Lucene search
K

2194 matches found

NVD
NVD
added 2020/05/07 5:15 p.m.9 views

CVE-2020-11431

The documentation component in i-net Clear Reports 16.0 to 19.2, HelpDesk 8.0 to 8.3, and PDFC 4.3 to 6.2 allows a remote unauthenticated attacker to read arbitrary system files and directories on the target server via Directory Traversal...

9.1CVSS9.1AI score0.02091EPSS
Exploits0References4
OSV
OSV
added 2020/05/07 5:15 p.m.5 views

CVE-2020-11431

The documentation component in i-net Clear Reports 16.0 to 19.2, HelpDesk 8.0 to 8.3, and PDFC 4.3 to 6.2 allows a remote unauthenticated attacker to read arbitrary system files and directories on the target server via Directory Traversal...

9.1CVSS5.9AI score0.02091EPSS
Exploits0References4
Prion
Prion
added 2020/05/07 5:15 p.m.13 views

Directory traversal

The documentation component in i-net Clear Reports 16.0 to 19.2, HelpDesk 8.0 to 8.3, and PDFC 4.3 to 6.2 allows a remote unauthenticated attacker to read arbitrary system files and directories on the target server via Directory Traversal...

6.4CVSS9AI score0.02091EPSS
Exploits0References4Affected Software3
Cvelist
Cvelist
added 2020/05/07 4:9 p.m.17 views

CVE-2020-11431

The documentation component in i-net Clear Reports 16.0 to 19.2, HelpDesk 8.0 to 8.3, and PDFC 4.3 to 6.2 allows a remote unauthenticated attacker to read arbitrary system files and directories on the target server via Directory Traversal...

9.1AI score0.02091EPSS
Exploits0References4
CNVD
CNVD
added 2020/05/05 12:0 a.m.3 views

OurPHP website builder system suffers from an arbitrary file read vulnerability.

OurPHP Aopia website building system is a enterprise + e-commerce marketing website building system. OurPHP website builder system has an arbitrary file reading vulnerability, which can be exploited by attackers to read arbitrary system files...

6.9AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2020/04/29 12:0 a.m.9 views

The vulnerability of the fstream.DirWriter() function in the fstream package arises from insufficient input validation. This allows attackers to overwrite files in the system.

The vulnerability of the fstream.DirWriter function in the fstream package exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to remotely overwrite files on the system...

7.8CVSS7.2AI score0.02416EPSS
Exploits0References8Affected Software6
CNVD
CNVD
added 2020/04/28 12:0 a.m.1 views

Harbin Weicheng Technology Co., Ltd. OurPHP has an arbitrary file deletion vulnerability

OurPHP is a PHP+MySQL based development of W3C-compliant website building system. Harbin Weicheng Technology Co., Ltd OurPHP has an arbitrary file deletion vulnerability that can be exploited by an attacker to delete any system files, and can further lead to the system being reinstalled...

7AI score
Exploits0
CNVD
CNVD
added 2020/04/14 12:0 a.m.1 views

xyhcms background exists arbitrary file download vulnerability

xyhcms is a completely open source CMS content management system, simple, easy to use, secure, stable and free. xyhcms background arbitrary file download vulnerability , attackers can exploit the vulnerability to download sensitive system files...

7AI score
Exploits0
CNVD
CNVD
added 2020/04/14 12:0 a.m.2 views

Unauthorized Access Vulnerability in Cloud Box Fortresses

Cloud Box is a security management tool for tenants to connect to cloud resources, helping cloud tenants manage virtual machines, databases, and other resources on the cloud more securely and granularly. An unauthorized access vulnerability exists in Cloud Box Fortress, which can be exploited by ...

7AI score
Exploits0
Packet Storm
Packet Storm
added 2020/04/13 12:0 a.m.105 views

WSO2 API Manager Carbon Interface 3.0.0 File Delete

Document Title: =============== WOS2 API ManagerDelete Extension Arbitrary File DeletePath traversal CVE not assigned yet Author : Raki Ben Hamouda Security Update : https://apim.docs.wso2.com/en/latest/ Common Vulnerability Scoring System: ==================================== 8.5 Affected...

