26 matches found
EUVD-2019-7134
Malware in sbrugna...
CVE-2024-46898
SHIRASAGI prior to v1.19.1 processes URLs in HTTP requests improperly, resulting in a path traversal vulnerability. If this vulnerability is exploited, arbitrary files on the server may be retrieved when processing crafted HTTP requests...
CVE-2024-46898
SHIRASAGI before v1.19.1 is vulnerable to a path traversal issue caused by improper handling of URLs in HTTP requests. The vulnerability may allow an attacker to retrieve arbitrary server files when processing crafted HTTP requests. Mitigation: upgrade to SHIRASAGI v1.19.1 (or later) as released ...
CVE-2024-46898
SHIRASAGI prior to v1.19.1 processes URLs in HTTP requests improperly, resulting in a path traversal vulnerability. If this vulnerability is exploited, arbitrary files on the server may be retrieved when processing crafted HTTP requests...
Exploit for Path Traversal in Jenkins
🤵🏻 CVE-2024-23897 Arbitrary-file-read 🤵🏻 ============= ---------...
CVE-2023-25606
An improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability CWE-23 in FortiAnalyzer and FortiManager management interface 7.2.0 through 7.2.1, 7.0.0 through 7.0.5, 6.4 all versions may allow a remote and authenticated attacker to retrieve arbitrary files from the...
Geonetwork 4.2.0 - XML External Entity Vulnerability
Exploit Title: Geonetwork 4.2.0 - XML External Entity XXE Exploit Author: Amel BOUZIANE-LEBLOND https://twitter.com/amellb Vendor Homepage: https://geonetwork-opensource.org/ Version: Geonetwork 3.10.X through 4.2.0 Tested on: Microsoft Windows Server & Linux Description: GeoNetwork 3.1.x through...
CVE-2022-28213
CVE-2022-28213 concerns SAP BusinessObjects BI Platform (SOAP Web services) where XML input from an untrusted source is insufficiently validated, enabling XML External Entity (XXE) style behavior. Public entries identify affected releases as SAP BusinessObjects BI Platform 4.2/4.3; the issue can ...
Aternity SteelCentral AppInternals Directory Traversal Vulnerability (CNVD-2022-22670)
Aternity SteelCentral AppInternals is a monitoring modern automation solution from Aternity, Inc. A directory traversal vulnerability exists in Aternity SteelCentral AppInternals, which stems from the fact that /api/appInternals/1.0/plugin/pmx does not perform any validation of user input that...
Arbitrary file deletion
An issue was discovered in flatCore before 2.0.0 build 139. A local file disclosure vulnerability was identified in the docsfile HTTP request body parameter for the acp interface. This can be exploited with admin access rights. The affected parameter which retrieves the contents of the specified...
Design/Logic Flaw
In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band...
Xxe
Crafter CMS Crafter Studio 3.0.1 is affected by: XML External Entity XXE. An unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band...
CVE-2017-15685
Crafter CMS Crafter Studio 3.0.1 is affected by: XML External Entity XXE. An unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band...
Processwire CMS 2.4.0 Local File Inclusion
Exploit Title: Local File Inclusion Processwire CMS 2.4.0 Vulnerability Type: Unauthenticated LFI Date: 03.11.2020 Exploit Author: Y1LD1R1M Type: WEBAPPS Platform: PHP Vendor Homepage: https://processwire.com/ Version: 2.4.0 Tested on: Kali Linux Description Local File Inclusion in Processwire CM...
FreeBSD : typo3 -- multiple vulnerabilities (eab964f8-d632-11ea-9172-4c72b94353b5)
Typo3 Team reports : In case an attacker manages to generate a valid cryptographic message authentication code HMAC-SHA1 - either by using a different existing vulnerability or in case the internal encryptionKey was exposed - it is possible to retrieve arbitrary files of a TYPO3 installation. Thi...
CVE-2013-2738
minidlna has SQL Injection that may allow retrieval of arbitrary files...
CVE-2013-2738
minidlna has SQL Injection that may allow retrieval of arbitrary files...
Directory Traversal
servey is vulnerable to directory traversal. A lack of validation of the URL allows a remote attacker to retrieve system files by using the ../ characters...
Information Disclosure
phpmyadmin is vulnerable to information disclosure. An attacker with access to the login system and configuration storage tables is able to retrieve local files due to an error in the transformation feature...
F5 Networks BIG-IP : BIG-IP Configuration utility vulnerability (K00363258)
A local file vulnerability exists in the BIG-IP Configuration utility that exposes files containing F5-provided data only, and do not include configuration data, proxied traffic, or other potentially sensitive customer data. CVE-2018-5525 Impact Authenticated users may be able to retrieve files...