Lucene search
+L

323 matches found

Vulnrichment
Vulnrichment
added 2024/09/16 3:42 p.m.25 views

CVE-2024-8752 WebIQ 2.15.9 Runtime on Windows - Directory Traversal Vulnerability

The Windows version of WebIQ 2.15.9 is affected by a directory traversal vulnerability that allows remote attackers to read any file on the system...

9.3CVSS6.9AI score0.11666EPSS
Exploits1References1
Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.229 views

ClanSphere 2011.3 Local File Inclusion

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ClanSphere 2011.3 Local File Inclusion Vulnerability', 'Description' = %q This module exploits a directory traversal flaw found in Clansphere...

7.4AI score
Exploits0
Positive Technologies
Positive Technologies
added 2024/07/28 12:0 a.m.5 views

PT-2024-41481 · Ооо 'Ред Софт' · Ред База Данных

Уязвимость функции evlReadFile в модуле SysFunction.cpp системы управления базами данных «Ред База Данных» связана с механизмом доступа к файловым блобам, настроенным в конфигурационном файле directories.conf. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, получить...

6.3CVSS7.3AI score
Exploits0References2
CNNVD
CNNVD
added 2024/07/26 12:0 a.m.6 views

streamlit-geospatial 代码问题漏洞

streamlit-geospatial is an Open Geospatial Solutions open source streamlit multi-page application for geospatial applications. A code issue vulnerability exists in streamlit-geospatial that stems from pages/9? The url variable in VectorDataVisualization.py accepts user input, which is then passed...

9.8CVSS7AI score0.00786EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2024/07/26 12:0 a.m.6 views

PT-2024-29276

Name of the Vulnerable Software and Affected Versions streamlit-geospatial versions prior to commit c4f81d9616d40c60584e36abb15300853a66e489 Description The issue arises from the url variable in the pages/9 🔲 Vector Data Visualization.py file, which takes user input. This input is then passed to...

9.8CVSS6.7AI score0.00786EPSS
Exploits1References8
CNNVD
CNNVD
added 2024/07/09 12:0 a.m.4 views

ifm electronic Smart PLC AC14xx and Smart PLC AC4xxS Operating System Command Injection Vulnerability

The ifm electronic Smart PLC AC14xx and ifm electronic Smart PLC AC4xxS are a series of hosts/gateways from ifm electronic Germany. An operating system command injection vulnerability exists in the ifm electronic Smart PLC AC14xx and Smart PLC AC4xxS versions 4.3.17 and earlier, which originates...

7.2CVSS7.4AI score0.00766EPSS
Exploits0References2
OSV
OSV
added 2024/06/27 9:32 p.m.40 views

GHSA-9CHM-M6X2-6FVC lollms vulnerable to path traversal due to unauthenticated root folder settings change

A path traversal vulnerability exists in the XTTS server included in the lollms package, version v9.6. This vulnerability arises from the ability to perform an unauthenticated root folder settings change. Although the read file endpoint is protected against path traversals, this protection can be...

8.6CVSS8.7AI score0.00644EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2024/06/27 6:54 a.m.91 views

CVE-2024-22232

A specially crafted url can be created which leads to a directory traversal in the salt file server. A malicious user can read an arbitrary file from a Salt master’s filesystem...

7.7CVSS7.4AI score0.0083EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2024/05/03 3:15 a.m.6 views

CVE-2023-39495

PDF-XChange Editor readFileIntoStream Exposed Dangerous Function Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that t...

5.5CVSS5.7AI score0.00357EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2024/04/30 10:3 a.m.5 views

exfatprogs: exfatprogs allows out-of-bounds memory access

A flaw was found in Exfatprogs, a userspace utility that contains all of the standard utilities for creating, fixing, and debugging the exfat filesystem in the linux system.This issue may allow out-of-bounds memory access such as in readfiledentryset. To exploit this vulnerability, the attacker...

5.5CVSS5.7AI score0.00381EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2024/04/29 12:0 a.m.4 views

PT-2024-40710 · Git +1 · Mosquitto

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap buffer overflow issue is reported, which can cause a crash. The crash occurs during specific function calls, including config add listener, config...

7.5AI score
Exploits0References2
OSV
OSV
added 2024/04/26 3:15 p.m.6 views

CVE-2023-41291

A path traversal vulnerability has been reported to affect QuFirewall. If exploited, the vulnerability could allow authenticated administrators to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following version:...

4.9CVSS5.7AI score0.00446EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/04/26 12:0 a.m.5 views

QNAP Systems QuFirewall 路径遍历漏洞

QNAP Systems QuFirewall is a built-in firewall application for QNAP devices from China Weilian Technology QNAP Systems. A path traversal vulnerability exists in QNAP Systems QuFirewall 2.4.1 and prior versions, which originates from a vulnerability that allows an authenticated administrator to re...

4.9CVSS6.5AI score0.0046EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/04/19 12:0 a.m.10 views

PT-2024-5124

Name of the Vulnerable Software and Affected Versions: Node.js versions 20 through 21 Description: A flaw in the experimental permission model of Node.js allows malicious actors to retrieve stats from files they do not have explicit read access to when the --allow-fs-read flag is used. This issue...

2.9CVSS6.6AI score0.00458EPSS
Exploits0References270
Vulnrichment
Vulnrichment
added 2024/04/04 2:29 p.m.13 views

CVE-2024-3250

It was discovered that Canonical's Pebble service manager read-file API and the associated pebble pull command, before v1.10.2, allowed unprivileged local users to read files with root-equivalent permissions when Pebble was running as root. Fixes are also available as backports to v1.1.1, v1.4.2,...

6.5CVSS6.8AI score0.00201EPSS
Exploits0References2
CVE
CVE
added 2024/04/04 2:29 p.m.89 views

CVE-2024-3250

CVE-2024-3250 affects Canonical’s Pebble service manager. The issue arises from the read-file API used by the pebble pull command, which, before v1.10.2, allowed unprivileged local users to read files with root-equivalent permissions when Pebble ran as root. This could enable access to sensitive ...

6.5CVSS6.2AI score0.00201EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2024/03/09 12:15 a.m.21 views

CVE-2024-28753

RaspAP aka raspap-webgui through 3.0.9 allows remote attackers to read the /etc/passwd file via a crafted request...

6.5CVSS6.5AI score0.00689EPSS
Exploits1References1
OSV
OSV
added 2023/12/26 12:15 p.m.4 views

CVE-2023-50968

Arbitrary file properties reading vulnerability in Apache Software Foundation Apache OFBiz when user operates an uri call without authorizations. The same uri can be operated to realize a SSRF attack also without authorizations. Users are recommended to upgrade to version 18.12.11, which fixes th...

7.5CVSS5.7AI score0.63373EPSS
Exploits0References6
OSV
OSV
added 2023/12/01 11:6 a.m.3 views

OESA-2023-1869 gdb security update

GDB, the GNU Project debugger, allows you to see what is going on inside another program while it executes -- or what another program was doing at the moment it crashed. Security Fixes: GNU gdb GDB 13.0.50.20220805-git was discovered to contain a heap use after free via the function...

5.5CVSS7.8AI score0.00238EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/11/30 12:0 a.m.6 views

Apache Cocoon 代码问题漏洞

Apache Cocoon is the United States Apache Apache Foundation of a component-based Web development concepts built Web application framework. Apache Cocoon suffers from an XML External Entity Injection vulnerability that arises from a network system or product that does not have the correct filters ...

9.8CVSS7AI score0.01292EPSS
Exploits0References2
Rows per page
Query Builder