7.4AI score
Exploits0
Veracode
Veracode
added 2020/04/10 12:44 a.m.26 views

Cross-site Request Forgery (CSRF)

cups is vulnerable to cross-site request forgery CSRF. The vulnerability exists as a remote attacker could trick a user, who is logged into the CUPS web interface as an administrator, into visiting a specially-crafted website, the attacker could reconfigure and disable CUPS, and gain access to...

6CVSS2.9AI score0.01275EPSS
Exploits0References18Affected Software1
NVD
NVD
added 2020/04/08 6:15 p.m.23 views

CVE-2020-10263

An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.52.4. Attackers can get root shell by accessing the UART interface and then they can i read Wi-Fi SSID or password, ii read the dialogue text files between users and XIAOMI XIAOAI speaker Pro LX06, iii use Text-To-Speech tools pretend...

7.2CVSS6.7AI score0.0052EPSS
Exploits1References3
Prion
Prion
added 2020/04/08 6:15 p.m.13 views

Command injection

An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.58.10. Attackers can activate the failsafe mode during the boot process, and use the miconsole command cascaded by the SN code shown on the product to get the root shell password, and then the attacker can i read Wi-Fi SSID or password, ...

7.2CVSS6.8AI score0.00549EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2020/04/08 5:31 p.m.29 views

CVE-2020-10263

An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.52.4. Attackers can get root shell by accessing the UART interface and then they can i read Wi-Fi SSID or password, ii read the dialogue text files between users and XIAOMI XIAOAI speaker Pro LX06, iii use Text-To-Speech tools pretend...

6.7AI score0.0052EPSS
Exploits1References3
Cvelist
Cvelist
added 2020/04/08 5:26 p.m.33 views

CVE-2020-10262

An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.58.10. Attackers can activate the failsafe mode during the boot process, and use the miconsole command cascaded by the SN code shown on the product to get the root shell password, and then the attacker can i read Wi-Fi SSID or password, ...

6.8AI score0.00549EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2020/04/08 12:0 a.m.21 views

CVE-2020-1985

Incorrect Default Permissions on C:\Programdata\Secdo\Logs folder in Secdo allows local authenticated users to overwrite system files and gain escalated privileges. This issue affects all versions Secdo for Windows. Recent assessments: xFreed0m at April 10, 2020 3:06pm UTC reported: CVE-2020-1985...

7.8CVSS1.8AI score0.00254EPSS
Exploits0References2
NVD
NVD
added 2020/03/27 8:15 a.m.22 views

CVE-2020-10508

Sunnet eHRD, a human training and development management system, improperly stores system files. Attackers can use a specific URL and capture confidential information...

7.5CVSS7.5AI score0.0147EPSS
Exploits0References2
Prion
Prion
added 2020/03/27 8:15 a.m.17 views

Information disclosure

Sunnet eHRD, a human training and development management system, improperly stores system files. Attackers can use a specific URL and capture confidential information...

5CVSS7.5AI score0.0147EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/03/27 7:35 a.m.21 views

CVE-2020-10508 Sunnet eHRD - Sensitive Data Exposure

Sunnet eHRD, a human training and development management system, improperly stores system files. Attackers can use a specific URL and capture confidential information...

7.5CVSS7.5AI score0.0147EPSS
Exploits0References2
CVE
CVE
added 2020/03/27 7:35 a.m.73 views

CVE-2020-10508

CVE-2020-10508 affects Sunnet eHRD, a human training and development management system. The vulnerability is an information-disclosure flaw caused by improper storage of system files, enabling an attacker to access confidential information via a specific URL. Multiple sources (NVD and CVE lists) ...

7.5CVSS7.5AI score0.0147EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder