DEBIAN-CVE-2019-12921

In GraphicsMagick before 1.3.32, the text filename component allows remote attackers to read arbitrary files via a crafted image because of TranslateTextEx for SVG...

UBUNTU-CVE-2019-12921

In GraphicsMagick before 1.3.32, the text filename component allows remote attackers to read arbitrary files via a crafted image because of TranslateTextEx for SVG...

CVE-2019-12921

In GraphicsMagick before 1.3.32, the text filename component allows remote attackers to read arbitrary files via a crafted image because of TranslateTextEx for SVG...

Adobe Discloses Dozens of Critical Photoshop, Acrobat Reader Flaws

Adobe has released out-of-band updates addressing critical vulnerabilities in its Photoshop and Acrobat Reader products, which if exploited could allow arbitrary code-execution. Overall, Adobe on Wednesday patched flaws tied to 41 CVEs across its products, 29 of which were critical in severity. T...

Adobe Discloses Dozens of Critical Photoshop, Acrobat Reader Flaws

Adobe has released out-of-band updates addressing critical vulnerabilities in its Photoshop and Acrobat Reader products, which if exploited could allow arbitrary code-execution. Overall, Adobe on Wednesday patched flaws tied to 41 CVEs across its products, 29 of which were critical in severity. T...

tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability

CVE-2020-1938 is a file read/inclusion vulnerability in the AJP connector in Apache Tomcat. This is enabled by default with a default configuration port of 8009. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instance...

CVE-2020-8540

An XML external entity XXE vulnerability in Zoho ManageEngine Desktop Central before the 07-Mar-2020 update allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery SSRF attacks via a crafted DTD in an XML request...

GhostCat: New High-Risk Vulnerability Affects Servers Running Apache Tomcat

If your web server is running on Apache Tomcat, you should immediately install the latest available version of the server application to prevent hackers from taking unauthorized control over it. Yes, that's possible because all versions 9.x/8.x/7.x/6.x of the Apache Tomcat released in the past 13...

CVE-2014-2052

Zend Framework, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity XXE attack...

UBUNTU-CVE-2020-7914

In JetBrains IntelliJ IDEA 2019.2, an XSLT debugger plugin misconfiguration allows arbitrary file read operations over the network. This issue was fixed in 2019.3...

Directory traversal

Directory traversal vulnerability in agetlog.cgi in Polycom HDX Video End Points before 3.0.4 and UC APL before 2.7.1.J allows remote attackers to read arbitrary files via a .. dot dot in the name parameter...

CVE-2014-5238

XML external entity XXE vulnerability in Open-Xchange OX AppSuite before 7.4.2-rev11 and 7.6.x before 7.6.0-rev9 allows remote attackers to read arbitrary files and possibly other unspecified impact via a crafted OpenDocument Text document...

XXE Injection Vulnerability in UsualToolCMS Frontend

UsualToolCMS UTCMS is an enterprise web content management system CMS based on PHP and MySQL. An XXE injection vulnerability exists in the frontend of UsualToolCMS. An attacker can exploit the vulnerability to remotely read arbitrary files on the server...

CVE-2019-6113

Directory traversal vulnerability on ONKYO TX-NR686 1030-5000-1040-0010 A/V Receiver devices allows remote attackers to read arbitrary files via a .. dot dot and %2f to the default URI...

CVE-2019-11603

A HTTP Traversal Attack in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.0.2 allows remote attackers to read files outside the http root...

CVE-2019-13358

lib/DocumentToText.php in OpenCats before 0.9.4-3 has XXE that allows remote users to read files on the underlying operating system. The attacker must upload a file in the docx or odt format...

Format string

lib/DocumentToText.php in OpenCats before 0.9.4-3 has XXE that allows remote users to read files on the underlying operating system. The attacker must upload a file in the docx or odt format...

CVE-2019-6715

pub/sns.php in the W3 Total Cache plugin before 0.9.4 for WordPress allows remote attackers to read arbitrary files via the SubscribeURL field in SubscriptionConfirmation JSON data...

CVE-2019-6715

The CVE concerns WordPress W3 Total Cache plugin versions before 0.9.4, where an unauthenticated attacker can read arbitrary files via the SubscribeURL field in SubscriptionConfirmation JSON data, targeting the pub/sns.php endpoint. Technical details from connected documents specify an unauthenti...

PHPSHE XML External Entity Injection Vulnerability

Lingbao Jane Hao Network Technology PHPSHE is an online shopping mall system of China Lingbao Jane Hao Network Technology Company. The system supports express tracking, online chat, order evaluation and statistics and other functions. An XML external entity injection vulnerability exists in Lingb...