699 matches found
Aiven Ltd: Zero day path traversal vulnerability in Grafana 8.x allows unauthenticated arbitrary local file read
Summary: Hi team, I've found a path traversal issue in the Grafana instances hosted on the Aiven platforms. With the path traversal it's possible for an unauthenticated user to read arbitrary files on the server. Steps To Reproduce: 1. Login at https://console.aiven.io 1. Create a new Grafana...
CVE-2020-4805
IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189539...
CVE-2021-30201
The API /vsaWS/KaseyaWS.asmx can be used to submit XML to the system. When this XML is processed external entities are insecurely processed and fetched by the system and returned to the attacker. Detailed description Given the following request: POST /vsaWS/KaseyaWS.asmx HTTP/1.1 Content-Type:...
BloofoxCms 路径遍历漏洞
bloofoxCMS is a free open source PHP + MySQL based Web content management system . A path traversal vulnerability exists in the fileurl parameter in bloofoxCMS version 0.5.2.1. An attacker can exploit this vulnerability to read local files...
CVE-2021-20396
IBM QRadar Analyst Workflow App 1.0 through 1.18.0 for IBM QRadar SIEM allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 196009...
SUSE: Security Advisory (SUSE-SU-2016:1275-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CommScope Ruckus IoT Controller 缓冲区错误漏洞
The Commscope CommScope Ruckus IoT Controller is an IoT controller from Commscope, Inc. A virtual controller that integrates with the SmartZone controller to perform connectivity, device and security management functions for non-Wi-Fi devices. A buffer error vulnerability exists in the node-red...
CVE-2021-20391
CVE-2021-20391 affects IBM QRadar User Behavior Analytics (QRadar UBA) add-on for QRadar SIEM, with versions 1.0.0–4.1.0 vulnerable to an information-disclosure issue where web pages can be stored locally and read by other users on the same system. The IBM Security Bulletin (E2FDAB2D4F6B1859F199A...
Injection and Cross-site Scripting in osm-static-maps
This affects all versions of package osm-static-maps under 3.9.0. User input given to the package is passed directly to a template without escaping ... . As such, it is possible for an attacker to inject arbitrary HTML/JS code and depending on the context. It will be outputted as an HTML on the...
GHSA-PXCF-V868-M492 Injection and Cross-site Scripting in osm-static-maps
This affects all versions of package osm-static-maps under 3.9.0. User input given to the package is passed directly to a template without escaping ... . As such, it is possible for an attacker to inject arbitrary HTML/JS code and depending on the context. It will be outputted as an HTML on the...
DEBIAN-CVE-2021-31863
Insufficient input validation in the Git repository integration of Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows Redmine users to read arbitrary local files accessible by the application server process...
About the security content of Security Update 2021-003 Mojave
About the security content of Security Update 2021-003 Mojave This document describes the security content of Security Update 2021-003 Mojave. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurre...
Hasura GraphQL 1.3.3 - Local File Read Exploit
Exploit Title: Hasura GraphQL 1.3.3 - Local File Read Software: Hasura GraphQL Software Link: https://github.com/hasura/graphql-engine Version: 1.3.3 Exploit Author: Dolev Farhi Tested on: Ubuntu import requests import sys HASURASCHEME = 'http' HASURAHOST = '192.168.1.1' HASURAPORT = 80 READFILE ...
Hasura GraphQL 1.3.3 Arbitrary File Read
Exploit Title: Hasura GraphQL 1.3.3 - Local File Read Software: Hasura GraphQL Software Link: https://github.com/hasura/graphql-engine Version: 1.3.3 Exploit Author: Dolev Farhi Date: 4/19./2021 Tested on: Ubuntu import requests import sys HASURASCHEME = 'http' HASURAHOST = '192.168.1.1' HASURAPO...
Hasura GraphQL 1.3.3 - Local File Read
Exploit Title: Hasura GraphQL 1.3.3 - Local File Read Software: Hasura GraphQL Software Link: https://github.com/hasura/graphql-engine Version: 1.3.3 Exploit Author: Dolev Farhi Date: 4/19./2021 Tested on: Ubuntu import requests import sys HASURASCHEME = 'http' HASURAHOST = '192.168.1.1' HASURAPO...
SUSE: Security Advisory (SUSE-SU-2016:1260-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Design/Logic Flaw
The issue was addressed with improved permissions logic. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A local user may be able to read arbitrary files...
CVE-2021-27931
LumisXP aka Lumis Experience Platform before 10.0.0 allows unauthenticated blind XXE via an API request to PageControllerXml.jsp. One can send a request crafted with an XXE payload and achieve outcomes such as reading local server files or denial of service...
CVE-2020-4726
The IBM Application Performance Monitoring UI IBM Cloud APM 8.1.4 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 187975...
About the security content of iOS 14.4 and iPadOS 14.4 - Apple Support
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. Apple security documents reference...