Ruby ruby-mysql 安全漏洞

Ruby ruby-mysql is a pure Ruby version of the MySQL connector from the Ruby community.An access control error vulnerability exists in Ruby ruby-mysql Gem versions prior to 2.10.0, which stems from the fact that a malicious MySQL server can request local file content from a client without explicit...

PT-2022-15277 · Parse-Url · Url-Parse

Name of the Vulnerable Software and Affected Versions: parse-url versions prior to 7.0.0 Description: The issue is related to Server-Side Request Forgery SSRF in the parse-url repository. This allows for the exploitation of parse URL to read local files. Recommendations: For versions prior to...

CVE-2021-20551

IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 199149...

CVE-2021-20551

IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 199149...

CVE-2021-20551

CVE-2021-20551 affects IBM Jazz Team Server versions 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2, where web pages can be stored locally and read by another user on the same system, causing information disclosure. The issue originates from local storage of sensitive content via browsers/cache as describ...

GHSA-R3RG-JRJQ-W4MR Grav CMS Local File Injection

The Backup functionality in Grav CMS through 1.7.0-rc.17 allows an authenticated attacker to read arbitrary local files on the underlying server by exploiting a path-traversal technique. This vulnerability can also be exploited by an unauthenticated attacker due to a lack of CSRF protection...

CVE-2022-31261

An XXE issue was discovered in Morpheus through 5.2.16 and 5.4.x through 5.4.4. A successful attack requires a SAML identity provider to be configured. In order to exploit the vulnerability, the attacker must know the unique SAML callback ID of the configured identity source. A remote attacker ca...

CVE-2020-8793

OpenSMTPD before 6.6.4 allows local users to read arbitrary files e.g., on some Linux distributions because of a combination of an untrusted search path in makemap.c and race conditions in the offline functionality in smtpd.c...

PT-2022-19871 · Ipswitch · Ipswitch Whatsup Gold

Name of the Vulnerable Software and Affected Versions: Ipswitch WhatsUp Gold versions 21.1.0 through 21.1.1 Ipswitch WhatsUp Gold version 22.0.0 Description: The issue allows an authenticated user to invoke an API transaction to read the contents of a local file. Recommendations: For Ipswitch...

Progress Software WhatsUp Gold 安全漏洞

Progress Software WhatsUp Gold is a network monitoring software from Progress Software, Inc. It is used to monitor the entire network infrastructure as well as applications, configurations and network traffic. A security vulnerability exists in Progress Software WhatsUp Gold versions 21.1.0 throu...

WordPress Plugin admin-word-count-column 2.2 - Local File Read

Exploit Title: WordPress Plugin admin-word-count-column 2.2 - Local File Read Google Dork: inurl:/wp-content/plugins/admin-word-count-column/ Date: 27-03-2022 Exploit Author: Hassan Khan Yusufzai - Splint3r7 Vendor Homepage: https://wordpress.org/plugins/admin-word-count-column/ Version: 2.2...

WordPress Plugin amministrazione-aperta 3.7.3 - Local File Read - Unauthenticated

Exploit Title: WordPress Plugin amministrazione-aperta 3.7.3 - Local File Read - Unauthenticated Google Dork: inurl:/wp-content/plugins/amministrazione-aperta/ Date: 23-03-2022 Exploit Author: Hassan Khan Yusufzai - Splint3r7 Vendor Homepage: https://wordpress.org/plugins/amministrazione-aperta/...

WordPress amministrazione-aperta 3.7.3 Plugin - Local File Read - Unauthenticated Vulnerability

Exploit Title: WordPress Plugin amministrazione-aperta 3.7.3 - Local File Read - Unauthenticated Google Dork: inurl:/wp-content/plugins/amministrazione-aperta/ Exploit Author: Hassan Khan Yusufzai - Splint3r7 Vendor Homepage: https://wordpress.org/plugins/amministrazione-aperta/ Version: 3.7.3...

Neo4j 路径遍历漏洞

Neo4j is a Java-based and fully ACID-compatible graph database from Neo4j, Inc. that supports data migration, add-ons, and more. A path traversal vulnerability exists in Neo4j Graph, which stems from a directory traversal vulnerability in the Apoc plugin in Neo4j Graph databases 4.0.0 through 4.3...

Cybonet PineApp Mail Secure 安全漏洞

Cybonet PineApp Mail Secure is Israel's Cybonet's ability to block most malicious email threats at the network perimeter while providing a range of additional options for comprehensive security and message control. Cybonet PineApp Mail Secure Relay suffers from a security vulnerability that can b...

GHSA-RRP4-2XX3-MV29 Command injection in gh-ost

Gh-ost version = 1.1.2 allows users to inject DSN strings via the -database parameter. This is a low severity vulnerability as the attacker must have access to the target host or trick an administrator into executing a malicious gh-ost command on a host running gh-ost, plus network access from ho...

Command injection in gh-ost

Gh-ost version = 1.1.2 allows users to inject DSN strings via the -database parameter. This is a low severity vulnerability as the attacker must have access to the target host or trick an administrator into executing a malicious gh-ost command on a host running gh-ost, plus network access from ho...

CVE-2022-22701

PartKeepr versions up to v1.4.0, loads attachments using a URL while creating a part and allows the use of the 'file://' URI scheme, allowing an authenticated user to read local files...

CVE-2022-22701

PartKeepr versions up to v1.4.0, loads attachments using a URL while creating a part and allows the use of the 'file://' URI scheme, allowing an authenticated user to read local files...

poi: a specially crafted Microsoft Excel document allows attacker to read files from the local filesystem

In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity XXE Processing...