Directory Traversal Vulnerability in ThinkAdmin v6

ThinkAdmin is a backend management framework based on the latest ThinkPHP V6 development, open source using the MIT protocol. ThinkAdmin v6 has a directory traversal vulnerability. Attackers can use the vulnerability through the POST request rules parameter to exploit the vulnerability to read...

ThinkAdmin Directory Traversal Vulnerability

ThinkAdmin is a backend management framework based on the latest ThinkPHP V6 development, open source using the MIT protocol. ThinkAdmin v6 has a directory traversal vulnerability. Attackers can use the GET request encode parameter to exploit the vulnerability to read arbitrary files on a remote...

CVE-2020-25540

ThinkAdmin v6 is affected by a directory traversal vulnerability. An unauthorized attacker can read arbitrarily file on a remote server via GET request encode parameter...

CVE-2020-5614

Directory traversal vulnerability in KonaWiki 3.1.0 and earlier allows remote attackers to read arbitrary files via unspecified vectors...

Cisco SD-WAN vManage Software Backlink Vulnerability

Cisco SD-WAN vManage Software is a management software for SD-WAN Software Defined Wide Area Network solutions from Cisco. A back-link vulnerability exists in the web management interface in Cisco SD-WAN vManage Software versions prior to 19.2.3, which stems from the program's failure to adequate...

CVE-2020-15050

An issue was discovered in the Video Extension in Suprema BioStar 2 before 2.8.2. Remote attackers can read arbitrary files from the server via Directory Traversal...

PT-2020-14145 · Suprema · Suprema Biostar 2

Name of the Vulnerable Software and Affected Versions: Suprema BioStar 2 versions prior to 2.8.2 Description: An issue in the Video Extension allows remote attackers to read arbitrary files from the server via Directory Traversal. This enables unauthorized access to sensitive information on the...

tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability

CVE-2020-1938 is a file read/inclusion vulnerability in the AJP connector in Apache Tomcat. This is enabled by default with a default configuration port of 8009. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instance...

tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability

CVE-2020-1938 is a file read/inclusion vulnerability in the AJP connector in Apache Tomcat. This is enabled by default with a default configuration port of 8009. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instance...

CVE-2020-12443

BigBlueButton before 2.2.6 allows remote attackers to read arbitrary files because the presfilename lowercase value can be a .pdf filename while the presFilename mixed case value has a ../ sequence. This can be leveraged for privilege escalation via a directory traversal to...

CVE-2019-3942

Advantech WebAccess 8.3.4 does not properly restrict an RPC call that allows unauthenticated, remote users to read files. An attacker can use this vulnerability to recover the administrator password...

CVE-2019-3942

Affected product : Advantech WebAccess 8.3.4. Vulnerability : An access-control error in a remote procedure call (RPC) allows unauthenticated, remote users to read files. Root cause: insufficient restriction on RPC calls leading to exposure of sensitive files; attacker could recover the administr...

CVE-2020-3761

ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a remote file read vulnerability. Successful exploitation could lead to arbitrary file read from the coldfusion install directory...

CVE-2020-3761

ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a remote file read vulnerability. Successful exploitation could lead to arbitrary file read from the coldfusion install directory...

Design/Logic Flaw

ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a remote file read vulnerability. Successful exploitation could lead to arbitrary file read from the coldfusion install directory...

CVE-2020-3761

CVE-2020-3761 affects Adobe ColdFusion 2016 and 2018, enabling remote file read from the ColdFusion install directory (arbitrary file read). According to NVD, CVSSv3.1 base score 7.5 (HIGH), with network access and no authentication required (no user interaction). Remediation: patch/update per AP...

CVE-2020-3761

ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a remote file read vulnerability. Successful exploitation could lead to arbitrary file read from the coldfusion install directory...

Adobe ColdFusion 2016.x < 2016u14 / 2018.x < 2018u8 Multiple Vulnerabilities (APSB20-16)

The version of Adobe ColdFusion installed on the remote Windows host is prior to 2016.x update 14 or 2018.x update 8. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB20-16 advisory. - Remote file read potentially leading to Arbitrary file read from the Coldfusion...

GraphicsMagick text filename component information disclosure vulnerability

GraphicsMagick is a simple set of image processing tools. The tool provides resizing, rotating, highlighting and other functions to images. A security vulnerability exists in the text filename component of GraphicsMagick versions prior to 1.3.32. The vulnerability can be exploited by a remote...

Adobe ColdFusion Remote File Read Vulnerability

Adobe ColdFusion is a commercial rapid application development platform. A remote file read vulnerability exists in Adobe ColdFusion. An attacker can use this vulnerability to read arbitrary files from the Coldfusion installation directory...