CVE-2021-29084

Improper neutralization of special elements in output used by a downstream component 'Injection' vulnerability in Security Advisor report management component in Synology DiskStation Manager DSM before 6.2.3-25426-3 allows remote attackers to read arbitrary files via unspecified vectors...

CVE-2021-32954

Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to a directory traversal, which may allow an attacker to remotely read arbitrary files on the file system...

Directory traversal

Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to a directory traversal, which may allow an attacker to remotely read arbitrary files on the file system...

PT-2021-7879 · Google +1 · Google Chrome +1

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 90.0.4430.93 Description: The issue is related to insufficient policy enforcement in the Google Update component of Google Chrome, allowing a remote attacker to read arbitrary files via a malicious file. This c...

CVE-2021-20023

SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to read an arbitrary file on the remote host...

VulnCheck KEV: CVE-2021-20023

SonicWall Email Security contains a path traversal vulnerability that allows a post-authenticated attacker to read files on the remote host. This vulnerability has known usage in a SonicWall Email Security exploit chain along with CVE-2021-20021 and CVE-2021-20022 to achieve privilege escalation...

VulnCheck KEV: CVE-2016-3976

SAP NetWeaver Application Server Java Platforms contains a directory traversal vulnerability via a ..\ dot dot backslash in the fileName parameter to CrashFileDownloadServlet. This allows remote attackers to read files...

CVE-2021-25158

A remote arbitrary file read vulnerability was discovered in some Aruba Instant Access Point IAP products in versions: Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant...

CVE-2021-25157

A remote arbitrary file read vulnerability was discovered in some Aruba Instant Access Point IAP products in versions: Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba...

Aruba Access Points 输入验证错误漏洞

Aruba Access Points is a wireless network from Aruba USA. It provides Internet access. A security vulnerability exists in Aruba Instant Access Points, which can be exploited by an attacker to remotely read arbitrary files. The following products and versions are affected: Aruba Instant 6.4.x:...

Aruba Access Points 竞争条件问题漏洞

Aruba Access Points is a wireless network from Aruba USA. It provides Internet access. A security vulnerability exists in Aruba Instant Access Points, which can be exploited by an attacker to remotely read arbitrary files. The following products and versions are affected: Aruba Instant 6.5.x:...

USN-4848-1 mini-httpd vulnerability

It was discovered that ACME minihttpd did not properly handle HTTP GET requests with empty headers. A remote attacker could use this vulnerability to read arbitrary files...

EPrints 操作系统命令注入漏洞

EPrints is a free open source software package for building open access repositories compliant with the OAI-PMH protocol. An arbitrary file read vulnerability exists in EPrints 3.4.2. A remote attacker can exploit this vulnerability by entering a specially crafted LaTeX into cgi/latex2png?latex=...

CVE-2020-29166

PacsOne Server PACS Server In One Box below 7.1.1 is affected by file read/manipulation, which can result in remote information disclosure...

Exploit for Improper Input Validation in Cisco Adaptive_Security_Appliance_Software

PoC exploit for CVE-2020-3452, an unauthorized remote file reading vulnerability in Cisco Adaptive Security Appliance and FTD Software. The exploit uses Shodan to scan for vulnerable targets, then attempts to exploit the vulnerability by sending crafted HTTP requests to the identified targets. Th...

Cassandra Web 0.5.0 - Remote File Read

Exploit Title: Cassandra Web 0.5.0 - Remote File Read Date: 12-28-2020 Exploit Author: Jeremy Brown Vendor Homepage: https://github.com/avalanche123/cassandra-web Software Link: https://rubygems.org/gems/cassandra-web/versions/0.5.0 Version: 0.5.0 Tested on: Linux !/usr/bin/python -- coding: UTF-...

Cassandra Web 0.5.0 Remote File Read

!/usr/bin/python -- coding: UTF-8 -- cassmoney.py Cassandra Web 0.5.0 Remote File Read Exploit Jeremy Brown jbrown3264/gmail Dec 2020 Cassandra Web is vulnerable to directory traversal due to the disabled Rack::Protection module. Apache Cassandra credentials are passed via the CLI in order for th...

Atlassian JIRA Server Injection Vulnerability

Atlassian JIRA Server is the server version of a defect tracking management system from Atlassian Australia. The system is mainly used for tracking and managing various types of issues and defects in the workplace. An injection vulnerability exists in versions prior to Jira 7.1.15, which allows...

VulnCheck KEV: CVE-2015-2067

Directory traversal vulnerability in web/ajaxpluginconf.php in the MAGMI aka Magento Mass Importer plugin for Magento Server allows remote attackers to read arbitrary files via a .. dot dot in the file parameter...

tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability

CVE-2020-1938 is a file read/inclusion vulnerability in the AJP connector in Apache Tomcat. This is enabled by default with a default configuration port of 8009. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instance...