Arbitrary File Read Vulnerability in Rice CMS

DAMI CMS is a free open-source, fast, simple PC station and cell phone station integration integration system, is committed to providing users with simple, fast PC station and smartphone station building solutions. A vulnerability exists in version 5.9.9 of DAMI CMS, which can be exploited by...

Path traversal

Prior to 10.6.4, Symantec Messaging Gateway may be susceptible to a path traversal attack also known as directory traversal. These types of attacks aim to access files and directories that are stored outside the web root folder. By manipulating variables, it may be possible to access arbitrary...

Node.js third-party modules: [serve-here] Static Web Server Directory Traversal via Crafted GET Request

Hi, A crafted GET request can be leveraged to traverse the directory structure of a host using the serve-here web server package, and request arbitrary files outside of the specified web root. Module specification Name: serve-here Version: 3.2.0 latest release build Verified conditions Test serve...

Octopus Deploy Directory Traversal Vulnerability

In Octopus Deploy, an authenticated user with PackagePush permission to upload packages could upload a maliciously crafted NuGet package, potentially overwriting other packages or modifying system files. This is a directory traversal in the PackageId value. SPDX-FileCopyrightText: 2017 Greenbone ...

Jooan IP Camera A5 FTP Vulnerability

Jooan IP Camera A5 is a network camera product of China Jooan Shenzhen Jooan Technology Company. A security vulnerability exists in the Jooan IP Camera A5 version 2.3.36. A remote attacker can exploit the vulnerability to read or replace core system files used for authentication and take control ...

Authentication flaw

On Jooan IP Camera A5 2.3.36 devices, an insecure FTP server does not require authentication, which allows remote attackers to read or replace core system files including those used for authentication such as passwd and shadow. This can be abused to take full root level control of the device...

CVE-2017-16566

On Jooan IP Camera A5 2.3.36 devices, an insecure FTP server does not require authentication, which allows remote attackers to read or replace core system files including those used for authentication such as passwd and shadow. This can be abused to take full root level control of the device...

CVE-2017-16566

On Jooan IP Camera A5 2.3.36 devices, an insecure FTP server does not require authentication, which allows remote attackers to read or replace core system files including those used for authentication such as passwd and shadow. This can be abused to take full root level control of the device...

Tales from the blockchain

Cryptocurrency has gradually evolved from an element of a new world, utopian economy to a business that has affected even those sectors of society least involved in information technology. At the same time, it has acquired a fair number of "undesirable" supporters who aim to enrich themselves at...

Samba Arbitrary File Write Vulnerability

Samba is free software that allows UNIX operating systems to link with the SMB/CIFS network protocol of the Microsoft Windows operating system. A security vulnerability exists in Samba that allows remote attackers to exploit the vulnerability to submit special requests to arbitrarily write or...

Juniper Contrail Information Disclosure Vulnerability

Juniper Contrail is a suite of cloud-based security solutions from Juniper Networks, Inc. The solution provides intelligent automation, application security and reliability for cloud and NFV. A security vulnerability exists in the ifmap service in Juniper Contrail that stems from the program's us...

Xxe

The ifmap service that comes bundled with Contrail has an XML External Entity XXE vulnerability that may allow an attacker to retrieve sensitive system files. Affected releases are Juniper Networks Contrail 2.2 prior to 2.21.4; 3.0 prior to 3.0.3.4; 3.1 prior to 3.1.4.0; 3.2 prior to 3.2.5.0...

CVE-2017-10617

The ifmap service that comes bundled with Contrail has an XML External Entity XXE vulnerability that may allow an attacker to retrieve sensitive system files. Affected releases are Juniper Networks Contrail 2.2 prior to 2.21.4; 3.0 prior to 3.0.3.4; 3.1 prior to 3.1.4.0; 3.2 prior to 3.2.5.0...

CVE-2017-10617 Contrail: XML External Entity (XXE) vulnerability

The ifmap service that comes bundled with Contrail has an XML External Entity XXE vulnerability that may allow an attacker to retrieve sensitive system files. Affected releases are Juniper Networks Contrail 2.2 prior to 2.21.4; 3.0 prior to 3.0.3.4; 3.1 prior to 3.1.4.0; 3.2 prior to 3.2.5.0...

Xxe

OpenText Document Sciences xPression formerly EMC Document Sciences xPression v4.5SP1 Patch 13 older versions might be affected as well is prone to an XML External Entity vulnerability: /xFramework/services/QuickDoc.QuickDocHttpSoap11Endpoint/. An unauthenticated user is able to read directory...

FreeBSD : sugarcrm -- multiple vulnerabilities (3b776502-f601-44e0-87cd-b63f1b9ae42a)

sugarcrm developers report : An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 and Sugar Community Edition 6.5.26. Several areas have been identified in the Documents and Emails module that could allow an authenticated user to perform SQL injection...

SugarCRM Multiple Vulnerabilities (Sep 2017)

SugarCRM is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:sugarcrm:sugarcrm"; if description...

Directory Traversal Vulnerability in Tenda W15E Devices

The Tenda W15E devices is a dual-band wireless router from China's Tenda. A directory traversal vulnerability exists in the Tenda W15E devices, which allows remote attackers to submit a special request to view the contents of system files in an application context...

SugarCRM Remote File Inclusion Vulnerability

SugarCRM Professional is a professional version of an open source customer relationship management system CRM from SugarCRM USA. The system supports differentiated marketing for different customer needs, managing and distributing sales leads, and enabling information sharing and tracking of sales...

Input validation

An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 and Sugar Community Edition 6.5.26. A remote file inclusion has been identified in the Connectors module allowing authenticated users to include remotely accessible system files via a...