2194 matches found
CVE-2020-11431
The documentation component in i-net Clear Reports 16.0 to 19.2, HelpDesk 8.0 to 8.3, and PDFC 4.3 to 6.2 allows a remote unauthenticated attacker to read arbitrary system files and directories on the target server via Directory Traversal...
CVE-2020-11431
The documentation component in i-net Clear Reports 16.0 to 19.2, HelpDesk 8.0 to 8.3, and PDFC 4.3 to 6.2 allows a remote unauthenticated attacker to read arbitrary system files and directories on the target server via Directory Traversal...
Directory traversal
The documentation component in i-net Clear Reports 16.0 to 19.2, HelpDesk 8.0 to 8.3, and PDFC 4.3 to 6.2 allows a remote unauthenticated attacker to read arbitrary system files and directories on the target server via Directory Traversal...
CVE-2020-11431
The documentation component in i-net Clear Reports 16.0 to 19.2, HelpDesk 8.0 to 8.3, and PDFC 4.3 to 6.2 allows a remote unauthenticated attacker to read arbitrary system files and directories on the target server via Directory Traversal...
OurPHP website builder system suffers from an arbitrary file read vulnerability.
OurPHP Aopia website building system is a enterprise + e-commerce marketing website building system. OurPHP website builder system has an arbitrary file reading vulnerability, which can be exploited by attackers to read arbitrary system files...
The vulnerability of the fstream.DirWriter() function in the fstream package arises from insufficient input validation. This allows attackers to overwrite files in the system.
The vulnerability of the fstream.DirWriter function in the fstream package exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to remotely overwrite files on the system...
Harbin Weicheng Technology Co., Ltd. OurPHP has an arbitrary file deletion vulnerability
OurPHP is a PHP+MySQL based development of W3C-compliant website building system. Harbin Weicheng Technology Co., Ltd OurPHP has an arbitrary file deletion vulnerability that can be exploited by an attacker to delete any system files, and can further lead to the system being reinstalled...
xyhcms background exists arbitrary file download vulnerability
xyhcms is a completely open source CMS content management system, simple, easy to use, secure, stable and free. xyhcms background arbitrary file download vulnerability , attackers can exploit the vulnerability to download sensitive system files...
Unauthorized Access Vulnerability in Cloud Box Fortresses
Cloud Box is a security management tool for tenants to connect to cloud resources, helping cloud tenants manage virtual machines, databases, and other resources on the cloud more securely and granularly. An unauthorized access vulnerability exists in Cloud Box Fortress, which can be exploited by ...
WSO2 API Manager Carbon Interface 3.0.0 File Delete
Document Title: =============== WOS2 API ManagerDelete Extension Arbitrary File DeletePath traversal CVE not assigned yet Author : Raki Ben Hamouda Security Update : https://apim.docs.wso2.com/en/latest/ Common Vulnerability Scoring System: ==================================== 8.5 Affected...
Cross-site Request Forgery (CSRF)
cups is vulnerable to cross-site request forgery CSRF. The vulnerability exists as a remote attacker could trick a user, who is logged into the CUPS web interface as an administrator, into visiting a specially-crafted website, the attacker could reconfigure and disable CUPS, and gain access to...
CVE-2020-10263
An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.52.4. Attackers can get root shell by accessing the UART interface and then they can i read Wi-Fi SSID or password, ii read the dialogue text files between users and XIAOMI XIAOAI speaker Pro LX06, iii use Text-To-Speech tools pretend...
Command injection
An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.58.10. Attackers can activate the failsafe mode during the boot process, and use the miconsole command cascaded by the SN code shown on the product to get the root shell password, and then the attacker can i read Wi-Fi SSID or password, ...
CVE-2020-10263
An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.52.4. Attackers can get root shell by accessing the UART interface and then they can i read Wi-Fi SSID or password, ii read the dialogue text files between users and XIAOMI XIAOAI speaker Pro LX06, iii use Text-To-Speech tools pretend...
CVE-2020-10262
An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.58.10. Attackers can activate the failsafe mode during the boot process, and use the miconsole command cascaded by the SN code shown on the product to get the root shell password, and then the attacker can i read Wi-Fi SSID or password, ...
CVE-2020-1985
Incorrect Default Permissions on C:\Programdata\Secdo\Logs folder in Secdo allows local authenticated users to overwrite system files and gain escalated privileges. This issue affects all versions Secdo for Windows. Recent assessments: xFreed0m at April 10, 2020 3:06pm UTC reported: CVE-2020-1985...
CVE-2020-10508
Sunnet eHRD, a human training and development management system, improperly stores system files. Attackers can use a specific URL and capture confidential information...
Information disclosure
Sunnet eHRD, a human training and development management system, improperly stores system files. Attackers can use a specific URL and capture confidential information...
CVE-2020-10508 Sunnet eHRD - Sensitive Data Exposure
Sunnet eHRD, a human training and development management system, improperly stores system files. Attackers can use a specific URL and capture confidential information...
CVE-2020-10508
CVE-2020-10508 affects Sunnet eHRD, a human training and development management system. The vulnerability is an information-disclosure flaw caused by improper storage of system files, enabling an attacker to access confidential information via a specific URL. Multiple sources (NVD and CVE lists) ...