditions...
UBUNTU-CVE-2018-19968
An attacker can exploit phpMyAdmin before 4.8.4 to leak the contents of a local file because of an error in the transformation feature. The attacker must have access to the phpMyAdmin Configuration Storage tables, although these can easily be created in any database to which the attacker has...
The vulnerabilities of browsers Internet Explorer and Microsoft Edge allow attackers to access the content of local files.
The vulnerability of browsers Internet Explorer and Microsoft Edge is related to the lack of protection for service data. Exploiting this vulnerability allows a malicious actor to access the content of local files remotely...
Mozilla: Reading of local files through manipulation of form autocomplete (MFSA 2015-24)
An information leak flaw was found in the way Firefox implemented autocomplete forms. An attacker able to trick a user into specifying a local file in the form could use this flaw to access the contents of that file...
Safari < 6.0.1 Multiple Vulnerabilities
Binary data 6582.prm...
SugarCRM Community Edition 4.5.1/5.0.0 - File Disclosure
Name SugarCRM – Local File Disclosure SugarCRM http://www.sugarcrm.com/docs/ReleaseNotes/OpenSourceReleaseNotes4.5.1j/ Advisories SugarReleaseNotes4.5.1j.2.6.html Bug 20522 http://dl.sugarforge.org/sugarcrm/SugarCE5.0Latest/SugarCE5.0.0/ SugarCommunityEditionReleaseNotes5.0c.pdf Bug 20342 Date...