Apache Linkis vulnerable to Exposure of Sensitive Information

In Apache Linkis =1.3.0 when used with the MySQL Connector/J, an authenticated attacker could read arbitrary local file by connecting a rogue mysql server, By adding allowLoadLocalInfile to true in the jdbc parameter. Therefore, the parameters in the jdbc url should be blacklisted. Versions of...

GHSA-RX76-XW35-6RH8 Apache Linkis vulnerable to Exposure of Sensitive Information

In Apache Linkis =1.3.0 when used with the MySQL Connector/J, an authenticated attacker could read arbitrary local file by connecting a rogue mysql server, By adding allowLoadLocalInfile to true in the jdbc parameter. Therefore, the parameters in the jdbc url should be blacklisted. Versions of...

CVE-2022-44644

In Apache Linkis =1.3.0 when used with the MySQL Connector/J in the data source module, an authenticated attacker could read arbitrary local files by connecting a rogue MySQL server, By adding allowLoadLocalInfile to true in the JDBC parameter. Therefore, the parameters in the JDBC URL should be...

Code injection

In Apache Linkis =1.3.0 when used with the MySQL Connector/J in the data source module, an authenticated attacker could read arbitrary local files by connecting a rogue MySQL server, By adding allowLoadLocalInfile to true in the JDBC parameter. Therefore, the parameters in the JDBC URL should be...

CVE-2022-44644 Apache Linkis (incubating): The DatasourceManager module has a Local File Read Vulnerability

In Apache Linkis =1.3.0 when used with the MySQL Connector/J in the data source module, an authenticated attacker could read arbitrary local files by connecting a rogue MySQL server, By adding allowLoadLocalInfile to true in the JDBC parameter. Therefore, the parameters in the JDBC URL should be...

CVE-2022-44644 Apache Linkis (incubating): The DatasourceManager module has a Local File Read Vulnerability

In Apache Linkis =1.3.0 when used with the MySQL Connector/J in the data source module, an authenticated attacker could read arbitrary local files by connecting a rogue MySQL server, By adding allowLoadLocalInfile to true in the JDBC parameter. Therefore, the parameters in the JDBC URL should be...

Mozilla: Arbitrary file read from GTK drag and drop on Linux

The Mozilla Foundation Security Advisory describes this flaw as: Due to the Firefox GTK wrapper code's use of text/plain for drag data and GTK treating all text/plain MIMEs containing file URLs as being dragged a website could arbitrarily read a file via a call to DataTransfer.setData...

PT-2023-33052 · Unknown · Requesthandlercomponent

Name of the Vulnerable Software and Affected Versions: RequestHandlerComponent affected versions not specified Description: The issue allows well-crafted requests to create a denial of service attack. It is related to the use of Xml::build, which enables reading local files. Recommendations: For...

PT-2022-24575 · Zkteco · Zkteco Biotime

Name of the Vulnerable Software and Affected Versions: Zkteco BioTime versions prior to 8.5.3 Build:20200816.447 Description: The issue is related to Incorrect Access Control, allowing an authenticated administrator to exploit XSS in a pdf generator when exporting data as a PDF, potentially...

PYSEC-2022-264

mangadex-downloader is a command-line tool to download manga from MangaDex. When using file: command and is a web URL location http, https, mangadex-downloader between versions 1.3.0 and 1.7.2 will try to open and read a file in local disk for each line of website contents. Version 1.7.2 contains...

CVE-2022-34254

Adobe Commerce versions 2.4.3-p2 and earlier, 2.3.7-p3 and earlier and 2.4.4 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could be abused by an attacker to inject malicious scripts into the vulnerable endpoint. A lo...

DEBIAN-CVE-2020-21365

Directory traversal vulnerability in wkhtmltopdf through 0.12.5 allows remote attackers to read local files and disclose sensitive information via a crafted html file running with the default configurations...

Multiple vulnerabilities in untangle

Overview untangle provided by Christian Stefanescu is a Python library for processing XML documents. untangle contains multiple vulnerabilities listed below. Improper Restriction of Recursive Entity References in DTDs CWE-776 - CVE-2022-33977 Improper Restriction of XML External Entity Reference...

CVE-2022-31202

The export function in SoftGuard Web SGW before 5.1.5 allows directory traversal to read an arbitrary local file via export or man.tcl...

CVE-2022-31202

The export function in SoftGuard Web SGW before 5.1.5 allows directory traversal to read an arbitrary local file via export or man.tcl...

CVE-2020-4138

IBM SiteProtector Appliance 3.1.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 174049...

CVE-2020-4138

IBM SiteProtector Appliance 3.1.1 is affected by CVE-2020-4138, which allows web pages to be stored locally and read by another user on the same system. The issue is documented in NVD and IBM's security bulletin; affected product/version is IBM SiteProtector system 3.1.1. Remediation: apply the e...

Security Bulletin: IBM Security SiteProtector System is affected by multiple vulnerabilities

Summary IBM Security SiteProtector System has addressed the following vulnerabilities in a Core XPU. Vulnerability Details CVEID: CVE-2020-4150 DESCRIPTION: IBM SiteProtector Appliance contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound...

U.S. Dept Of Defense: Local File Read vulnerability on ██████████ [HtUS]

Kindly check screenshot ███████: In case if scope question. Because i picked this site from DOD website list under 'dod sites'. Lets move on to the bug now : Summary: Local File Include vulnerability on ███. Oracle Ebs Bispgrapgh is prone to a directory traversal vulnerability that can be exploit...

Access Restriction Bypass

Overview ruby-mysql is a MySQL connector. pure Ruby version Affected versions of this package are vulnerable to Access Restriction Bypass. A malicious MySQL server can request local file content from a client using without explicit authorization from the user. Remediation Upgrade ruby-mysql to...