CVE-2021-23195

Fresenius Kabi Vigilant Software Suite Mastermed Dashboard version 2.0.1.3 has the option for automated indexing directory listing activated. When accessing a directory, a web server delivers its entire content in HTML form. If an index file does not exist and directory listing is enabled, all...

Sysaid Technologies SysAid has an unspecified vulnerability

Sysaid Technologies SysAid is an IT service management solution from the Israeli company SysAid Technologies Sysaid Technologies.A security vulnerability exists in SysAid ITIL, which could be exploited by an attacker to copy arbitrary files on the server file system to the Web root via the HTTP...

CVE-2022-21863

Windows StateRepository API Server file Elevation of Privilege Vulnerability...

CVE-2022-21863

Windows StateRepository API Server file Elevation of Privilege Vulnerability...

CVE-2021-43566

CVE-2021-43566 affects Samba up to version 4.13.15 (all versions prior to 4.13.16). A malicious client can exploit a race between SMB1 or NFS paths to create a directory in a server filesystem area that is not exported under the share definition. SMB1 must be enabled (or the share accessible via ...

CVE-2021-43566

All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to allow a directory to be created in an area of the server file system not exported under the share definition. Note that SMB1 has to be enabled, or the share also available via NFS in order for...

Sysaid Technologies SysAid 安全漏洞

Sysaid Technologies SysAid is an IT service management solution from the Israeli company SysAid Technologies Sysaid Technologies.A security vulnerability exists in SysAid ITIL, which could be exploited by an attacker to copy arbitrary files on the server file system to the Web root via the HTTP...

Fresenius Kabi Agilia Connect Infusion System 信息泄露漏洞

Fresenius Kabi Agilia Connect Infusion System is an infusion system from the German company Fresenius Kabi.The Fresenius Kabi Agilia Connect Infusion System is vulnerable to information disclosure, which could be exploited by attackers to identify and access files on the server...

rConfig Information Disclosure Vulnerability (CNVD-2021-99276)

rConfig is an open source network device configuration management utility . An information disclosure vulnerability exists in rConfig version 3.9.6. An attacker can exploit this vulnerability to download any file on the server...

rConfig 信息泄露漏洞

rConfig is an open source network device configuration management utility . An information disclosure vulnerability exists in rConfig version 3.9.6. An attacker can exploit this vulnerability to download any file on the server...

OS4Ed OpenSIS 路径遍历漏洞

OS4Ed OpenSIS is OS4Ed's commercial grade, secure, scalable and intuitive student information system, school management software. With all the features to run single or multiple organizations in one installation. Web-based, php code, MySQL database. A path traversal vulnerability exists in OS4Ed...

IBM Sterling File Gateway 信息泄露漏洞

IBM Sterling File Gateway is a suite of file transfer software from IBM Corporation. The software integrates different file transfer activity centers and helps file-based data to be securely exchanged over the Internet.An information disclosure vulnerability exists in IBM Sterling File Gateway,...

Moodle 信息泄露漏洞

Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment. An information disclosure vulnerability exists in Moodle that stems from insufficient escaping of LaTeX leading codes. A remote...

CVE-2021-40966

A Stored XSS exists in TinyFileManager All version up to and including 2.4.6 in /tinyfilemanager.php when the server is given a file that contains HTML and javascript in its name. A malicious user can upload a file with a malicious filename containing javascript code and it will run on any user...

UBUNTU-CVE-2021-39371

An XML external entity XXE injection in PyWPS before 4.4.5 allows an attacker to view files on the application server filesystem by assigning a path to the entity. OWSLib 0.24.1 may also be affected...

PYSEC-2021-121

An XML external entity XXE injection in PyWPS before 4.5.0 allows an attacker to view files on the application server filesystem by assigning a path to the entity. OWSLib 0.24.1 may also be affected...

CVE-2021-36123

An issue was discovered in Echo ShareCare 8.15.5. The TextReader feature in General/TextReader/TextReader.cfm is susceptible to a local file inclusion vulnerability when processing remote input in the textFile parameter from an authenticated user, leading to the ability to read arbitrary files on...

CVE-2021-32752

Ether Logs is a package that allows one to check one's logs in the Craft 3 utilities section. A vulnerability was found in versions prior to 3.0.4 that allowed authenticated admin users to access any file on the server. The vulnerability has been fixed in version 3.0.4. As a workaround, one may...

Design/Logic Flaw

Ether Logs is a package that allows one to check one's logs in the Craft 3 utilities section. A vulnerability was found in versions prior to 3.0.4 that allowed authenticated admin users to access any file on the server. The vulnerability has been fixed in version 3.0.4. As a workaround, one may...

Ether Logs 信息泄露漏洞

Ether Logs is a software package. A security vulnerability in versions of Ether Logs prior to 3.0.4 allows an authenticated administrator user to access any file on the server...