CloudBees Jenkins Google OAuth Credentials Plugin Arbitrary File Read Vulnerability

CloudBees Jenkins is a set of Java-based development of continuous integration tools . A security vulnerability in CloudBees Jenkins Google OAuth Credentials Plugin allows remote attackers to exploit the vulnerability to submit a special request that can read the contents of system files on the...

XML External Entity (XXE)

Raml parser is vulnerable to XML external entity attacks. The attack is possible because an XML input containing a reference to an external entity is not blocked by the XML parser, allowing an attacker to inject malicious XML files to retrieve system files or perform requests on behalf of the...

Cisco Wireless LAN Controller Software Path Traversal Vulnerability

Cisco Wireless LAN Controller WLC Software is a suite of software for configuring and managing WLCs Wireless LAN Controllers from Cisco. A path traversal vulnerability exists in Cisco WLC Software versions prior to 8.10, which stems from the program's failure to properly handle user-submitted inp...

CVE-2019-15266

A vulnerability in the CLI of Cisco Wireless LAN Controller WLC Software could allow an authenticated, local attacker to view system files that should be restricted. This vulnerability is due to improper sanitization of user-supplied input in command-line parameters that describe filenames. An...

Directory traversal

A vulnerability in the CLI of Cisco Wireless LAN Controller WLC Software could allow an authenticated, local attacker to view system files that should be restricted. This vulnerability is due to improper sanitization of user-supplied input in command-line parameters that describe filenames. An...

CVE-2019-15266 Cisco Wireless LAN Controller Path Traversal Vulnerability

A vulnerability in the CLI of Cisco Wireless LAN Controller WLC Software could allow an authenticated, local attacker to view system files that should be restricted. This vulnerability is due to improper sanitization of user-supplied input in command-line parameters that describe filenames. An...

CVE-2019-15266

Cisco WLC Path Traversal (CVE-2019-15266) is a local directory-traversal vulnerability in the CLI that could let an authenticated, local attacker view restricted system files by exploiting improper sanitization of filenames in command-line parameters. Connected sources confirm the issue affects C...

Cisco Wireless LAN Controller Path Traversal Vulnerability

A vulnerability in the CLI of Cisco Wireless LAN Controller WLC Software could allow an authenticated, local attacker to view system files that should be restricted. This vulnerability is due to improper sanitization of user-supplied input in command-line parameters that describe filenames. An...

XML External Entity (XXE)

async-http-client is vulnerable to XML external entity attacks. The external DTD support in the Webdav module is not disabled, allowing attackers to access and retrieve system files, submit requests on behalf of the server, or potentially cause a denial of service...

CVE-2019-3827

An incorrect permission check in the admin backend in gvfs was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. This vulnerability can be exploited by malicious programs running under privileges of users...

CVE-2019-0074

A path traversal vulnerability in NFX150 Series and QFX10K Series, EX9200 Series, MX Series and PTX Series devices with Next-Generation Routing Engine NG-RE allows a local authenticated user to read sensitive system files. This issue only affects NFX150 Series and QFX10K Series, EX9200 Series, MX...

CVE-2019-0074

The CVE-2019-0074 issue is a path traversal vulnerability in Juniper Junos OS affecting NFX150, QFX10K, EX9200, MX, and PTX series with NG-RE (vmhost). A local authenticated attacker can read sensitive system files via traversal in NG-RE paths. Affected are multiple firmware tracks: 15.1F before ...

KSLabs KSWEB hostFile parameter directory traversal vulnerability

KSLabs KSWEB is an open source server. A directory traversal vulnerability exists in the handling of the KSLabs KSWEB hostFile parameter, which can be exploited by remote attackers to submit a special request to view the contents of system files...

VulnCheck KEV: CVE-2018-13379

Fortinet FortiOS SSL VPN web portal contains a path traversal vulnerability that may allow an unauthenticated attacker to download FortiOS system files through specially crafted HTTP resource requests...

XML External Entity (XXE)

selenium-firefox-driver is vulnerable to XML external entity attacks. External DTD declarations are not disabled, allowing a remote attacker to perform server-side request forgery attacks, local port scanning, access system files and possibly a denial of service attack...

CVE-2019-4442

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9,0 could allow a remote attacker to traverse directories on the file system. An attacker could send a specially-crafted URL request to view arbitrary files on the system but not content. IBM X-Force ID: 163226...

The vulnerability of Cisco Enterprise NFV Infrastructure Software (NFVIS) lies in errors during the validation of input data in the file system commands of NFVIS. This allows a malicious actor to re-record any files in the operating system of the vulnerable device.

The vulnerability of Cisco Enterprise NFV Infrastructure Software NFVIS is related to errors in checking input data within the file system commands of NFVIS. Exploiting this vulnerability could allow a malicious actor to re-write any files in the operating system of the vulnerable device...

The vulnerability of the SSL VPN web portal of the operating system FortiOS allows a hacker to gain access to system files.

The vulnerability of the SSL VPN web portal of the operating system FortiOS exists due to an incorrect path limitation to the restricted access directory. Exploiting this vulnerability could allow a malicious actor to gain access to system files by sending a specially crafted HTTP request...

IBM API Connect Path Traversal Vulnerability

IBM API Connect APIConnect is a suite of integrated solutions for managing the API lifecycle from IBM USA. The product supports creating, running, managing and securing APIs, microservices and more. A path traversal vulnerability exists in IBM API Connect. An attacker could exploit this...

CVE-2019-3974

Nessus 8.5.2 and earlier on Windows platforms were found to contain an issue where certain system files could be overwritten arbitrarily, potentially creating a denial of service condition...