100 matches found
Adobe Photoshop 缓冲区错误漏洞
Adobe Photoshop is an application developed and distributed by Adobe for image processing. Adobe Photoshop is vulnerable to a buffer overflow vulnerability that could lead to the execution of arbitrary code in the context of the current user. An attacker could exploit the vulnerability to read...
CVE-2021-3856
ClassLoaderTheme and ClasspathThemeResourceProviderFactory allows reading any file available as a resource to the classloader. By sending requests for theme resources with a relative path from an external HTTP client, the client will receive the content of random files if available...
CVE-2022-27620
Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in webapi component in Synology SSO Server before 2.2.3-0331 allows remote authenticated users to read arbitrary files via unspecified vectors...
Design/Logic Flaw
An argument injection vulnerability in Dragonfly Ruby Gem v1.3.0 allows attackers to read and write arbitrary files when the verifyurl option is disabled. This vulnerability is exploited via a crafted URL...
GHSA-2C65-RQ62-FQHQ Path traversal in Gitblit
A Path Traversal vulnerability in Gitblit 1.9.3 can lead to reading website files via /resources//../ e.g., followed by a WEB-INF or META-INF pathname...
Umbraco CMS XXE Vulnerability
XML external entity XXE vulnerability in Umbraco CMS before 7.7.3 allows attackers to obtain sensitive information by reading files on the server or sending TCP requests to intranet hosts aka SSRF, related to Umbraco.Web/umbraco.presentation/umbraco/dialogs/importDocumenttype.aspx.cs...
GHSA-V8Q2-94F6-6XQ2 Improper Input Validation in Apache CXF
Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send...
Jenkins Kubernetes Continuous Deploy Plugin 路径遍历漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.The Jenkins Kubernetes Continuous Deploy...
Online Traffic Offense Management System 1.0 - Privilage escalation (Unauthenticated)
Exploit Title: Online Traffic Offense Management System 1.0 - Privilage escalation Unauthenticated Date: 07/10/2021 Exploit Author: Hubert Wojciechowski Contact Author: [email protected] Vendor Homepage: https://www.sourcecodester.com Software Link:...
Sonatype Nexus Repository Manager IQ 路径遍历漏洞
Sonatype Nexus Repository Manager IQ is a Sonatype open source application. The policy management and component intelligence features for IQ Server are integrated with the agent repository in Nexus Repository Manager Pro. A security vulnerability exists in Sonatype Nexus Repository Manager IQ. An...
Discord Recon Server 参数注入漏洞
Discord Recon Server is an AI bot from Discord USA. Discord-Recon suffers from a parameter injection vulnerability that can be exploited by an attacker to read internal files from the system and write the files to the system, leading to remote code execution...
CVE-2020-13449
A directory traversal vulnerability in the Markdown engine of Gotenberg through 6.2.1 allows an attacker to read any container files...
CVE-2020-16919
An information disclosure vulnerability exists when the Windows Enterprise App Management Service improperly handles certain file operations. An attacker who successfully exploited this vulnerability could read arbitrary files. An attacker with unprivileged access to a vulnerable system could...
PT-2020-15523 · Jenkins · Jenkins Persona Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Persona Plugin versions 2.4 and earlier Description: The issue allows users with Overall/Read permission to read arbitrary files on the Jenkins controller. Recommendations: For Jenkins Persona Plugin versions 2.4 and earlier, update t...
Directory traversal
An issue was discovered in Hyland OnBase through 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. Directory traversal exists for reading files, as demonstrated by the FileName parameter...
Gitlab -- Multiple Vulnerabilities
Gitlab reports: Workhorse bypass allows files in /tmp to be read via Maven Repository APIs...
dotCMS code problem vulnerability
dotCMS is a content management system CMS from the United States dotCMS. The system supports RSS feeds , blogs , forums and other modules , and is easy to extend and build features . A code issue vulnerability exists in dotCMS versions prior to 5.2.4 that stems from faulty access control. An...
CVE-2020-8996
AnyShare Cloud 6.0.9 allows authenticated directory traversal to read files, as demonstrated by the interface/downloadwithpath/downloadfile/?filepath=/etc/passwd URI...
Simple Machines Forum File Disclosure Vulnerability
Simple Machines Forum SMF is an open source web forum system by the SMF team in the United States. A file disclosure vulnerability exists in SMF 2.0.3. and earlier versions, which can be exploited to read arbitrary files on the file system and gain new privileges by reading the settings.php file...
Directory Traversal
iobroker.admin is vulnerable to directory traversal. The vulnerability exists as it allows reading of files that exists outside the public folder by adding %2e%2e/ in the requested file path...