JPress suffers from an XML entity injection vulnerability (CNVD-2021-30396)

JPress is a product developed using Java, similar to WordPress. JPress has an XML entity injection vulnerability that can be exploited by an attacker to read server files...

UBUNTU-CVE-2021-22201

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9. A specially crafted import file could read files on the server...

GitLab 安全漏洞

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to view the contents of a project's files, commit history, bug lists, and more. A security vulnerability exists in GitLab CE/EE...

Arbitrary File Read Vulnerability in Dreamer CMS

Dreamer CMS is a java developed content publishing system. Dreamer CMS suffers from an arbitrary file read vulnerability, which can be exploited by an attacker to read arbitrary files on the server...

Invigo Automatic Device Management Directory Traversal Vulnerability

Invigo Automatic Device Management ADM is a native management tool for cellular operators that enables them to detect, maintain and manage millions of devices cost-effectively and with a high degree of reliability. A directory traversal vulnerability exists in /admin/searchby.php in Invigo...

CVE-2020-10584

A directory traversal on the /admin/searchby.php script of Invigo Automatic Device Management ADM through 5.0 allows remote attackers to read arbitrary server files accessible to the user running the application...

PT-2021-7243 · Sap · Sap Mii

Name of the Vulnerable Software and Affected Versions: SAP MII affected versions not specified Description: The issue allows an attacker to intercept a request to the server, inject malicious JSP code in the request, and forward it to the server. When a dashboard is opened by users with at least...

JPress suffers from an XML entity injection vulnerability

JPress a use of Java development, similar to WordPress products. JPress has an XML entity injection vulnerability that can be exploited by an attacker to read server files...

CVE-2021-23901

An XML external entity XXE injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions 1.18. XML external entity injection also known as XXE is a web security vulnerability that allows an attacker to interfere with an application's processing of XML data. ...

CVE-2020-26295

OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.5, an administrator with permission to import/export data and to edit cms pages was able to inject an executable file on the server via layout xml. The latest OpenMage Versions up from 19.4.9 an...

CVE-2020-13355

An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.14. A path traversal is found in LFS Upload that allows attacker to overwrite certain specific paths on the server. Affected versions are: =8.14, =13.4, =13.5, 13.5.2...

Citrix XenMobile Server File Disclosure

File disclosure vulnerability in Citrix XenMobile Server Vulnerability Type: File Disclosure For the exploit source code contact DSquare Security sales team...

Harbin Weicheng Technology Co., Ltd. OurPHP Ao Pai station building system exists arbitrary file deletion vulnerability

OurPHP Aopia website building system is a enterprise + e-commerce marketing website building system. Harbin Weicheng Technology Co., Ltd OurPHP AoPai website builder system exists arbitrary file deletion vulnerability, an attacker can take advantage of the vulnerability to delete any file under t...

Kaixin Electronic Document Inventory in Arbitrary File Download Vulnerability

Qixing electronic document library can be used to store departmental manuals, system specifications, mechanical drawings and other edoc. The Qixing Electronic Document Library is vulnerable to an arbitrary file download vulnerability, which can be exploited by an attacker to download any file on...

VulnCheck KEV: CVE-2019-6111

An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned only directory traversal attacks are...

Unauthorized Arbitrary File Read Vulnerability in jeewms

jeewms is a JAVA-based warehouse management system . jeewms has an unauthorized arbitrary file read vulnerability that can be exploited by an attacker to read any file on the server without authorization...

CVE-2020-11991

When using the StreamGenerator, the code parse a user-provided XML. A specially crafted XML, including external system entities, could be used to access any file on the server system...

CLUSTERPRO X and EXPRESSCLUSTER X vulnerable to XML external entity injection (XXE)

Overview CLUSTERPRO X and EXPRESSCLUSTER X provided by NEC Corporation contain an XML external entity injection XXE vulnerability CWE-611. NEC Corporation reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and NEC Corporation coordinated under the Informatio...

INNEO Solutions INNEO Startup TOOLS 2018 M040 Path Traversal Vulnerability

INNEO Solutions INNEO Startup TOOLS 2018 M040 is an INNEO startup tool from INNEO Solutions, Germany. A path traversal vulnerability exists in INNEO Solutions INNEO Startup TOOLS 2018 M040 13.0.70.3804 and previous versions. An attacker can exploit this vulnerability to read arbitrary files on th...

Intranda Goobi Viewer Core Path Traversal Vulnerability

Intranda Goobi Viewer Core is a Web-based digital library system from Intranda, Germany. A path traversal vulnerability exists in Intranda Goobi Viewer Core versions prior to 4.8.3. A remote attacker could exploit this vulnerability to access files on the server...