Jira Server/Data Center Limited Remote File Read (CVE-2021-26086)

Binary data jiracve-2021-26086.nbin...

GHSA-7X2G-4JVC-4X6P Directory Traversal in JFinalCMS

JFinalCMS 5.0.0 could allow a remote attacker to read files via ../ Directory Traversal in the /common/down/file fileKey parameter...

Systematica Radius Security Vulnerability

Systematica Radius is an application from Systematica, Inc. A security vulnerability exists in Systematica Radius v.3.9.256.777 and earlier versions, which stems from an absolute path traversal vulnerability that allows remote attackers to read arbitrary files...

CVE-2023-6252

Path traversal vulnerability in Chalemelon Power framework, affecting the getImage parameter. This vulnerability could allow a remote user to read files located on the server and gain access to sensitive information such as configuration files...

VulnCheck KEV: CVE-2022-31793

dorequest in request.c in muhttpd before 1.1.7 allows remote attackers to read arbitrary files by constructing a URL with a single character before a desired path on the filesystem. This occurs because the code skips over the first character when serving files. Arris NVG443, NVG599, NVG589,...

CVE-2023-46864

Peppermint Ticket Management through 0.2.4 allows remote attackers to read arbitrary files via a /api/v1/ticket/1/file/download?filepath=../ POST request...

CVE-2023-46863

Peppermint Ticket Management before 0.2.4 allows remote attackers to read arbitrary files via a /api/v1/users/file/download?filepath=./../ POST request...

CVE-2023-46864

Peppermint Ticket Management through 0.2.4 allows remote attackers to read arbitrary files via a /api/v1/ticket/1/file/download?filepath=../ POST request...

PT-2023-30061 · Opencrx · Opencrx

Name of the Vulnerable Software and Affected Versions: openCRX version 5.2.2 Description: An issue in openCRX allows a remote attacker to read internal files and execute server side request forgery attacks via insecure DocumentBuilderFactory. Additionally, it is possible for a remote attacker to...

CVE-2023-46502

An issue in openCRX v.5.2.2 allows a remote attacker to read internal files and execute server side request forgery attack via insecure DocumentBuilderFactory...

Peppermint Security Vulnerabilities

Peppermint is an open source ticket management system from Peppermint Labs. A security vulnerability exists in Peppermint Ticket Management versions prior to 0.2.4. A remote attacker could exploit this vulnerability by passing /api/v1/users/file/download?filepath=. /... /.../ POST request to read...

CVE-2023-46315

The zanllp sd-webui-infinite-image-browsing aka Infinite Image Browsing extension before 977815a for stable-diffusion-webui aka Stable Diffusion web UI, if Gradio authentication is enabled without secret key configuration, allows remote attackers to read any local file via /file?path= in the URL,...

PT-2023-29956 · Unknown · Sd-Webui-Infinite-Image-Browsing

Name of the Vulnerable Software and Affected Versions: sd-webui-infinite-image-browsing extension versions before 977815a Description: The issue allows remote attackers to read any local file via the "/file?path=" endpoint in the URL, as demonstrated by reading /proc/self/environ to discover...

CVE-2023-46315

The CVE-2023-46315 issue affects the sd-webui-infinite-image-browsing extension for stable-diffusion-webui up to version 977815a. If Gradio authentication is enabled without a secret key, an unauthenticated remote attacker can read local files via the /file?path= endpoint, with demonstrations inc...

CVE-2023-44962

File Upload vulnerability in Koha Library Software 23.05.04 and before allows a remote attacker to read arbitrary files via the upload-cover-image.pl component...

CVE-2022-47892

All versions of NetMan 204 could allow an unauthenticated remote attacker to read a file config.cgi containing sensitive information, like credentials...

CVE-2023-41740

Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in cgi component in Synology Router Manager SRM before 1.3.1-9346-6 allows remote attackers to read specific files via unspecified vectors...

PT-2023-8890 · Ray · Ray

Name of the Vulnerable Software and Affected Versions: Ray affected versions not specified Description: The issue is related to incorrect restriction of a directory path with limited access in the Ray framework for scaling AI and Python applications. This can be exploited by a remote attacker to...

CVE-2021-4324

Insufficient policy enforcement in Google Update in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to read arbitrary files via a malicious file. Chromium security severity: Medium...

CVE-2023-2880

Frauscher Sensortechnik GmbH FDS001 for FAdC/FAdCi v1.3.3 and all previous versions are vulnerable to a path traversal vulnerability of the web interface by a crafted URL without authentication. This enables an remote attacker to read all files on the filesystem of the FDS001 device...