UBUNTU-CVE-2018-14669

ClickHouse MySQL client before versions 1.1.54390 had "LOAD DATA LOCAL INFILE" functionality enabled that allowed a malicious MySQL database read arbitrary files from the connected ClickHouse server...

CVE-2019-14312

Aptana Jaxer 1.0.3.4547 is vulnerable to a local file inclusion vulnerability in the wikilite source code viewer. This vulnerability allows a remote attacker to read internal files on the server via a tools/sourceViewer/index.html?filename=../ URI...

PHPSHE mall system 1.7 background exists arbitrary file deletion vulnerability

PHPSHE Mall System V1.7 is an online mall building system based on PHP5.2+/MySQL 5.0+. PHPSHE Mall System 1.7 background there are arbitrary file deletion vulnerability, the vulnerability stems from the absence of directory checks, attackers can use the vulnerability to delete any file server...

CVE-2019-5458

Cross-site scripting XSS vulnerability in http-file-server all versions allows an attacker with access to the server file system to execute arbitrary JavaScript code in victim's browser...

CVE-2019-5457

Cross-site scripting XSS vulnerability in min-http-server all versions allows an attacker with access to the server file system to execute arbitrary JavaScript code in victim's browser...

Arbitrary File Deletion Vulnerability in Frontend of Medical Virtual Simulation Teaching Experiment Platform

Medical virtual simulation teaching experiment platform system is a virtual reality system with computer virtual reality and digital simulation technology as the core, biosimulation engine, processing factor database, virtual environment interface and other technologies as the support. Medical...

CVE-2019-14362

Openbravo ERP before 3.0PR19Q1.3 is affected by Directory Traversal. This vulnerability could allow remote authenticated attackers to replace a file on the server via the getAttachmentDirectoryForNewAttachment inpKey value...

Arbitrary File Download Vulnerability in Sida Fluoroplastics Co.

Remote server WEB service does not do suffix filtering and directory control on user-submitted download files, leading to malicious attackers to construct paths to download arbitrary server files. http://60.191.211.210:8088/yyoa/DownExcelBeanServlet?contenttype=username&contentvalue=&state=1&peri...

PT-2019-17673 · Unknown · Serve-Here.Js

Name of the Vulnerable Software and Affected Versions: serve-here.js versions prior to 1.2.0 Description: The issue allows attackers to list any file in an arbitrary folder due to a path traversal vulnerability. This is caused by the package's failure to sanitize URLs, enabling attackers to acces...

Malicious Package

froever is a malicious package. It contains malicious codes in its pre-install script that attempt to download a file from a remote server, executes it and opens a backdoor...

Arbitrary File Deletion Vulnerability in CSZ-CMS Management System

CSZ-CMS is an open source web application that allows to manage all content and settings on a website. An arbitrary file deletion vulnerability exists in the CSZ-CMS management system, which can be exploited by an attacker to delete arbitrary files on the server...

CVE-2019-5422

XSS in buttle npm package version 0.2.0 causes execution of attacker-provided code in the victim's browser when an attacker creates an arbitrary file on the server...

Directory Traversal Vulnerability in Xinhuo Co-ordination Office System Backend

Xinhuo Co-operation Office System is an open source and cross-platform office system. There is a directory traversal vulnerability in the background of the Xinhao Collaboration Office System, an attacker logging in to the system by modifying the file path when downloading files can traverse the...

Ruby on Rails Arbitrary File Read Vulnerability

Ruby on Rails is a very productive, high-maintenance, easy-to-deploy Ruby on Rails Ruby on Rails is a very productive, high-maintenance, and easy-to-deploy web development framework developed using Ruby, and is one of the preferred frameworks for web application development worldwide. Ruby on Rai...

Arbitrary File Download Vulnerability in Joomla! Ye*** Vi*** Sh*** Component

Joomla! is an open source content management system CMS. An arbitrary file download vulnerability exists in the Joomla!Ye Vi Sh component, which stems from the program's failure to correctly process data passed by the user, and can be exploited by an attacker to download arbitrary files on the...

UltraVNC heap buffer overflow vulnerability (CNVD-2019-13280)

UltraVNC is an open source remote terminal control software for the Windows platform. A heap buffer overflow vulnerability exists in the VNC server code of the file transfer request handler in UltraVNC version 1211. An attacker could exploit this vulnerability to execute code...

UltraVNC Heap Buffer Overflow Vulnerability

UltraVNC is an open source remote terminal control software for the Windows platform. A heap buffer overflow vulnerability exists in the VNC server code of the file transfer handler in UltraVNC version 1211. An attacker could exploit this vulnerability to execute code...

NetKit Input Validation Vulnerability

NetKit is a network environment simulation system. A security vulnerability exists in NetKit 0.17 and earlier versions, which stems from the fact that the server selects the file/directory to be sent to the client, but the rcp client only loosely validates the name of the returned object. An...

Remote Code Execution (RCE)

samba is vulnerable to remote code execution RCE attacks. The vulnerability exists as Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file system not exported under the share definition...

PHP Proxy Local File Inclusion Vulnerability

PHP Proxy is a web-based proxy script designed to be fast, easy to customize, and capable of providing sophisticated website support. A local file inclusion vulnerability exists in PHP Proxy version 3.0.3, which can be exploited by an attacker to read files from the server...