Lucene search
K

116 matches found

Vulnrichment
Vulnrichment
added 2022/01/28 7:9 p.m.11 views

CVE-2021-31567 WordPress Download Monitor plugin <= 4.4.6 - Authenticated Arbitrary File Download vulnerability

Authenticated admin+ Arbitrary File Download vulnerability discovered in Download Monitor WordPress plugin versions = 4.4.6. The plugin allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the &downloadablefileurls0 parameter data. It's also...

6.8CVSS6.6AI score0.01391EPSS
Exploits0References3
Cvelist
Cvelist
added 2021/12/27 8:33 p.m.27 views

CVE-2020-20948

An arbitrary file download vulnerability in jeecg v3.8 allows attackers to access sensitive files via modification of the "localPath" variable...

7.5AI score0.01318EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2021/04/29 11:50 p.m.38 views

CVE-2021-22140

A flaw was found in Elastic Enterprise Search. An attacker, using an XML External Entity Injection XXE issue in the App Search web crawler, could craft a malicious sitemap.xml allowing the crawler to traverse the filesystem of the host running the instance and obtain sensitive files. The highest...

9.3CVSS3.9AI score0.0127EPSS
Exploits0References4
CNVD
CNVD
added 2021/04/13 12:0 a.m.7 views

Patreon WordPress Local File Disclosure Vulnerability

Patreon is a subscription-based crowdfunding platform and Patreon WordPress is a WordPress plugin for the platform. A local file disclosure vulnerability exists in Patreon WordPress versions prior to 1.7.0. An attacker can exploit the vulnerability to obtain internal files such as database...

7.5CVSS6.2AI score0.05879EPSS
Exploits1References1
CNVD
CNVD
added 2021/03/25 12:0 a.m.4 views

Information Leakage Vulnerability in LAC WEB Control Center of Shanghai Huanchuang Communication Technology Co.

Huntron Communications LAC is a WiFi product. Shanghai Huanchuang Communication Technology Co., Ltd LAC WEB control center has an information leakage vulnerability, attackers can download sensitive files to obtain sensitive information...

6.6AI score
Exploits0
CNVD
CNVD
added 2020/12/11 12:0 a.m.3 views

Arbitrary File Download Vulnerability in v2 Video Conferencing System

V2 for short is a high-tech enterprise focusing on Internet audio and video communication technology, and v2 video conference system is one of its video conference systems. v2 video conferencing system has an arbitrary file download vulnerability, attackers can use the vulnerability to download t...

7.1AI score
Exploits0
Huntr
Huntr
added 2020/08/17 12:0 a.m.13 views

Path Traversal in youngerheart/nodeserver

Overview nodeserver is a Achieve node server's domain name resolution and web application's router, this package is vulnerable to Directory Traversal, which may allow access to sensitive files and data on the server. For example, requesting the following URL: /../../etc/passwd would result in...

4.3AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2020/07/17 12:0 a.m.4 views

PT-2020-6146

Name of the Vulnerable Software and Affected Versions kramdown gem versions prior to 2.3.0 Description The issue exists due to the kramdown gem's failure to neutralize special elements, allowing a remote attacker to execute arbitrary code. This can lead to unintended read access or execution of...

10CVSS7.9AI score0.0456EPSS
Exploits1References47
OSV
OSV
added 2019/10/17 2:15 p.m.5 views

CVE-2019-14424

A Local File Inclusion LFI issue in the addon CUx-Daemon 1.11a of the eQ-3 Homematic CCU-Firmware 2.35.16 until 2.45.6 allows remote authenticated attackers to read sensitive files via a simple HTTP Request...

6.5CVSS6.7AI score0.01364EPSS
Exploits1References2
NVD
NVD
added 2019/02/17 3:29 a.m.20 views

CVE-2019-8389

A file-read vulnerability was identified in the Wi-Fi transfer feature of Musicloud 1.6. By default, the application runs a transfer service on port 8080, accessible by everyone on the same Wi-Fi network. An attacker can send the POST parameters downfiles and cur-folder with a crafted ../ payload...

