Lucene search
K

1222 matches found

OSV
OSV
added 2014/07/22 2:55 p.m.4 views

UBUNTU-CVE-2014-5020

The File module in Drupal 7.x before 7.29 does not properly check permissions to view files, which allows remote authenticated users with certain permissions to bypass intended restrictions and read files by attaching the file to content with a file field...

4.9CVSS6.3AI score0.01323EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2014/07/16 6:12 p.m.8 views

PicketLink: XXE via insecure DocumentBuilderFactory usage

It was found that the implementation of the org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory method provided a DocumentBuilderFactory that would expand entity references. A remote, unauthenticated attacker could use this flaw to read files accessible to the user running the...

7.5CVSS5.7AI score0.03857EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2014/07/16 6:12 p.m.6 views

PicketLink: XXE via insecure DocumentBuilderFactory usage

It was found that the implementation of the org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory method provided a DocumentBuilderFactory that would expand entity references. A remote, unauthenticated attacker could use this flaw to read files accessible to the user running the...

7.5CVSS5.7AI score0.03857EPSS
Exploits0References4
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.20 views

yawcam 0.2.5 - Directory Traversal vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13295/info Yawcam is prone to a directory traversal vulnerability that could allow attackers to read files outside the Web root. GET ................\windows\system.ini HTTP/1.0 GET...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.38 views

Taboada Macronews <= 1.0 - SQLi Exploit

No description provided by source. ?php / Exploit Title: Taboada Macronews = 1.0 SQLi Exploit Date: 03rd January 2013 Exploit Author: WhiteCollarGroup Software Link: http://www.scriptbrasil.com.br/download/codigo/7144/ Version: 1.0 Google Dork: intext:Powered by: joaotaboada.com Usage: php...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.26 views

simple web-server 1.2 - Directory Traversal

No description provided by source. ------------------------------------------------------------------------ Software................Simple web-server 1.2 Vulnerability...........Directory Traversal Threat Level............Serious 3/5 Download................http://www.storecalc.com Discovery...

7.1AI score
Exploits0
0day.today
0day.today
added 2014/05/15 12:0 a.m.278 views

ElasticSearch Remote Code Execution Exploit

Exploit for multiple platform in category web applications body padding-top: 50px; .starter-template padding: 40px 15px; text-align: center; function esinject var readfile; var writefile; readfile = functionfilename return "import java.util.;\nimport java.io.;\nnew Scannernew File"" + filename +...

6.8CVSS6.4AI score0.88559EPSS
Exploits17
OSV
OSV
added 2014/05/08 2:29 p.m.5 views

UBUNTU-CVE-2013-6889

GNU Rush 1.7 does not properly drop privileges, which allows local users to read arbitrary files via the --lint option...

4.9CVSS5.9AI score0.00478EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2014/05/07 12:0 a.m.6 views

PT-2014-4538 · Cisco · Cisco Asa

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software affected versions not specified Description: The issue allows remote authenticated users to read files by sending a crafted URL to the HTTP server, potentially accessing sensitive information suc...

6.8CVSS5.8AI score0.01123EPSS
Exploits0References3
OSV
OSV
added 2014/04/02 4:17 p.m.5 views

UBUNTU-CVE-2014-1297

WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, does not properly validate WebProcess IPC messages, which allows remote attackers to bypass a sandbox protection mechanism and read arbitrary files by leveraging WebProcess access...

5CVSS7.4AI score0.01792EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2014/03/06 12:0 a.m.7 views

PT-2014-4357 · Videowhisper · Videowhisper Live Streaming Integration

Name of the Vulnerable Software and Affected Versions: VideoWhisper Live Streaming Integration plugin versions prior to 4.29.5 Description: The issue allows remote attackers to read or delete arbitrary files due to directory traversal vulnerabilities in the VideoWhisper Live Streaming Integration...

6.4CVSS7.5AI score0.1093EPSS
Exploits6References7
Cvelist
Cvelist
added 2013/12/10 2:0 a.m.22 views

CVE-2013-6708

Cisco Cloud Portal 9.4 allows remote attackers to read files of unspecified types via a direct request, aka Bug IDs CSCuj08426 and CSCui60889...

6.6AI score0.03023EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2013/10/30 10:55 a.m.3 views

CVE-2013-5598

PDF.js in Mozilla Firefox before 25.0 and Firefox ESR 24.x before 24.1 does not properly handle the appending of an IFRAME element, which allows remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges by using this element within an embedded PDF object...

8.3CVSS6AI score0.02937EPSS
Exploits0References7
Cvelist
Cvelist
added 2013/08/27 1:0 a.m.28 views

CVE-2013-2988

Absolute path traversal vulnerability in the server in IBM Cognos Business Intelligence BI 8.4.1, 10.1, 10.1.1, 10.2, and 10.2.1 allows remote authenticated users to read files by leveraging the Report Author privilege, a different vulnerability than CVE-2013-2978...

5.8AI score0.01656EPSS
Exploits0References2
OSV
OSV
added 2013/08/21 4:55 p.m.11 views

UBUNTU-CVE-2013-4701

Auth/Yadis/XML.php in PHP OpenID Library 2.2.2 and earlier allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via XRDS data containing an external entity declaration in conjunction with an entity...

7.5CVSS5.8AI score0.02997EPSS
Exploits1References5
Prion
Prion
added 2013/08/09 11:55 p.m.11 views

Xxe

Schneider Electric Vijeo Citect 7.20 and earlier, CitectSCADA 7.20 and earlier, and PowerLogic SCADA 7.20 and earlier allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via an XML document containing an...

6.9CVSS7.4AI score0.00732EPSS
Exploits0References2Affected Software3
ATTACKERKB
ATTACKERKB
added 2013/06/01 2:21 p.m.4 views

CVE-2013-0136

Multiple directory traversal vulnerabilities in the EditDocument servlet in the Frontend in Mutiny before 5.0-1.11 allow remote authenticated users to upload and execute arbitrary programs, read arbitrary files, or cause a denial of service file deletion or renaming via 1 the uploadPath parameter...

8.5CVSS6AI score0.40338EPSS
Exploits8References5
UbuntuCve
UbuntuCve
added 2013/02/13 5:55 p.m.26 views

CVE-2012-3363

ZendXmlRpc in Zend Framework 1.x before 1.11.12 and 1.12.x before 1.12.0 does not properly handle SimpleXMLElement classes, which allows remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML...

9.1CVSS7.3AI score0.50248EPSS
Exploits1References3
OSV
OSV
added 2012/11/20 12:55 a.m.3 views

DEBIAN-CVE-2012-4510

cups-pk-helper before 0.2.3 does not properly wrap the 1 cupsGetFile and 2 cupsPutFile function calls, which allows user-assisted remote attackers to read or overwrite sensitive files using CUPS resources...

5.8CVSS6.9AI score0.01221EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2012/09/25 8:55 p.m.29 views

CVE-2012-3324

Directory traversal vulnerability in the UTLFILE module in IBM DB2 and DB2 Connect 10.1 before FP1 on Windows allows remote authenticated users to modify, delete, or read arbitrary files via a pathname in the file field...

9CVSS7.3AI score0.03565EPSS
Exploits0References4
Rows per page
Query Builder