Lucene search
K

100 matches found

CNNVD
CNNVD
added 2022/09/16 12:0 a.m.4 views

Adobe Photoshop 缓冲区错误漏洞

Adobe Photoshop is an application developed and distributed by Adobe for image processing. Adobe Photoshop is vulnerable to a buffer overflow vulnerability that could lead to the execution of arbitrary code in the context of the current user. An attacker could exploit the vulnerability to read...

7.8CVSS7.5AI score0.00483EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/08/26 3:25 p.m.46 views

CVE-2021-3856

ClassLoaderTheme and ClasspathThemeResourceProviderFactory allows reading any file available as a resource to the classloader. By sending requests for theme resources with a relative path from an external HTTP client, the client will receive the content of random files if available...

4.9AI score0.00897EPSS
Exploits0References5
OSV
OSV
added 2022/08/03 3:15 a.m.5 views

CVE-2022-27620

Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in webapi component in Synology SSO Server before 2.2.3-0331 allows remote authenticated users to read arbitrary files via unspecified vectors...

4.9CVSS5.9AI score
Exploits0References1
Prion
Prion
added 2022/06/02 8:15 p.m.17 views

Design/Logic Flaw

An argument injection vulnerability in Dragonfly Ruby Gem v1.3.0 allows attackers to read and write arbitrary files when the verifyurl option is disabled. This vulnerability is exploited via a crafted URL...

4.9CVSS9AI score0.0104EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/05/22 12:0 a.m.39 views

GHSA-2C65-RQ62-FQHQ Path traversal in Gitblit

A Path Traversal vulnerability in Gitblit 1.9.3 can lead to reading website files via /resources//../ e.g., followed by a WEB-INF or META-INF pathname...

7.5CVSS7.3AI score0.09601EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2022/05/17 12:30 a.m.27 views

Umbraco CMS XXE Vulnerability

XML external entity XXE vulnerability in Umbraco CMS before 7.7.3 allows attackers to obtain sensitive information by reading files on the server or sending TCP requests to intranet hosts aka SSRF, related to Umbraco.Web/umbraco.presentation/umbraco/dialogs/importDocumenttype.aspx.cs...

5.5CVSS6.5AI score0.0106EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/05/13 1:9 a.m.2 views

GHSA-V8Q2-94F6-6XQ2 Improper Input Validation in Apache CXF

Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send...

9.8CVSS7.3AI score0.09788EPSS
Exploits1References15
CNNVD
CNNVD
added 2022/03/15 12:0 a.m.4 views

Jenkins Kubernetes Continuous Deploy Plugin 路径遍历漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.The Jenkins Kubernetes Continuous Deploy...

6.5CVSS5.9AI score0.01764EPSS
Exploits0References6
Exploit DB
Exploit DB
added 2021/10/08 12:0 a.m.258 views

Online Traffic Offense Management System 1.0 - Privilage escalation (Unauthenticated)

Exploit Title: Online Traffic Offense Management System 1.0 - Privilage escalation Unauthenticated Date: 07/10/2021 Exploit Author: Hubert Wojciechowski Contact Author: [email protected] Vendor Homepage: https://www.sourcecodester.com Software Link:...

7.4AI score
Exploits0
CNNVD
CNNVD
added 2021/04/22 12:0 a.m.4 views

Sonatype Nexus Repository Manager IQ 路径遍历漏洞

Sonatype Nexus Repository Manager IQ is a Sonatype open source application. The policy management and component intelligence features for IQ Server are integrated with the agent repository in Nexus Repository Manager Pro. A security vulnerability exists in Sonatype Nexus Repository Manager IQ. An...

5.3CVSS5.7AI score0.01842EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/04/20 12:0 a.m.4 views

Discord Recon Server 参数注入漏洞

Discord Recon Server is an AI bot from Discord USA. Discord-Recon suffers from a parameter injection vulnerability that can be exploited by an attacker to read internal files from the system and write the files to the system, leading to remote code execution...

9CVSS8.4AI score0.02476EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/01/07 9:17 p.m.32 views

CVE-2020-13449

A directory traversal vulnerability in the Markdown engine of Gotenberg through 6.2.1 allows an attacker to read any container files...

7.4AI score0.04936EPSS
Exploits2References2
OSV
OSV
added 2020/10/16 11:15 p.m.4 views

CVE-2020-16919

An information disclosure vulnerability exists when the Windows Enterprise App Management Service improperly handles certain file operations. An attacker who successfully exploited this vulnerability could read arbitrary files. An attacker with unprivileged access to a vulnerable system could...

5.5CVSS6.2AI score0.01233EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2020/10/08 12:0 a.m.4 views

PT-2020-15523 · Jenkins · Jenkins Persona Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Persona Plugin versions 2.4 and earlier Description: The issue allows users with Overall/Read permission to read arbitrary files on the Jenkins controller. Recommendations: For Jenkins Persona Plugin versions 2.4 and earlier, update t...

6.5CVSS6.3AI score0.0101EPSS
Exploits0References6
Prion
Prion
added 2020/09/11 3:15 a.m.17 views

Directory traversal

An issue was discovered in Hyland OnBase through 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. Directory traversal exists for reading files, as demonstrated by the FileName parameter...

5CVSS7.6AI score0.02099EPSS
Exploits0References3Affected Software1
FreeBSD
FreeBSD
added 2020/07/06 12:0 a.m.31 views

Gitlab -- Multiple Vulnerabilities

Gitlab reports: Workhorse bypass allows files in /tmp to be read via Maven Repository APIs...

5.3CVSS3.9AI score0.01059EPSS
Exploits0References1
CNVD
CNVD
added 2020/02/17 12:0 a.m.3 views

dotCMS code problem vulnerability

dotCMS is a content management system CMS from the United States dotCMS. The system supports RSS feeds , blogs , forums and other modules , and is easy to extend and build features . A code issue vulnerability exists in dotCMS versions prior to 5.2.4 that stems from faulty access control. An...

9.8CVSS7.1AI score0.948EPSS
Exploits1References1
Cvelist
Cvelist
added 2020/02/16 5:6 p.m.17 views

CVE-2020-8996

AnyShare Cloud 6.0.9 allows authenticated directory traversal to read files, as demonstrated by the interface/downloadwithpath/downloadfile/?filepath=/etc/passwd URI...

4.5AI score0.01065EPSS
Exploits1References1
CNVD
CNVD
added 2020/01/17 12:0 a.m.3 views

Simple Machines Forum File Disclosure Vulnerability

Simple Machines Forum SMF is an open source web forum system by the SMF team in the United States. A file disclosure vulnerability exists in SMF 2.0.3. and earlier versions, which can be exploited to read arbitrary files on the file system and gain new privileges by reading the settings.php file...

7.2CVSS6.7AI score0.01732EPSS
Exploits0References1
Veracode
Veracode
added 2019/11/28 1:53 a.m.11 views

Directory Traversal

iobroker.admin is vulnerable to directory traversal. The vulnerability exists as it allows reading of files that exists outside the public folder by adding %2e%2e/ in the requested file path...

3.8AI score
Exploits0
Rows per page
Query Builder