PT-2018-16138 · Node.Js · Node-Srv

Name of the Vulnerable Software and Affected Versions: node-srv versions prior to 2.1.1 Description: The node-srv node module has a Path Traversal issue due to a lack of validation of the url, allowing a malicious user to read the content of any file with a known path. This enables a remote...

SearchBlox XML External Entity Injection Vulnerability

SearchBlox is the U.S. SearchBlox company a set of open source and free of charge based on Lucene full-text search engine toolkit to build enterprise search and analytics solutions. The program provides a Web-based management interface , you can manage the entire search system . An XML external...

Luracast Restler Directory Traversal Vulnerability

Restler is a support for multiple protocols used to publish PHP classes and methods into a REST API open source framework . A directory traversal vulnerability exists in the public/examples/resources/getsource.php page of Luracast Restler used in the restler extension of TYPO3. A remote tele...

IceWarp Mail Server Path Traversal Vulnerability

IceWarp Mail Server is a mail server product from IceWarp USA. The product supports email archiving, SmartAttach attachments, automatic migration and more. A directory traversal vulnerability exists in IceWarp Mail Server versions prior to 11.2. A remote attacker can exploit this vulnerability by...

Geist WatchDog Console XML External Entity Injection Vulnerability

Geist WatchDog Console is a suite of environmental monitoring software from Geist USA. An XML external entity injection vulnerability exists in Geist WatchDog Console version 3.2.2. A remote attacker can exploit this vulnerability to read arbitrary files with specially crafted XML data...

CVE-2018-10201

An issue was discovered in NcMonitorServer.exe in NC Monitor Server in NComputing vSpace Pro 10 and 11. It is possible to read arbitrary files outside the root directory of the web server. This vulnerability could be exploited remotely by a crafted URL without credentials, with .../ or ...\ or...

AppearTV XC5000 and XC5100 File Read Vulnerability

The AppearTV XC5000 and XC5100 are both versatile, carrier-grade broadcast devices from AppearTV Norway. A security vulnerability exists in the AppearTV XC5000 and XC5100 using firmware version 3.26.217. An attacker could send a specially crafted HTTP request to a web server running Maintenance...

PT-2018-5687 · Red Hat · Cockpit

Name of the Vulnerable Software and Affected Versions: Cockpit version 0.13.0 Description: The issue allows remote attackers to read arbitrary files or send TCP traffic to intranet hosts. This is related to the use of the discontinued aheinze/fetch url contents component, specifically via the url...

Design/Logic Flaw

In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\TplAction.class.php allows remote attackers to read any file via a modified pathname in an Admin-Tpl request, as demonstrated by use of '|' instead of '/' as a directory separator, in conjunction with a ".." sequence...

Node.js third-party modules: Bypass to defective fix of Path Traversal

I would like to report a Path Traversal vulnerability in localhost-now. It allows to read arbitrary files on the server. This is a bypass on the mitigation of 312889 . Module module name: localhost-now version: 1.0.2 npm page: https://www.npmjs.com/package/localhost-now Module Description Am I th...

CVE-2018-9010

Intelbras TELEFONE IP TIP200/200 LITE 60.0.75.29 devices allow remote authenticated admins to read arbitrary files via the /cgi-bin/cgiServer.exx page parameter, aka absolute path traversal. In some cases, authentication can be achieved via the admin account with its default admin password...

CVE-2018-8947

rap2hpoutre Laravel Log Viewer before v0.13.0 relies on Base64 encoding for l, dl, and del requests, which makes it easier for remote attackers to bypass intended access restrictions, as demonstrated by reading arbitrary files via a dl request...

CVE-2018-1200

Apps Manager for PCF Pivotal Application Service 1.11.x before 1.11.26, 1.12.x before 1.12.14, and 2.0.x before 2.0.5 allows unprivileged remote file read in its container via specially-crafted links...

CVE-2018-1200

Apps Manager for PCF Pivotal Application Service 1.11.x before 1.11.26, 1.12.x before 1.12.14, and 2.0.x before 2.0.5 allows unprivileged remote file read in its container via specially-crafted links...

CVE-2018-1200

Apps Manager for PCF Pivotal Application Service 1.11.x before 1.11.26, 1.12.x before 1.12.14, and 2.0.x before 2.0.5 allows unprivileged remote file read in its container via specially-crafted links...

CVE-2017-1741

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console panel fields. When exploited an attacker could read files on the file system. IBM X-Force ID: 134931...

IBM WebSphere Application Server Information Disclosure Vulnerability (CNVD-2018-06842)

IBM WebSphere Application Server WAS is an application server product developed and distributed by IBM in the U.S. It is a platform for Java EE and Web services applications, and is the foundation of the IBM WebSphere software platform. A security vulnerability exists in IBM WAS that stems from t...

CVE-2018-6871

LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function...

Design/Logic Flaw

Marked 2 through 2.5.11 allows remote attackers to read arbitrary files via a crafted HTML document that triggers a redirect to an x-marked://preview?text= URL. The value of the text parameter can include arbitrary JavaScript code, e.g., making XMLHttpRequest calls...

CVE-2018-6806

Marked 2 through 2.5.11 allows remote attackers to read arbitrary files via a crafted HTML document that triggers a redirect to an x-marked://preview?text= URL. The value of the text parameter can include arbitrary JavaScript code, e.g., making XMLHttpRequest calls...