CVE-2017-9965

An exposure of sensitive information vulnerability exists in Schneider Electric's Pelco VideoXpert Enterprise versions 2.0 and prior. Using a directory traversal attack, an unauthorized person can view web server files...

Directory traversal

An exposure of sensitive information vulnerability exists in Schneider Electric's Pelco VideoXpert Enterprise versions 2.0 and prior. Using a directory traversal attack, an unauthorized person can view web server files...

FiyoCMS check_file.php file exists arbitrary file read hole

FiyoCMS is a content management system CMS for creating CMS templates. An arbitrary file read hole exists in the FiyoCMS checkfile.php file. An attacker can exploit the hole to read arbitrary files on the server...

Schneider Electric Pelco VideoXpert Enterprise Directory Traversal Vulnerability (CNVD-2017-38304)

Pelco VideoXpert Enterprise is an enterprise video management system. A directory traversal vulnerability exists in Schneider Electric Pelco VideoXpert Enterprise, which can be exploited by unauthorized attackers to view web server files...

CVE-2017-1000197

October CMS build 412 is vulnerable to file path modification in asset move functionality resulting in creating creating malicious files on the server...

WordPress TablePress XML Injection Vulnerability

WordPress is a blogging platform developed by the WordPress Software Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.TablePress is a plugin used in WordPress to create and manage tables. An XML injection vulnerability exists in WordPress...

Input validation

An Improper Input Validation issue was discovered in ABB FOX515T release 1.0. An improper input validation vulnerability has been identified, allowing a local attacker to provide a malicious parameter to the script that is not validated by the application, This could enable the attacker to retrie...

CVE-2017-14025

An Improper Input Validation issue was discovered in ABB FOX515T release 1.0. An improper input validation vulnerability has been identified, allowing a local attacker to provide a malicious parameter to the script that is not validated by the application, This could enable the attacker to retrie...

CVE-2017-14025

An Improper Input Validation issue was discovered in ABB FOX515T release 1.0. An improper input validation vulnerability has been identified, allowing a local attacker to provide a malicious parameter to the script that is not validated by the application, This could enable the attacker to retrie...

ABB FOX515T Information Disclosure Vulnerability

The FOX515 is a general-purpose communications platform based on TDM technology time division multiplexing. An information disclosure vulnerability in the ABB FOX515T version 1.0 allows a local attacker to supply malicious parameters to unauthenticated scripts for this application, enabling the...

Umbraco CMS XML External Entity Vulnerability

Umbraco is the leading open source Microsoft ASP.NET CMS. An XML external entity vulnerability exists in Umbraco CMS, which could allow an attacker to obtain sensitive information by reading files on the server or sending TCP requests to an intranet host...

DzzOffice v1.3.1 Arbitrary File Download Vulnerability in Frontend

DzzOffice is a cloud storage management tool , based on the free open source release , can be used as a personal network disk , team , enterprise network disk for use . DzzOffice v1.3.1 front-end arbitrary file download vulnerability exists due to the program fails to share path parameter for...

CVE-2017-6045

An Information Exposure issue was discovered in Trihedral VTScada Versions prior to 11.2.26. Some files are exposed within the web server application to unauthenticated users. These files may contain sensitive configuration information...

CVE-2017-3098

Adobe Captivate versions 9 and earlier have a remote code execution vulnerability in the quiz reporting feature that could be abused to read and write arbitrary files to the server...

Arbitrary File Write

thrushs is vulnerable to arbitrary file writes. Attackers are able to use thrushs to create files on a server...

XXE Vulnerability in the Purview.asmx File of the MicroXia Online Learning Platform

Micro Xia Online Learning Platform is an online education system based on B/S architecture. A XXE vulnerability exists in the Purview.asmx file of MicroXia Online Learning Platform. An attacker can exploit the vulnerability to remotely read arbitrary files on the server...

Design/Logic Flaw

It was found that the Red Hat JBoss EAP 7.0.5 implementation of javax.xml.transform.TransformerFactory is vulnerable to XXE. An attacker could use this flaw to launch DoS or SSRF attacks, or read files from the server where EAP is deployed...

CVE-2017-7503

It was found that the Red Hat JBoss EAP 7.0.5 implementation of javax.xml.transform.TransformerFactory is vulnerable to XXE. An attacker could use this flaw to launch DoS or SSRF attacks, or read files from the server where EAP is deployed...

I, Librarian PDF Manager Directory Enumeration Vulnerability

I, Librarian PDF Manager is an online service that will organize your collection of PDF and office documents. A directory enumeration vulnerability exists in I, Librarian PDF Manager, which can be exploited by an attacker to enumerate files in a web server directory...

CVE-2017-5661

In Apache FOP before 2.2, files lying on the filesystem of the server which uses FOP can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full...