CVE-2018-20792

tecrail Responsive FileManager 9.13.4 contains a path traversal vulnerability in ajax_calls.php (get_file action). Insufficient sanitization of directory traversal characters allows remote attackers to read arbitrary files. The issue is documented across multiple sources (NVD/CVE entries and vend...

tecrail Responsive FileManager path traversal vulnerability (CNVD-2019-12900)

tecrail Responsive FileManager is an open source file manager written in PHP by the Italian company tecrail. The product supports the uploading and management of videos, images or other files. A path traversal vulnerability exists in the 'getfile' function of the ajaxcalls.php file in version...

VulnCheck KEV: CVE-2013-3739

Directory traversal vulnerability in editor.php in Network Weathermap 0.97c and earlier allows remote attackers to read arbitrary files via a .. dot dot in the mapname parameter in a showconfig action...

CVE-2019-5910

Directory traversal vulnerability in HOUSE GATE App for iOS 1.7.8 and earlier allows remote attackers to read arbitrary files via unspecified vectors...

Tebilisim Remote File Read Vulnerability

Exploit for php platform in category web applications This is private exploit. You can buy it at https://0day.today...

CVE-2019-6447

The ES File Explorer File Manager application through 4.1.9.7.4 for Android allows remote attackers to read arbitrary files or execute applications via TCP port 59777 requests on the local Wi-Fi network. This TCP port remains open after the ES application has been launched once, and responds to...

CVE-2019-5725

qibosoft through V7 allows remote attackers to read arbitrary files via the member/index.php main parameter, as demonstrated by SSRF to a URL on the same web site to read a .sql file...

CVE-2018-20571

DamiCMS 6.0.1 allows remote attackers to read arbitrary files via a crafted admin.php?s=Tpl/Add/id request, as demonstrated by admin.php?s=Tpl/Add/id/.\Public\Config\config.ini.php to read the global configuration file...

CVE-2018-20571

DamiCMS 6.0.1 allows remote attackers to read arbitrary files via a crafted admin.php?s=Tpl/Add/id request, as demonstrated by admin.php?s=Tpl/Add/id/.\Public\Config\config.ini.php to read the global configuration file...

CVE-2018-16475

The CVE-2018-16475 entry corresponds to a Path Traversal vulnerability in knightjs. The connected data shows that all versions of knightjs up to 0.0.1 are vulnerable due to lack of input validation, allowing an attacker to read arbitrary files on the server (e.g., via crafted URL paths such as .....

CVE-2018-18778

ACME minihttpd before 1.30 lets remote users read arbitrary files...

PT-2018-14591 · Phpyun · Phpyun

Name of the Vulnerable Software and Affected Versions: PHPYun version 4.6 Description: The issue allows remote attackers to read arbitrary files via directory traversal. This is possible through the function down sql action in the file /admin/model/database.class.php. The vulnerability can be...

GHSA-2FW5-RVF2-JQ56 Apache Camel's XSLT component allows remote attackers to read arbitrary files

The XSLT component in Apache Camel before 2.11.4 and 2.12.x before 2.12.3 allows remote attackers to read arbitrary files and possibly have other unspecified impact via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External...

CVE-2017-17762

XML external entity XXE vulnerability in Episerver 7 patch 4 and earlier allows remote attackers to read arbitrary files via a crafted DTD in an XML request involving util/xmlrpc/Handler.ashx...

GHSA-M2Q3-53FQ-7H66 Gollum Exposure of Sensitive Information

The Precious module in gollum before 4.0.1 allows remote attackers to read arbitrary files by leveraging the lack of a certain temporary-file check...

CVE-2018-11640

XML External Entity XXE vulnerability in the web service in Dialogic PowerMedia XMS before 3.5 SU2 allows remote attackers to read arbitrary files or cause a denial of service resource consumption...

CVE-2017-16859

The review attachment resource in Atlassian Fisheye and Crucible before version 4.3.2, from version 4.4.0 before 4.4.3 and before version 4.5.0 allows remote attackers to read files contained within context path of the running application through a path traversal vulnerability in the command...

CVE-2018-12631

Redatam7 formerly Redatam WebServer allows remote attackers to read arbitrary files via /redbin/rpwebutilities.exe/text?LFN=../ directory traversal...

CVE-2018-12631

CVE-2018-12631 affects Redatam7 (formerly Redatam WebServer). A path-traversal in the /redbin/rpwebutilities.exe/text?LFN=../ endpoint allows remote attackers to read arbitrary files. The vulnerability is reported across multiple feeds (including Red Hat and CNVD/NVD entries) with the core issue ...

CVE-2018-5755

Absolute path traversal vulnerability in the readerengine component in Open-Xchange OX App Suite before 7.6.3-rev3, 7.8.x before 7.8.2-rev4, 7.8.3 before 7.8.3-rev5, and 7.8.4 before 7.8.4-rev4 allows remote attackers to read arbitrary files via a full pathname in a formula in a spreadsheet...