Arbitrary File Read Vulnerability in Doco Knowledge Management System

DuoKe knowledge management system is a professional enterprise-level system, the main functions of content management display, knowledge document re-organization and processing, network-based similar word online editing system, user points, the latest knowledge and many other expanded functions, ...

Invigo Automatic Device Management 路径遍历漏洞

Invigo Automatic Device Management ADM is a native management tool for cellular operators that enables them to detect, maintain and manage millions of devices cost-effectively and with a high degree of reliability. A directory traversal vulnerability exists in /admin/searchby.php in Invigo...

CVE-2020-10584

A directory traversal on the /admin/searchby.php script of Invigo Automatic Device Management ADM through 5.0 allows remote attackers to read arbitrary server files accessible to the user running the application...

Directory traversal

A directory traversal on the /admin/searchby.php script of Invigo Automatic Device Management ADM through 5.0 allows remote attackers to read arbitrary server files accessible to the user running the application...

Arbitrary File Read Vulnerability in HIM Basic Management Platform of Beijing Zhongchuang Vision Technology Co.

Ltd. is a high-tech company specializing in the research and development of video conference system hardware and software. There is an arbitrary file reading vulnerability in the HIM basic management platform of Beijing CCTV Technology Co., Ltd, which can be exploited by an attacker to read all t...

Jellyfin 路径遍历漏洞

Jellyfin is a freeware media system. It allows you to control the management and streaming of media. It is an alternative to the proprietary Emby and Plex, allowing media from dedicated servers to be served to end-user devices through multiple applications. A security vulnerability exists in...

Fluig 1.7.0 - Path Traversal Exploit

Exploit Title: Fluig 1.7.0 - Path Traversal Exploit Author: Lucas Souza Vendor Homepage: https://www.totvs.com/fluig/ Version: payload.txt curl -s https://raw.githubusercontent.com/lucxssouza/banners/main/xFluig/banner banner -- FUNCTIONS -- function create-payload wordlist.txt count=1 while $cou...

Design/Logic Flaw

LumisXP aka Lumis Experience Platform before 10.0.0 allows unauthenticated blind XXE via an API request to PageControllerXml.jsp. One can send a request crafted with an XXE payload and achieve outcomes such as reading local server files or denial of service...

CVE-2021-3204

SSRF in the document conversion component of Webware Webdesktop 5.1.15 allows an attacker to read all files from the server...

CVE-2021-3204

SSRF in the document conversion component of Webware Webdesktop 5.1.15 allows an attacker to read all files from the server...

Webware Webdesktop 代码问题漏洞

Webware Webdesktop is an application software from the company Webware in the Republic of Estonia. A document management software. A code issue vulnerability exists in Webware Webdesktop version 5.1.15. The vulnerability stems from the system allowing an attacker to read all files on the server. ...

loklak path traversal vulnerability

Loklak Server is a server-side application from the Loklak team for collecting text information from multiple sources. loklak suffers from a path traversal vulnerability that stems from insufficient input validation leading to a directory traversal vulnerability. An attacker can exploit this...

Apache Nutch 代码问题漏洞

Apache Nutch is a Java-based scalable crawler software from the Apache Foundation. Versions of Apache Nutch prior to 1.18 suffer from an XML external entity injection vulnerability that allows an attacker to view files on the application server file system and interact with any backend or externa...

Directory Traversal Vulnerability in SeaCMS

SeaCMS Ocean CMS is a web content management system based on PHP+MYSQL architecture and supports cross-platform operation. SeaCMS suffers from a directory traversal vulnerability. An attacker can exploit the vulnerability by constructing a malicious payload to view any directory file on the serve...

SAP BusinessObjects Business Intelligence Platform Cross-Site Request Forgery Vulnerability

SAP BusinessObjects Business Intelligence Platform is a suite of business intelligence software and enterprise performance solutions from SAP. The product has report generation, analysis, data visualization and other functions. A cross-site request forgery vulnerability exists in SAP...

Arbitrary File Read Vulnerability in Fish Leap CMS

FishLeap CMS is a content management system specifically geared towards enterprise applications. Fishy CMS suffers from an arbitrary file read vulnerability, which can be exploited by an attacker to read arbitrary files on the server...

CVE-2020-25985

MonoCMS Blog 1.0 is affected by: Arbitrary File Deletion. Any authenticated user can delete files on and off the webserver php files can be unlinked and not deleted...

Information disclosure

When using the StreamGenerator, the code parse a user-provided XML. A specially crafted XML, including external system entities, could be used to access any file on the server system...

GHSA-4X7W-FRCQ-V4M3 Path Traversal in @wturyn/swagger-injector

All versions of @wturyn/swagger-injector are vulnerable to Path Traversal. The package fails to sanitize URLs, allowing attackers to access server files outside of the configured dist folder using relative paths. Recommendation No fix is currently available. Consider using an alternative package...

GHSA-V4X8-GW49-7HV4 Path Traversal in swagger-injector

All versions of swagger-injector are vulnerable to Path Traversal. The package fails to sanitize URLs, allowing attackers to access server files outside of the configured dist folder using relative paths. Recommendation No fix is currently available. Consider using an alternative package until a...