Linux Distros Unpatched Vulnerability : CVE-2014-3242

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SOAPpy 0.12.5 allows remote attackers to read arbitrary files via a SOAP request containing an external entity declaration in conjunction with an entity...

The vulnerability of the QAnything AI-based question-answering system lies in the incorrect limitation of the path name to the restricted access catalog. This allows attackers to read arbitrary files or execute arbitrary code.

The vulnerability of the QAnything AI-based question-answering system is related to an incorrect restriction on the name of the path to the restricted-access catalog. Exploiting this vulnerability could allow a malicious actor to read arbitrary files or execute arbitrary code remotely...

SFTPGo 操作系统命令注入漏洞

SFTPGo is a full-featured and highly configurable SFTP server from the individual developer Nicola Murino in Italy. SFTPGo suffers from an operating system command injection vulnerability that stems from a lack of cleanup of the rsync command, allowing remote users to read or write files...

CVE-2024-31220

Sunshine is a self-hosted game stream host for Moonlight. Starting in version 0.16.0 and prior to version 0.18.0, an attacker may be able to remotely read arbitrary files without authentication due to a path traversal vulnerability. Users who exposed the Sunshine configuration web user interface...

Synology Media Server 安全漏洞

Synology Media Server is a media server from China-based Synology Inc. A security vulnerability exists in Synology Media Server for DSM version 7.2, version 7.1, and Synology Media Server for SRM version 1.3, which stems from an authorization bypass vulnerability via user-controlled key, which...

VulnCheck KEV: CVE-2008-6668

Multiple directory traversal vulnerabilities in nweb2fax 0.2.7 and earlier allow remote attackers to read arbitrary files via a .. dot dot in the 1 id parameter to comm.php and 2 varfilename parameter to viewrq.php...

VulnCheck KEV: CVE-2015-4074

Directory traversal vulnerability in the Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the filename parameter in a ticket.downloadattachment task...

The vulnerability of the software platforms for developing and managing Magento Open Source and Adobe Commerce online stores lies in the incorrect limitation of the path to the restricted catalog. This allows attackers to read arbitrary files.

The vulnerability of the Magento Open Source and Adobe Commerce software platforms for developing and managing online stores is related to incorrect path name restrictions for access to restricted catalogs. Exploiting this vulnerability allows a malicious actor to remotely read arbitrary files...

Riverbed SteelHead VCX File Read

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Riverbed SteelHead VCX File Read', 'Description' = %q This module exploits an authenticated arbitrary file read in the log module's filter engine...

Ruby On Rails File Content Disclosure

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Ruby On Rails File Content Disclosure 'doubletap'", 'Description' = %q This module uses a path traversal vulnerability in Ruby on Rails versions ...

SAP Internet Graphics Server (IGS) XMLCHART XXE

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SAP Internet Graphics Server IGS XMLCHART XXE', 'Description' = %q This module exploits CVE-2018-2392 and CVE-2018-2393, two XXE vulnerabilities...

The vulnerability of the Splunk Web platform for operational analysis in Splunk Enterprise allows a hacker to read arbitrary files.

The vulnerability of the Splunk Web platform for operational analysis in Splunk Enterprise relates to an incorrect restriction on the path to the restricted-access directory. Exploiting this vulnerability could allow a malicious actor to read arbitrary files remotely...

PT-2024-4220 · Adobe · Coldfusion

Name of the Vulnerable Software and Affected Versions: ColdFusion versions 2023u7, 2021u13 and earlier Description: The issue is related to improper access control, which could result in arbitrary file system read. An attacker could exploit this to gain unauthorized access to sensitive files or...

PT-2024-4722 · Unknown · Сервис Обновлений

Name of the Vulnerable Software and Affected Versions: Сервис обновлений affected versions not specified Description: The issue is related to the WSDL request handler in the "Сервис обновлений" software, which is associated with incorrect restriction of the directory path name. This could allow a...

PT-2024-25946 · Achecker · Achecker

Name of the Vulnerable Software and Affected Versions: AChecker version 1.5 Description: The issue allows remote attackers to read the contents of arbitrary files via the "download.php" path parameter by using Unauthenticated Path Traversal. This occurs through the readfile function in PHP. It is...

CVE-2024-31220

Sunshine (Moonlight’s self-hosted game stream host) is affected by a path-traversal bug that allows remote reading of arbitrary files without authentication in versions 0.16.0 through 0.17.x. An attacker could trigger the issue by sending an HTTP/S request to the node_modules endpoint if the Suns...

PT-2024-23862 · Sunshine · Sunshine

Name of the Vulnerable Software and Affected Versions: Sunshine versions 0.16.0 through 0.17.x Description: Sunshine is a self-hosted game stream host for Moonlight. An attacker may be able to remotely read arbitrary files without authentication due to a path traversal vulnerability. Users who...

The vulnerability of the function in the out-of-band connection of the Cisco Nexus Dashboard Fabric Controller (NDFC) allows a hacker to read arbitrary files on the server.

The vulnerability of the out-of-band connection function of the Cisco Nexus Dashboard Fabric Controller NDFC exists due to an incorrect restriction on the path name to the restricted directory. Exploiting this vulnerability could allow a malicious actor to read arbitrary files on the server...

GHSA-CFPH-4QQH-W828 Arbitrary remote file read in Wrangler dev server

Impact Sending specially crafted HTTP requests and inspector messages to Wrangler's dev server could result in any file on the user's computer being accessible over the local network. An attacker that could trick any user on the local network into opening a malicious website could also read any...

CVE-2023-7079 Arbitrary remote file read in Wrangler dev server

Sending specially crafted HTTP requests and inspector messages to Wrangler's dev server could result in any file on the user's computer being accessible over the local network. An attacker that could trick any user on the local network into opening a malicious website could also read any file...