8.1CVSS7.9AI score0.01459EPSS
Exploits1References1
CNVD
CNVD
added 2018/07/30 12:0 a.m.3 views

ZZZCMS website builder system suffers from overstepping access vulnerability

zzcms is asp language to do free open-source station-building system, mainly facing the majority of webmasters to use. ZZZCMS website builder system exists overstepping the right to access the vulnerability, the attacker can use the vulnerability overstepping the right to access sensitive files...

6.9AI score
Exploits0
Veracode
Veracode
added 2018/07/27 7:38 a.m.9 views

Path Traversal

github.com/openshift/osin is vulnerable to path traversal. The vulnerability exists because it does not properly validate the redirect URL, allowing access to sensitive files...

6.6AI score
Exploits0
OSV
OSV
added 2018/07/23 8:29 a.m.3 views

CVE-2018-14514

An SSRF vulnerability was discovered in idreamsoft iCMS V7.0.9 that allows attackers to read sensitive files, access an intranet, or possibly have unspecified other impact...

9.8CVSS5.8AI score0.01628EPSS
Exploits1References1
Prion
Prion
added 2018/07/23 8:29 a.m.15 views

Server side request forgery (ssrf)

An SSRF vulnerability was discovered in idreamsoft iCMS V7.0.9 that allows attackers to read sensitive files, access an intranet, or possibly have unspecified other impact...

7.5CVSS8.1AI score0.01628EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2018/07/23 8:0 a.m.42 views

CVE-2018-14514

The CVE-2018-14514 issue affects idreamsoft iCMS, specifically V7.0.9, with a server-side request forgery (SSRF) flaw that can let an attacker read sensitive files or access an intranet. Related entries (CVE-2018-14858) confirm the underlying cause: the remote function in app/spider/spider_tools....

9.8CVSS8AI score0.01628EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2017/07/27 6:29 p.m.24 views

CVE-2016-10399

Sendio versions before 8.2.1 were affected by a Local File Inclusion vulnerability that allowed an unauthenticated, remote attacker to read potentially sensitive system files via a specially crafted URL...

7.5CVSS7.5AI score0.01407EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2015/08/10 12:0 a.m.32 views

Mozilla Firefox ESR Security Bypass Vulnerability (Aug 2015) - Windows

Mozilla Firefox ESR is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

8.8CVSS8.7AI score0.70226EPSS
Exploits8References4
Exploit DB
Exploit DB
added 2015/03/12 12:0 a.m.39 views

Codiad 2.5.3 - Local File Inclusion

+Title: Codiad v2.5.3 - LFI Vulnerability +Author: TUNISIAN CYBER +Date: 12/03/2015 +Type:WebApp +Risk:High +Overview: Pie Register 2.x suffers, from a Local File Disclosure vulnerability. +Proof Of Concept: PHP ////////////////////////////////////////////////////////////////// // Run Download...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.9 views

Matt Wright FormHandler.cgi 2.0 Reply Attachment Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/799/info Any file that the FormHandler.cgi has read access to the cgi is typically run as user 'nobody' on Unix systems can be specified as an attachment in a reply email. This could allow an attacker to gain access to...

7.1AI score
Exploits0
0day.today
0day.today
added 2012/01/10 12:0 a.m.23 views

Pragyan CMS v 3.0 Remote File Disclosure

Exploit for php platform in category web applications Title Pragyan CMS v 3.0 = Remote File Disclosure Author Or4nG.M4n Download http://space.dl.sourceforge.net/project/pragyan/pragyan/3.0/PragyanCMS-v3.0-beta.tar.bz2 vuln download.lib.php line 16 vuln index.php line 234 $GET'fileget' exploit...

7.1AI score
Exploits0
Rows per page
Query Builder