CVE-2023-1864 FANUC ROBOGUIDE-HandlingPRO Path Traversal

FANUC ROBOGUIDE-HandlingPRO Versions 9 Rev.ZD and prior is vulnerable to a path traversal, which could allow an attacker to remotely read files on the system running the affected software...

FANUC ROBOGUIDE 路径遍历漏洞

FANUC ROBOGUIDE is a robot simulation software from FANUC, Japan. A path traversal vulnerability exists in FANUC ROBOGUIDE-HandlingPRO 9 Rev. ZD and prior versions that could allow an attacker to remotely read files on a system running the affected software...

PT-2023-18552 · Atlassian · Confluence

Name of the Vulnerable Software and Affected Versions: Atlassian Confluence Server affected versions not specified Description: The issue allows remote attackers with read permissions to a page, but not write permissions, to upload attachments. This is due to a Broken Access Control vulnerability...

CVE-2023-20183

Multiple vulnerabilities in the API of Cisco DNA Center Software could allow an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as the root user. For more information about these...

PT-2023-23677 · Ghost · Ghost

Name of the Vulnerable Software and Affected Versions: Ghost versions prior to 5.42.1 Description: The issue allows remote attackers to read arbitrary files within the active theme's folder via directory traversal using the /assets/built%2F..%2F..%2F/ endpoint. This occurs in the...

CVE-2022-3843

In WAGO Unmanaged Switch 852-111/000-001 in firmware version 01 an undocumented configuration interface without authorization allows an remote attacker to read system information and configure a limited set of parameters...

SUSE CVE-2006-6104

The System.Web class in the XSP for ASP.NET server 1.1 through 2.0 in Mono does not properly verify local pathnames, which allows remote attackers to 1 read source code by appending a space %20 to a URI, and 2 read credentials via a request for Web.Config%20...

SUSE CVE-2007-1460

The zip:// URL wrapper provided by the PECL zip extension in PHP before 4.4.7, and 5.2.0 and 5.2.1, does not implement safemode or openbasedir checks, which allows remote attackers to read ZIP archives located outside of the intended directories...

SUSE CVE-2007-5742

Directory traversal vulnerability in the WML engine preprocessor for Wesnoth 1.2.x before 1.2.8, and 1.3.x before 1.3.12, allows remote attackers to read arbitrary files via ".." sequences in unknown vectors...

SUSE CVE-2008-0418

Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8, when using "flat" addons, allows remote attackers to read arbitrary Javascript, image, and stylesheet files via the chrome: URI scheme, as demonstrated by stealing sessio...

SUSE CVE-2008-3078

Opera before 9.51 does not properly manage memory within functions supporting the CANVAS element, which allows remote attackers to read uninitialized memory contents by using JavaScript to read a canvas image...

SUSE CVE-2008-5301

Directory traversal vulnerability in the ManageSieve implementation in Dovecot 1.0.15, 1.1, and 1.2 allows remote attackers to read and modify arbitrary .sieve files via a ".." dot dot in a script name...

SUSE CVE-2010-1416

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly restrict the reading of a canvas that contains an SVG image pattern from a different web site, which allows remote attackers to read images from other sites via a crafte...

SUSE CVE-2010-3304

The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to newly created mailboxes in certain configurations, which might allow remote attackers to read mailboxes that have unintended weak ACLs...

SUSE CVE-2011-2367

The WebGL implementation in Mozilla Firefox 4.x through 4.0.1 does not properly restrict read operations, which allows remote attackers to obtain sensitive information from GPU memory associated with an arbitrary process, or cause a denial of service application crash, via unspecified vectors...

SUSE CVE-2011-3375

Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by readin...

SUSE CVE-2012-1171

The libxml RSHUTDOWN function in PHP 5.x allows remote attackers to bypass the openbasedir protection mechanism and read arbitrary files via vectors involving a streamclose method call during use of a custom stream wrapper...

SUSE CVE-2012-3521

Multiple directory traversal vulnerabilities in the cssgen contrib module in GeSHi before 1.0.8.11 allow remote attackers to read arbitrary files via a .. dot dot in the 1 geshi-path or 2 geshi-lang-path parameter...

SUSE CVE-2012-4196

Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 allow remote attackers to bypass the Same Origin Policy and read the Location object via a prototype property-injection attack that defeats...

SUSE CVE-2012-4510

cups-pk-helper before 0.2.3 does not properly wrap the 1 cupsGetFile and 2 cupsPutFile function calls, which allows user-assisted remote attackers to read or overwrite sensitive files using CUPS resources...