323 matches found
CVE-2024-8752 WebIQ 2.15.9 Runtime on Windows - Directory Traversal Vulnerability
The Windows version of WebIQ 2.15.9 is affected by a directory traversal vulnerability that allows remote attackers to read any file on the system...
ClanSphere 2011.3 Local File Inclusion
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ClanSphere 2011.3 Local File Inclusion Vulnerability', 'Description' = %q This module exploits a directory traversal flaw found in Clansphere...
PT-2024-41481 · Ооо 'Ред Софт' · Ред База Данных
Уязвимость функции evlReadFile в модуле SysFunction.cpp системы управления базами данных «Ред База Данных» связана с механизмом доступа к файловым блобам, настроенным в конфигурационном файле directories.conf. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, получить...
streamlit-geospatial 代码问题漏洞
streamlit-geospatial is an Open Geospatial Solutions open source streamlit multi-page application for geospatial applications. A code issue vulnerability exists in streamlit-geospatial that stems from pages/9? The url variable in VectorDataVisualization.py accepts user input, which is then passed...
PT-2024-29276
Name of the Vulnerable Software and Affected Versions streamlit-geospatial versions prior to commit c4f81d9616d40c60584e36abb15300853a66e489 Description The issue arises from the url variable in the pages/9 🔲 Vector Data Visualization.py file, which takes user input. This input is then passed to...
ifm electronic Smart PLC AC14xx and Smart PLC AC4xxS Operating System Command Injection Vulnerability
The ifm electronic Smart PLC AC14xx and ifm electronic Smart PLC AC4xxS are a series of hosts/gateways from ifm electronic Germany. An operating system command injection vulnerability exists in the ifm electronic Smart PLC AC14xx and Smart PLC AC4xxS versions 4.3.17 and earlier, which originates...
GHSA-9CHM-M6X2-6FVC lollms vulnerable to path traversal due to unauthenticated root folder settings change
A path traversal vulnerability exists in the XTTS server included in the lollms package, version v9.6. This vulnerability arises from the ability to perform an unauthenticated root folder settings change. Although the read file endpoint is protected against path traversals, this protection can be...
CVE-2024-22232
A specially crafted url can be created which leads to a directory traversal in the salt file server. A malicious user can read an arbitrary file from a Salt master’s filesystem...
CVE-2023-39495
PDF-XChange Editor readFileIntoStream Exposed Dangerous Function Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that t...
exfatprogs: exfatprogs allows out-of-bounds memory access
A flaw was found in Exfatprogs, a userspace utility that contains all of the standard utilities for creating, fixing, and debugging the exfat filesystem in the linux system.This issue may allow out-of-bounds memory access such as in readfiledentryset. To exploit this vulnerability, the attacker...
PT-2024-40710 · Git +1 · Mosquitto
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap buffer overflow issue is reported, which can cause a crash. The crash occurs during specific function calls, including config add listener, config...
CVE-2023-41291
A path traversal vulnerability has been reported to affect QuFirewall. If exploited, the vulnerability could allow authenticated administrators to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following version:...
QNAP Systems QuFirewall 路径遍历漏洞
QNAP Systems QuFirewall is a built-in firewall application for QNAP devices from China Weilian Technology QNAP Systems. A path traversal vulnerability exists in QNAP Systems QuFirewall 2.4.1 and prior versions, which originates from a vulnerability that allows an authenticated administrator to re...
PT-2024-5124
Name of the Vulnerable Software and Affected Versions: Node.js versions 20 through 21 Description: A flaw in the experimental permission model of Node.js allows malicious actors to retrieve stats from files they do not have explicit read access to when the --allow-fs-read flag is used. This issue...
CVE-2024-3250
It was discovered that Canonical's Pebble service manager read-file API and the associated pebble pull command, before v1.10.2, allowed unprivileged local users to read files with root-equivalent permissions when Pebble was running as root. Fixes are also available as backports to v1.1.1, v1.4.2,...
CVE-2024-3250
CVE-2024-3250 affects Canonical’s Pebble service manager. The issue arises from the read-file API used by the pebble pull command, which, before v1.10.2, allowed unprivileged local users to read files with root-equivalent permissions when Pebble ran as root. This could enable access to sensitive ...
CVE-2024-28753
RaspAP aka raspap-webgui through 3.0.9 allows remote attackers to read the /etc/passwd file via a crafted request...
CVE-2023-50968
Arbitrary file properties reading vulnerability in Apache Software Foundation Apache OFBiz when user operates an uri call without authorizations. The same uri can be operated to realize a SSRF attack also without authorizations. Users are recommended to upgrade to version 18.12.11, which fixes th...
OESA-2023-1869 gdb security update
GDB, the GNU Project debugger, allows you to see what is going on inside another program while it executes -- or what another program was doing at the moment it crashed. Security Fixes: GNU gdb GDB 13.0.50.20220805-git was discovered to contain a heap use after free via the function...
Apache Cocoon 代码问题漏洞
Apache Cocoon is the United States Apache Apache Foundation of a component-based Web development concepts built Web application framework. Apache Cocoon suffers from an XML External Entity Injection vulnerability that arises from a network system or product that does not have the correct filters ...