Lucene search
K

100 matches found

PyPA
PyPA
added 2019/07/18 5:15 p.m.6 views

PYSEC-2019-184

Ladon since 0.6.1 since ebef0aae48af78c159b6fce81bc6f5e7e0ddb059 is affected by: XML External Entity XXE. The impact is: Information Disclosure, reading files and reaching internal network endpoints. The component is: SOAP request handlers. For instance:...

9.8CVSS6.9AI score0.05711EPSS
Exploits1References3Affected Software1
CNVD
CNVD
added 2019/06/11 12:0 a.m.3 views

Rancher Labs Rancher Command Injection Vulnerability

Rancher Labs Rancher is the United States Rancher Labs, Inc. of a set of open source enterprise-class container management platform. A command injection vulnerability exists in Rancher Labs Rancher. An attacker can exploit this vulnerability to read files or execute arbitrary commands...

8.8CVSS7.9AI score0.02013EPSS
Exploits0References1
OSV
OSV
added 2019/06/05 6:29 p.m.7 views

UBUNTU-CVE-2019-9187

ikiwiki before 3.20170111.1 and 3.2018x and 3.2019x before 3.20190228 allows SSRF via the aggregate plugin. The impact also includes reading local files via file: URIs...

7.5CVSS7.1AI score0.01699EPSS
Exploits0References8
Kitploit
Kitploit
added 2019/03/20 12:11 p.m.153 views

Remot3d v2.0 - Tool Created For Large Pentesters As Well As Just For The Pleasure Of Defacers To Control Server By Backdoors

Remot3d - A tool made to generate backdoor to control and exploit a server where the server runs the PHP Hypertext Preprocessor program. Equipped with a backdoor that has been Obfuscated which means that 100% FUD FULLY UNDETECTABLE in other words can penetrate the firewall of a server because of...

7.4AI score
Exploits0References8
Positive Technologies
Positive Technologies
added 2019/01/16 12:0 a.m.7 views

PT-2019-18094 · Es · Es File Explorer File Manager

Name of the Vulnerable Software and Affected Versions: ES File Explorer File Manager versions through 4.1.9.7.4 Description: The issue allows remote attackers to read arbitrary files or execute applications via TCP port 59777 requests on the local Wi-Fi network. This TCP port remains open after t...

8.1CVSS7.9AI score0.6202EPSS
Exploits8References8
Cvelist
Cvelist
added 2019/01/08 11:0 p.m.19 views

CVE-2019-5725

qibosoft through V7 allows remote attackers to read arbitrary files via the member/index.php main parameter, as demonstrated by SSRF to a URL on the same web site to read a .sql file...

7.5AI score0.01493EPSS
Exploits1References1
Prion
Prion
added 2018/05/29 8:29 p.m.16 views

Path traversal

The html-pages node module contains a path traversal vulnerabilities that allows an attacker to read any file from the server with cURL...

5CVSS9.4AI score0.02274EPSS
Exploits1References2Affected Software1
CNVD
CNVD
added 2018/02/28 12:0 a.m.4 views

Medtronic 2090 Carelink Programmer Directory Traversal Vulnerability

The Medtronic 2090 Carelink Programmer is used by trained personnel in hospitals and clinics to program and manage Medtronic cardiac devices. The software deployment network for the affected product contains a directory traversal vulnerability that could allow an attacker to read files on the...

5.7CVSS6.8AI score0.00739EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2018/02/09 11:29 p.m.20 views

CVE-2018-1000028

Linux kernel version after commit bdcf0a423ea1 - 4.15-rc4+, 4.14.8+, 4.9.76+, 4.4.111+ contains a Incorrect Access Control vulnerability in NFS server nfsd that can result in remote users reading or writing files they should not be able to via NFS. This attack appear to be exploitable via NFS...

7.4CVSS6.8AI score0.01411EPSS
Exploits0References1
CNVD
CNVD
added 2017/11/06 12:0 a.m.3 views

McAfee Network Data Loss Prevention server Man-in-the-Middle Attack Vulnerability

McAfee Network Data Loss Prevention NDLP is a suite of network data loss prevention software from McAfee, Inc. in the United States. The software prevents unintentional or malicious disclosure of customer data, employee information and intellectual property information, as well as unauthorized...

