ASG technologies ASG-Zena Cross Platform Server Enterprise Edition 代码问题漏洞

ASG technologies ASG-Zena Cross Platform Server Enterprise Edition is a modern multi-platform workload automation solution from ASG technologies, Inc. An XML external entity injection vulnerability exists in ASG technologies ASG-Zena Cross Platform Server Enterprise Edition version 4.2.1, which...

GHSA-WV7G-XHVW-8HCP Apache Struts directory traversal vulnerability

Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f encoded dot dot slash in a URI with a /struts/ path, related to 1 FilterDispatcher in 2.0.x and 2 DefaultStaticContentLoader in 2.1...

GHSA-X8Q8-4HP5-463W Improper Limitation of a Pathname to a Restricted Directory in Elasticsearch

Directory traversal vulnerability in Elasticsearch before 1.4.5 and 1.5.x before 1.5.2, when a site plugin is enabled, allows remote attackers to read arbitrary files via unspecified vectors...

Improper Restriction of XML External Entity Reference in Apache POI

The OPC SAX setup in Apache POI before 3.10.1 allows remote attackers to read arbitrary files via an OpenXML file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...

Moodle Arbitrary File Read via XML External Entity vulnerability

mod/imscp/locallib.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to read arbitrary files via a package with a manifest file containing an XML external entity declaration in conjunction with an entity...

CVE-2021-30497

Ivanti Avalanche Premise 6.3.2 allows remote unauthenticated users to read arbitrary files via Absolute Path Traversal. The imageFilePath parameter processed by the /AvalancheWeb/image endpoint is not verified to be within the scope of the image folder, e.g., the attacker can obtain sensitive...

PTC Axeda agent 访问控制错误漏洞

PTC Axeda agent is an agent software from PTC. An access control error vulnerability exists in the PTC Axeda agent that could allow an unauthenticated, remote attacker to gain file system read privileges via a web server...

CVE-2022-23409

The Logs plugin before 3.0.4 for Craft CMS allows remote attackers to read arbitrary files via input to actionStream in Controller.php...

VulnCheck KEV: CVE-2015-7254

Directory traversal vulnerability on Huawei HG532e, HG532n, and HG532s devices allows remote attackers to read arbitrary files via a .. dot dot in an icon/ URI...

CVE-2021-37734

A remote unauthorized read access to files vulnerability was discovered in Aruba Instant versions: 6.4.x.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x.x: 6.5.4.19 and below; Aruba Instant 8.5.x.x: 8.5.0.12 and below; Aruba Instant 8.6.x.x: 8.6.0.11 and below; Aruba Instant 8.7.x.x: 8.7.1.3 a...

PT-2021-7668 · Adobe · Coldfusion

Name of the Vulnerable Software and Affected Versions: Adobe ColdFusion versions Update 14 and earlier and Update 4 and earlier Description: The issue is caused by improper input validation, which could result in arbitrary file system read. Exploitation of this issue does not require user...

Exploit for Path Traversal in Atlassian Jira_Data_Center

CVE-2021-26086 Atlassian Jira Server/Data Center 8.4.0 - Limit...

Atlassian Jira Server/Data Center 8.4.0 File Read

Exploit Title: Atlassian Jira Server/Data Center 8.4.0 - Limited Remote File Read/Include Date: 2021-10-05 Exploit Author: Mayank Deshmukh Vendor Homepage: https://www.atlassian.com/ Software Link: https://www.atlassian.com/software/jira/download/data-center Version: versions 8.5.14, 8.6.0 ≤...

Apache Jena 代码问题漏洞

Apache Jena is the United States Apache Apache Foundation of a Java Semantic Web framework. Used to build semantic Web and linked data applications. Apache Jena in versions prior to 4.1.0 there is an XML external entity injection vulnerability , the vulnerability stems from the network system or...

Exploit for CVE-2020-1938

This is a proof-of-concept PoC exploit for CVE-2020-1938, a vulnerability in Apache Tomcat's AJP protocol. The exploit is written in Python and utilizes the ajpy library to interact with the AJP protocol. The exploit targets the Local File Inclusion LFI vulnerability in Tomcat, allowing an attack...

Limited Remote File Read in Jira Software Server - CVE-2021-26086

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to read particular files via a path traversal vulnerability in the /WEB-INF/web.xml endpoint. The affected versions are before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1...

CVE-2015-2073

The File RepositoRy Server FRS CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to read arbitrary files via a full pathname, aka SAP Note 2018682...

CVE-2015-2073

The CVE-2015-2073 vulnerability affects SAP BusinessObjects Edge 4.0, specifically the File Repository Server (FRS) CORBA listener, which allows remote read access to arbitrary files via a full pathname. Root cause: unauthorized file read through CORBA interface without authentication; attacker n...

Atlassian Confluence Server 安全漏洞

Atlassian Confluence Server is the server version of a suite of collaboration software from Atlassian Australia with enterprise knowledge management capabilities and support for building enterprise WiKi. A security vulnerability exists in Atlassian Confluence Server that allows remote attackers t...

CVE-2021-29085

Improper neutralization of special elements in output used by a downstream component 'Injection' vulnerability in file sharing management component in Synology DiskStation Manager DSM before 6.2.3-25426-3 allows remote attackers to read arbitrary files via unspecified vectors...