890 matches found
CVE-2020-6768
A path traversal vulnerability in the Bosch Video Management System BVMS NoTouch deployment allows an unauthenticated remote attacker to read arbitrary files from the Central Server. This affects Bosch BVMS versions 10.0 = 10.0.0.1225, 9.0 = 9.0.0.827, 8.0 = 8.0.329 and 7.5 and older. This affect...
CVE-2020-7953
An issue was discovered in OpServices OpMon 9.3.2. Without authentication, it is possible to read server files e.g., /etc/passwd due to the use of the nmap -iL aka input file option...
CVE-2020-7953
An issue was discovered in OpServices OpMon 9.3.2. Without authentication, it is possible to read server files e.g., /etc/passwd due to the use of the nmap -iL aka input file option...
Xxe
An XML External Entity XEE vulnerability exists in the JOC Cockpit component of SOS JobScheduler 1.12 and 1.13.2 allows attackers to read files from the server via an entity declaration in any of the XML documents that are used to specify the run-time settings of jobs and orders...
Input validation
An issue was discovered in OpServices OpMon 9.3.2. Without authentication, it is possible to read server files e.g., /etc/passwd due to the use of the nmap -iL aka input file option...
CVE-2020-7953
CVE-2020-7953 affects OpServices OpMon 9.3.2. The issue allows reading server files (e.g., /etc/passwd) without authentication due to the use of nmap -iL (input file) option. Multiple connected sources (including Red Hat and CNVD entries) corroborate this description. The vulnerability impacts co...
CVE-2020-3938
SysJust Syuan-Gu-Da-Shih, versions before 20191223, contain vulnerability of Request Forgery, allowing attackers to launch inquiries into network architecture or system files of the server via forged inquests...
Squiz Matrix CMS Arbitrary File Deletion Vulnerability
Squiz Matrix CMS is an open source content management system with a highly usable interface. An arbitrary file deletion vulnerability exists in core/assets/form/form/formquestiontypes/formquestiontypefileupload/formquestiontypefileupload.inc in Squiz Matrix CMS. An attacker can exploit this...
The vulnerability of the Jackson-databind library, related to the lack of protection for service data, allows a hacker to read arbitrary files on the server.
The vulnerability of the Jackson-databind library is related to the lack of protection for service data. Exploiting this vulnerability allows a malicious actor, operating remotely, to read arbitrary files on the server using a specially created JSON message...
The vulnerability of the Jackson-databind library, related to the lack of protection for service data, allows attackers to read arbitrary files on the server.
The vulnerability of the Jackson-databind library is related to the lack of protection for service data. Exploiting this vulnerability allows a malicious actor, operating remotely, to read arbitrary files on the server by sending a specially crafted JSON message...
Arbitrary File Deletion Vulnerability in HkCMS
HkCMS has been committed to providing free and open source content management system for enterprise station building, HkCMS has excellent expansion and secondary development capabilities, can be adapted to enterprise lightweight system development and deployment. HkCMS arbitrary file deletion...
Arbitrary File Deletion Vulnerability in LeShang Mall
LeShares is a lightweight mall website management system, based on Thinkphp5+Mysql architecture, running on Linux, Windows, MacOSX, Solaris and other various platforms. LeShang Mall arbitrary file deletion vulnerability, an attacker can use this vulnerability to arbitrarily delete server files...
GHSA-X4W5-R546-X9QH Arbitrary File Read in html-pdf
All versions of html-pdf are vulnerable to Arbitrary File Read. The package fails to sanitize the HTML input, allowing attackers to exfiltrate server files by supplying malicious HTML code. XHR requests in the HTML code are executed by the server. Input with an XHR request such as...
Path Traversal
Overview All versions of @wturyn/swagger-injector are vulnerable to Path Traversal. The package fails to sanitize URLs, allowing attackers to access server files outside of the configured dist folder using relative paths. Recommendation No fix is currently available. Consider using an alternative...
GHSA-CGJV-RGHQ-QHGP Path Traversal in algo-httpserv
Versions of algo-httpserv prior to 1.1.2 are vulnerable to Path Traversal. Due to insufficient input sanitization, attackers can access server files by using relative paths. Recommendation Upgrade to version 1.1.2 or later...
Path Traversal in algo-httpserv
Versions of algo-httpserv prior to 1.1.2 are vulnerable to Path Traversal. Due to insufficient input sanitization, attackers can access server files by using relative paths. Recommendation Upgrade to version 1.1.2 or later...
Path Traversal
Overview All versions of statichttpserver are vulnerable to Path Traversal. The package fails to sanitize URLs, allowing attackers to access server files outside of the served folder using relative paths. Recommendation No fix is currently available. Consider using an alternative package until a...
Path Traversal in statichttpserver
All versions of statichttpserver are vulnerable to Path Traversal. The package fails to sanitize URLs, allowing attackers to access server files outside of the served folder using relative paths. Recommendation No fix is currently available. Consider using an alternative package until a fix is ma...
Arbitrary File Read
Overview html-pdf before version 3.0.1 is vulnerable to Arbitrary File Read. The package fails to sanitize the HTML input, allowing attackers to exfiltrate server files by supplying malicious HTML code. XHR requests in the HTML code are executed by the server. Input with an XHR request such as...
Path Traversal
Overview All versions of f-serv are vulnerable to Path Traversal. Due to insufficient input sanitization in URLs, attackers can access server files by using relative paths when fetching files. Recommendation No fix is currently available. Consider using an alternative package until a fix is made...