The software of the centralized backup and disaster recovery management system of Dell PowerProtect Data Manager is vulnerable due to insufficient validation of input data. This allows attackers to read arbitrary files.

The vulnerability of the software for centralized backup and disaster recovery management in Dell PowerProtect Data Manager is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to read arbitrary files...

VulnCheck KEV: CVE-2011-3315

Directory traversal vulnerability in Cisco Unified Communications Manager CUCM 5.x and 6.x before 6.15SU2, 7.x before 7.15bSU2, and 8.x before 8.03, and Cisco Unified Contact Center Express aka Unified CCX or UCCX and Cisco Unified IP Interactive Voice Response Unified IP-IVR before 6.01SR1ES8,...

📄 Adobe ColdFusion 2023.6 Remote File Read

Adobe ColdFusion version 2023.6 suffers from a remote file read vulnerability. Exploit Title: Adobe ColdFusion 2023.6 - Remote File Read Exploit Author: @İbrahimsql Exploit Author's github: https://github.com/ibrahmsql Description: ColdFusion 2023 LUcee - Remote Code Execution CVE: CVE-2024-20767...

Adobe ColdFusion 2023.6 - Remote File Read

Exploit Title: Adobe ColdFusion 2023.6 - Remote File Read Exploit Author: @İbrahimsql Exploit Author's github: https://github.com/ibrahmsql Description: ColdFusion 2023 LUcee - Remote Code Execution CVE: CVE-2024-20767 Vendor Homepage: https://www.adobe.com/ Requirements: requests=2.25.0,...

The vulnerability of the ColdFusion software platform, related to errors in XML request processing, allows attackers to read arbitrary files.

The vulnerability of the ColdFusion software platform is related to errors in processing XML requests. Exploiting this vulnerability allows a malicious actor to read arbitrary files remotely...

The vulnerability in the web interface for controlling D-Link DSL-2730U, DSL-2750U, and DSL-2750E microprogramming device allows a hacker to read arbitrary files.

The vulnerability in the web interface for managing D-Link DSL-2730U, DSL-2750U, and DSL-2750E microprogramming routers is related to insufficient validation of input data during the processing of the getpage parameter for the webproc endpoint /cgi-bin/webproc. Exploiting this vulnerability allow...

CVE-2025-25265 Unauthenticated File Read via Web Interface

A web application for configuring the controller is accessible at a specific path. It contains an endpoint that allows a high privileged remote attacker to read files from the system’s file structure...

VulnCheck KEV: CVE-2016-2389

Directory traversal vulnerability in the GetFileList function in the SAP Manufacturing Integration and Intelligence xMII component 15.0 for SAP NetWeaver 7.4 allows remote attackers to read arbitrary files via a .. dot dot in the Path parameter to /Catalog, aka SAP Security Note 2230978...

CVE-2021-25157

A remote arbitrary file read vulnerability was discovered in some Aruba Instant Access Point IAP products in versions: Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba...

CVE-2021-25158

A remote arbitrary file read vulnerability was discovered in some Aruba Instant Access Point IAP products in versions: Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant...

CVE-2021-35975

Absolute path traversal vulnerability in the Systematica SMTP Adapter component up to v2.0.1.101 in Systematica Radius up to v.3.9.256.777 allows remote attackers to read arbitrary files via a full pathname in GET parameter "file" in URL. Also: affected components in same product - HTTP Adapter u...

CVE-2012-6531

1 ZendDom, 2 ZendFeed, and 3 ZendSoap in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 do not properly handle SimpleXMLElement classes, which allow remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC...

CVE-2012-4709

Invensys Wonderware InTouch HMI 2012 R2 and earlier allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via an XML document containing an external entity declaration in conjunction with an entity referenc...

CVE-2005-3080

contrib/example.php in GeSHi before 1.0.7.3 allows remote attackers to read arbitrary files via the language field without a source field set...

The vulnerability of the HTTP-Proxy software for network firewalls, the UserGate Next-Generation Firewall (NGFW), allows a hacker to read arbitrary files.

The vulnerability of the HTTP-Proxy software of the UserGate Next-Generation Firewall exists due to the lack of measures to check input data. Exploiting this vulnerability allows a remote attacker to read arbitrary files...

CVE-2025-1021

Missing authorization vulnerability in synocopy in Synology DiskStation Manager DSM before 7.1.1-42962-8, 7.2.1-69057-7 and 7.2.2-72806-3 allows remote attackers to read arbitrary files via unspecified vectors...

SUSE CVE-2010-4715

Multiple directory traversal vulnerabilities in the 1 WebAccess Agent and 2 Document Viewer Agent components in Novell GroupWise before 8.02HP allow remote attackers to read arbitrary files via unspecified vectors. NOTE: some of these details are obtained from third party information...

SUSE CVE-2012-0419

Directory traversal vulnerability in the agent HTTP interfaces in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 allows remote attackers to read arbitrary files via directory traversal sequences in a request...

PT-2025-16015 · Unknown +1 · Fusiondirectory +1

Name of the Vulnerable Software and Affected Versions: FusionDirectory versions prior to 1.5 Description: A path traversal vulnerability in FusionDirectory allows remote attackers to read arbitrary files on the host that end with .png and .svg or .xpm for some configurations via the icon paramete...

Linux Distros Unpatched Vulnerability : CVE-2014-3529

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The OPC SAX setup in Apache POI before 3.10.1 allows remote attackers to read arbitrary files via an OpenXML file containing an XML external entity declaration ...