5.9CVSS6.4AI score0.00991EPSS
Exploits0References1
OSV
OSV
added 2017/10/23 6:29 p.m.6 views

UBUNTU-CVE-2014-3744

Directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary files via a %2e%2e encoded dot dot in an unspecified path...

7.5CVSS7.3AI score0.34012EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2017/10/17 12:0 a.m.5 views

The vulnerability in the web interface that provides access to the OpenText Documentum Webtop repository is related to incorrect restrictions on XML links to external objects. This allows attackers to read arbitrary files or cause service failures.

The vulnerability in the web interface that provides access to the OpenText Documentum Webtop repository is related to an improper limitation on XML references to external objects XML External Entity, XXE. Exploiting this vulnerability could allow a malicious actor to read arbitrary files remotel...

5.5CVSS7.8AI score0.01376EPSS
Exploits3References3Affected Software1
CNVD
CNVD
added 2017/08/03 12:0 a.m.4 views

IBM Sterling B2B Integrator XML External Entity Injection Vulnerability

IBM Sterling B2B Integrator and IBM Sterling File Gateway are both products of IBM Corporation, U.S.A. IBM Sterling B2B Integrator is a suite of software that integrates B2B processes, transactions, and relationships across different partner communities.IBM Sterling IBM Sterling File Gateway is a...

6.5CVSS7.2AI score0.01408EPSS
Exploits0References1
CNVD
CNVD
added 2017/06/30 12:0 a.m.3 views

Kaspersky Anti-Virus for Linux File Server Path Traversal Vulnerability

Kaspersky Anti-Virus for Linux File Server is designed to provide antivirus protection for file servers running under the Linux operating system. A path traversal vulnerability exists in Kaspersky Anti-Virus for Linux File Server. The vulnerability allows an attacker to read arbitrary files with...

7.5CVSS6.7AI score0.11265EPSS
Exploits5References1
BDU FSTEC
BDU FSTEC
added 2016/02/08 12:0 a.m.10 views

The vulnerability of the Cisco Firepower Extensible Operating System allows a hacker to read arbitrary files.

The vulnerability of the Cisco Firepower Extensible Operating System is related to the lack of protection for service data. Exploiting this vulnerability allows a malicious actor to read arbitrary files through a parameter transmitted using pre-prepared executable code...

4CVSS5.6AI score0.00966EPSS
Exploits0References2
0day.today
0day.today
added 2015/11/21 12:0 a.m.18 views

Traffic CMS 1.4.x Local File Inclusion Vulnerability

Traffic CMS version 1.4.x suffers from a local file inclusion vulnerability. Traffic CMS v1.4.x = Local File Inclusion Vulnerability My + Author : KnocKout Contact : email protected HomePage : http://milw00rm.com - http://h4x0resec.blogspot.com Þeker Insanlar : ZoRLu, milw00rm.com , Septemb0x ,...

6.8AI score
Exploits0
CNVD
CNVD
added 2015/09/09 12:0 a.m.2 views

NEOJAPAN desknet NEO Directory Traversal Vulnerability

NEOJAPAN desknet NEO is Japan's NEOJAPAN company a Web application framework. A directory traversal vulnerability exists in NEOJAPAN desknet NEO versions 2.0R1.0 through 2.5R1.4. A remote attacker can exploit this vulnerability to read arbitrary files with specially crafted parameters...

4CVSS6.9AI score0.01557EPSS
Exploits0References1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.288 views

MinaliC Webserver 1.0 - Directory Traversal Vulnerability

No description provided by source. ------------------------------------------------------------------------ Software................MinaliC Webserver 1.0 Vulnerability...........Directory Traversal Download................http://sourceforge.net/projects/minalic/ Release Date............10/24/2010...

7.1AI score
Exploits0
Prion
Prion
added 2014/06/04 2:55 p.m.20 views

Design/Logic Flaw

ownCloud Server before 5.0.16 and 6.0.x before 6.0.3 does not properly check permissions, which allows remote authenticated users to read the names of files of other users by leveraging access to multiple accounts...

4CVSS6.6AI score0.01011EPSS
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added 2014/04/14 1:46 p.m.7 views

Framework: XML External Entity (XXE) injection flaw

The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External...

6.8CVSS7.5AI score0.90455EPSS
Exploits0References5
Rows per page
Query Builder