DEBIAN-CVE-2017-5661

In Apache FOP before 2.2, files lying on the filesystem of the server which uses FOP can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full...

SECCN User Behavior Management Firewall Has Information Disclosure Vulnerability

SECCN User Behavior Management Firewall is an application gateway firewall based on a security protocol stack. The SECCN User Behavior Management Firewall suffers from an information leakage vulnerability. An attacker can exploit this vulnerability to obtain sensitive server files, posing an...

CVE-2016-8017

Special element injection vulnerability in Intel Security VirusScan Enterprise Linux VSEL 2.0.3 and earlier allows authenticated remote attackers to read files on the webserver via a crafted user input...

CVE-2017-6527

An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to a NUL-terminated directory traversal attack allowing an unauthenticated attacker to access system files readable by the web server user by using the viewAppletFsa.cgi seqID parameter...

ZoneMinder 'web/views/file.php' local file inclusion vulnerability

Zoneminder is an open source web application on a centralized server that, in versions 1.0-1.30.0, allows authenticated attackers to read the local file system e.g., /etc/passwd...

Information Disclosure

ImageMagick is vulnerable to information disclosure. A malicious user can send a malicious image to the system which when processed, can lead to the disclosure of files in the server...

Directory traversal

The patch for directory traversal CVE-2017-5480 in b2evolution version 6.8.4-stable has a bypass vulnerability. An attacker can use ../ to bypass the filter rule. Then, this attacker can exploit this vulnerability to delete or read any files on the server. It can also be used to determine whether...

pdfbox: XML External Entity vulnerability

It was found that the parsing of XMP and other XML formats in PDF by Apache PDFBox would expand entity references. A remote, unauthenticated attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks...

BlueShield Web Tamper Protection System suffers from information leakage vulnerability

BlueShield Web Tamper Protection System is a web page tampering prevention product. Blue Shield Web Tamper Protection System has an information leakage vulnerability. Allows attackers to exploit the vulnerability to obtain sensitive server files...

CVE-2016-6612

An issue was discovered in phpMyAdmin. A user can exploit the LOAD LOCAL INFILE functionality to expose files on the server to the database system. All 4.6.x versions prior to 4.6.4, 4.4.x versions prior to 4.4.15.8, and 4.0.x versions prior to 4.0.10.17 are affected...

CVE-2016-6612

An issue was discovered in phpMyAdmin. A user can exploit the LOAD LOCAL INFILE functionality to expose files on the server to the database system. All 4.6.x versions prior to 4.6.4, 4.4.x versions prior to 4.4.15.8, and 4.0.x versions prior to 4.0.10.17 are affected...

XStream: enabled processing of external entities

It was found that several XML parsers used by XStream had default settings that would expand entity references. A remote, unauthenticated attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks...

File Containment Vulnerability in Minyou Website Builder System

Minyou web site building system is developed by java content management system is mostly used in government, school management system. The product's download.jsp page pathfile parameter exists arbitrary file download vulnerability, poc for: http://host/download.jsp?pathfile=/... /... /... /... /...

Trello: File access using image tragick

While Trello had patched our image libraries to prevent the RCE vulnerability in ImageMagick, we had not applied a patch to prevent arbitrary file reads via labels in mvg files. After resolving the issue, we were able to determine that no files had actually been accessed using this vulnerability,...

WordPress Real3D FlipBook Plugin - Multiple Vulnerabilities

Real3D FlipBook plugin is prone to multiple vulnerabilities, such as XSS. An attacker can upload images in root directory and delete any files from the server. Solution Update WordPress plugin to the newest stable and safe version...

Command Execution Vulnerability in NETRUN VPN Internet Behavior Management Router Login System

Nanjing Runye Technology Co., Ltd. specializes in computer software, hardware research and development, sales and system integration. A command execution vulnerability exists in the NETRUN VPN Internet Behavior Management Router login system. It allows attackers to remotely execute commands and...

FFmpeg remote file stealing vulnerabilities – moving end of the safety analysis report-vulnerability warning-the black bar safety net

0x1 vulnerability of origin FFmpeg remote file stealing vulnerabilities original source is Foreign vulnerability of the platform,the last year has been in the CTF match is used. Official in January of this year released the fixed version and published the vulnerability number CVE-2 0 1 6-1 8 9...

batik: XML External Entity (XXE) injection in SVG parsing

It was found that batik was vulnerable to XML External Entity attacks when parsing SVG files. A remote attacker able to send malicious SVG content to the affected server could use this flaw to read files accessible to the user running the application server, and potentially perform other more...

Zenphoto 1.4.10 - Local File Inclusion Vulnerability

Exploit for php platform in category web applications Zenphoto 1.4.10 - Local File Inclusion Vulnerability Vendor: ==================== www.zenphoto.org Product: =================== Zenphoto 1.4.10 Vulnerability Details: ====================== Zen Photos pluginDoc.php PHP file is vulnerable to...

ManageEngine Firewall Analyzer vulnerable to directory traversal

Overview ManageEngine Firewall Analyzer provided by Zoho Corporation is a log analytics and configuration management software for network security devices. ManageEngine Firewall Analyzer contains a directory traversal vulnerability. Mukai Akihito and Hasegawa Tomoshige reported this vulnerability...