CVE-2021-40841

A Path Traversal vulnerability for a log file in LiveConfig 2.12.2 allows authenticated attackers to read files on the underlying server...

LiveConfig 路径遍历漏洞

LiveConfig is a control panel software from the German company LiveConfig. It is used to simplify server configuration and ensure reliable and secure operation. A security vulnerability exists in LiveConfig version 2.12.2, which can be exploited by an attacker to read files on the underlying serv...

Appleple a-blog cms 代码注入漏洞

Appleple a-blog cms is a content management system CMS from appleple Appleple Japan. A code injection vulnerability exists in Appleple a-blog cms, which is vulnerable due to a template injection issue. A remote user can obtain arbitrary files on the server. The vulnerability allows remote attacke...

CVE-2022-22793

Cybonet - PineApp Mail Relay Local File Inclusion. Attacker can send a request to : /manage/mailpolicymtm/log/emlviewer/email.content.body.php?filesystempath=ENCDODED PATH and by doing that, the attacker can read Local Files inside the server...

CVE-2021-23195

Fresenius Kabi Vigilant Software Suite Mastermed Dashboard version 2.0.1.3 has the option for automated indexing directory listing activated. When accessing a directory, a web server delivers its entire content in HTML form. If an index file does not exist and directory listing is enabled, all...

Crow 路径遍历漏洞

Crow is a C micro-framework for running Web services, and a security vulnerability exists in Crow that could be exploited by an attacker to traverse directories and obtain arbitrary files from the server...

CVE-2021-20874

Incorrect permission assignment for critical resource vulnerability in GroupSession Free edition ver5.1.1 and earlier, GroupSession byCloud ver5.1.1 and earlier, and GroupSession ZION ver5.1.1 and earlier allows a remote unauthenticated attacker to access arbitrary files on the server and obtain...

Fresenius Kabi Agilia Connect Infusion System Information Disclosure Vulnerability

Fresenius Kabi Agilia Connect Infusion System is an infusion system from the German company Fresenius Kabi.The Fresenius Kabi Agilia Connect Infusion System is vulnerable to information disclosure, which could be exploited by attackers to identify and access files on the server...

CVE-2021-40095

An issue was discovered in SquaredUp for SCOM 5.2.1.6654. The Download Log feature in System / Maintenance was susceptible to a local file inclusion vulnerability when processing remote input in the log files downloaded by an authenticated administrator user, leading to the ability to read...

Squaredup安全漏洞

Squaredup is a Web service from Squaredup UK that provides data monitoring capabilities for cloud environments. a file inclusion vulnerability in the download logging functionality in SquaredUp for SCOM version 5.2.1.6654 System/Maintenance could be exploited to read arbitrary files on the server...

Arbitrary File Read Vulnerability in Cyber-Sign's NetSign Digital Signature System

Ltd. is the earliest professional vendor engaged in the research, development and application of PKI technology in China. There is an arbitrary file reading vulnerability in the NetSign digital signature system, which can be exploited by an attacker to read server files...

Wipro Holmes Orchestrator 20.4.1 Report Disclosure

Exploit Title: Wipro Holmes Orchestrator 20.4.1 Unauthenticated Excel Report Download Date: 09/08/2021 Exploit Author: Rizal Muhammed @ub3rsick Vendor Homepage: https://www.wipro.com/holmes/ Version: 20.4.1 Tested on: Windows 10 x64 CVE : CVE-2021-38147 In the Wipro Holmes Orchestrator 20.4.1...

PT-2022-11303 · Alt Linux · Alt Linux

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is related to insufficient escaping of the LaTeX preamble, which allows site administrators to read files available to the HTTP server system...

CVE-2021-40745

Adobe Campaign version 21.2.1 and earlier is affected by a Path Traversal vulnerability that could lead to reading arbitrary server files. By leveraging an exposed XML file, an unauthenticated attacker can enumerate other files on the server...

CVE-2021-40745

Adobe Campaign version 21.2.1 and earlier is affected by a Path Traversal vulnerability that could lead to reading arbitrary server files. By leveraging an exposed XML file, an unauthenticated attacker can enumerate other files on the server...

Path traversal

Adobe Campaign version 21.2.1 and earlier is affected by a Path Traversal vulnerability that could lead to reading arbitrary server files. By leveraging an exposed XML file, an unauthenticated attacker can enumerate other files on the server...

FortiClientEMS - Directory Traversal vulnerability

A path traversal vulnerability CWE-22 in FortiClientEMS may allow an authenticated attacker to inject directory traversal character sequences to add/delete the files of the server via the name parameter of Deployment Packages...

CVE-2021-39433

A local file inclusion LFI vulnerability exists in version BIQS IT Biqs-drive v1.83 and below when sending a specific payload as the file parameter to download/index.php. This allows the attacker to read arbitrary files from the server with the permissions of the configured web-user...

Biqs It Biqs-drive 安全漏洞

Biqs It Biqs-drive is an online driving school software from the Belgian company Biqs It. BIQS IT Biqs-drive v1.83 and below is vulnerable to a local file inclusion vulnerability, which could be exploited by attackers to read arbitrary files from the server using the privileges of the configured...

CVE-2021-33555

In PEPPERL+FUCHS WirelessHART-Gateway = 3.0.7 the filename parameter is vulnerable to unauthenticated path traversal attacks, enabling read access to arbitrary files on the server...