Cisco Prime Home XML External Entity Injection Vulnerability

Cisco Prime Home is a standards-based remote management and configuration solution. An XML external entity injection vulnerability exists in the Web-Based user interface of Cisco Prime Home version 5.2.0. A remote attacker could exploit this vulnerability by sending a specially crafted XML file t...

CVE-2016-5664

Directory traversal vulnerability on Accellion Kiteworks appliances before kw2016.03.00 allows remote attackers to read files via a crafted URI...

DEBIAN-CVE-2016-5000

The XLSX2CSV example in Apache POI before 3.14 allows remote attackers to read arbitrary files via a crafted OpenXML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...

Xxe

The XLSX2CSV example in Apache POI before 3.14 allows remote attackers to read arbitrary files via a crafted OpenXML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...

CVE-2016-5000

The XLSX2CSV example in Apache POI before 3.14 allows remote attackers to read arbitrary files via a crafted OpenXML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...

CVE-2016-5000

The XLSX2CSV example in Apache POI before 3.14 allows remote attackers to read arbitrary files via a crafted OpenXML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...

Internet Bug Bounty: Incorrect logic in MySQL & MariaDB protocol leads to remote SSRF/Remote file read

Overview Wrong logic in realization of LOAD DATA LOCAL INFILE function leads to remote attacker can read files from server. Problem exists in many MySQL-drivers and frameworks, on many programming languages, like Python, Java, PHP etc. For exploitation this vulnerability we need to connect to our...

CVE-2016-5639

Directory traversal vulnerability in cgi-bin/login.cgi on Crestron AirMedia AM-100 devices with firmware before 1.4.0.13 allows remote attackers to read arbitrary files via a .. dot dot in the src parameter...

CVE-2016-1605

Directory traversal vulnerability in the ReportViewServlet servlet in the server in NetIQ Sentinel 7.4.x before 7.4.2 allows remote attackers to read arbitrary files via a PREVIEW value for the fileType field...

CVE-2016-5744

Siemens SIMATIC WinCC 7.0 through SP3 and 7.2 allows remote attackers to read arbitrary WinCC station files via crafted packets...

IBM InfoSphere Information Governance Catalog XXE Injection Vulnerability

IBM InfoSphere Information Governance Catalog IGC, formerly known as InfoSphere Business Information Exchange is a suite of solutions from IBM that provides comprehensive information integration capabilities and IT asset management. An XXE injection vulnerability exists in IBM InfoSphere IGC...

CVE-2016-4216

XMPCore in Adobe XMP Toolkit for Java before 5.1.3 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...

CVE-2016-4216

XMPCore in Adobe XMP Toolkit for Java before 5.1.3 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...

The vulnerability of the antivirus software Internet Security allows a hacker to read arbitrary files.

The vulnerability of the antivirus software Internet Security is related to the lack of protection for operational data. Exploiting this vulnerability allows a malicious actor to remotely read arbitrary files...

CVE-2016-1225

Trend Micro Internet Security 8 and 10 allows remote attackers to read arbitrary files via unspecified vectors...

CVE-2016-1183

NTT Data TERASOLUNA Server Framework for JavaWEB 2.0.0.1 through 2.0.6.1, as used in Fujitsu Interstage Business Application Server and other products, allows remote attackers to bypass a file-extension protection mechanism, and consequently read arbitrary files, via a crafted pathname...

CVE-2016-4532

Directory traversal vulnerability in the WAP interface in Trihedral VTScada formerly VTS 8.x through 11.x before 11.2.02 allows remote attackers to read arbitrary files via a crafted pathname...

ZeewaysCMS Multiple Vulnerabilities

ZeewaysCMS is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:zeewayscms:zeeway"; ifdescriptio...

CVE-2016-0288

IBM Security AppScan Standard 8.7.x, 8.8.x, and 9.x before 9.0.3.2 and Security AppScan Enterprise allow remote authenticated users to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE...

CVE-2016-4788

Pulse Connect Secure PCS 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r10, and 7.4 before 7.4r13.4 allow remote attackers to read an unspecified system file via unknown vectors...