WordPress MDC YouTube Downloader Plugin Directory Traversal Vulnerability

WordPress is a set of blogging platform developed by WordPress Software Foundation using PHP language, which supports setting up personal blog sites on servers with PHP and MySQL.MDC YouTube Downloader is one of the video download plugins. A path traversal vulnerability exists in version 2.1.0 of...

XXE Vulnerability in Microxia Online Learning Platform

Micro Xia Online Learning Platform is an online education system based on B/S architecture. XXE injection vulnerability exists in /Ajax/InResult.ashx, which can be exploited by an attacker to remotely read arbitrary files on the server...

Intellinet NFC-30ir IP Camera Directory Traversal Vulnerability

Intellinet NFC-30ir IP cameras are digital devices based on network transmission. A directory traversal vulnerability in the Intellinet NFC-30ir IP camera in LM.1.6.16.05 allows remote attackers to read arbitrary files via a request to a vendor-supplied CGI script used to read HTML text files...

CVE-2016-4320

Atlassian Bitbucket Server before 4.7.1 allows remote attackers to read the first line of an arbitrary file via a directory traversal attack on the pull requests resource...

PYSEC-2017-25

XML External Entity XXE vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response...

Code injection

The Management Web Interface in Palo Alto Networks PAN-OS before 6.1.16, 7.0.x before 7.0.13, and 7.1.x before 7.1.8 allows remote authenticated users to read arbitrary files via unspecified vectors...

CVE-2017-5583

The Management Web Interface in Palo Alto Networks PAN-OS before 6.1.16, 7.0.x before 7.0.13, and 7.1.x before 7.1.8 allows remote authenticated users to read arbitrary files via unspecified vectors...

CVE-2016-7135

Directory traversal vulnerability in Plone CMS 5.x through 5.0.6 and 4.2.x through 4.3.11 allows remote administrators to read arbitrary files via a .. dot dot in the path parameter in a getFile action to Plone/++theme++barceloneta/@@plone.resourceeditor.filemanager-actions...

PYSEC-2017-58

Directory traversal vulnerability in Plone CMS 5.x through 5.0.6 and 4.2.x through 4.3.11 allows remote administrators to read arbitrary files via a .. dot dot in the path parameter in a getFile action to Plone/++theme++barceloneta/@@plone.resourceeditor.filemanager-actions...

CVE-2016-9164

Directory traversal vulnerability in diag.jsp file in CA Unified Infrastructure Management formerly CA Nimsoft Monitor 8.4 SP1 and earlier and CA Unified Infrastructure Management Snap formerly CA Nimsoft Monitor Snap allows remote attackers to read arbitrary files via unspecified vectors...

CVE-2017-6344

XML External Entity XXE vulnerability in Grails PDF Plugin 0.6 allows remote attackers to read arbitrary files via a crafted XML document...

CVE-2017-6055

XML external entity XXE vulnerability in eParakstitajs 3 before 1.3.9 and eParaksts Java lib before 2.5.13 allows remote attackers to read arbitrary files or possibly have unspecified other impact via a crafted edoc file...

CVE-2016-2908

IBM Single Sign On for Bluemix could allow a remote attacker to obtain sensitive information, caused by a XML external entity XXE error when processing XML data by the XML parser. A remote attacker could exploit this vulnerability to read arbitrary files on the system or cause a denial of service...

CVE-2016-5212

CVE-2016-5212 affects Google Chrome/Chromium DevTools URLs that were insufficiently sanitized, enabling a remote attacker to read local files via a crafted HTML page. The issue is in the DevTools component of Chromium/Chrome prior to 55.0.2883.75 (desktop) and 55.0.2883.84 (Android). Impact is lo...

Malware exploit: Dakcomet

Dakcomet Kevin Breen - DarkComet From Defense To Offense - Identify your Attacker Slides POC by Shawn Denbow and Jesse Herts Wikipedia Vulnerabilities Remote file read Data base poisoning SQL injection DarkComet ToolKit DarkComet Metasploit Module Last updated on 14th Jan 2017 None...

ForgeRock OpenAM - Access Management XML External Entity Injection Vulnerability

ForgeRock OpenAM - Access Management is the United States ForgeRock company's set of open source single sign-on framework SSO, which provides a core identity services Core Server to achieve a transparent single sign-on in a network architecture such as centralized, distributed single sign-on. An...

CVE-2016-10097

XML External Entity XXE Vulnerability in /SSOPOST/metaAlias/%realm%/idpv2 in OpenAM - Access Management 10.1.0 allows remote attackers to read arbitrary files via the SAMLRequest parameter...

CVE-2016-7460

The Single Sign-On feature in VMware vCenter Server 5.5 before U3e and 6.0 before U2a and vRealize Automation 6.x before 6.2.5 allows remote attackers to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in conjunction with an entity...

PT-2016-3610 · Apache · Apache Tika Server

Name of the Vulnerable Software and Affected Versions: Apache Tika server aka tika-server version 1.9 Description: The issue allows remote attackers to read arbitrary files via the HTTP fileUrl header. This is possible when Apache Tika is used as a web service, enabling a 3rd party to pass a...

CVE-2016-6408

Cisco Prime Home 5.2.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue, aka Bug ID CSCvb17814...