Lucene search
K

26 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2019-7134

Malware in sbrugna...

6.5CVSS6.3AI score0.01086EPSS
Exploits1References2
NVD
NVD
added 2024/10/15 7:15 a.m.16 views

CVE-2024-46898

SHIRASAGI prior to v1.19.1 processes URLs in HTTP requests improperly, resulting in a path traversal vulnerability. If this vulnerability is exploited, arbitrary files on the server may be retrieved when processing crafted HTTP requests...

8.6CVSS0.01016EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/10/15 6:10 a.m.10 views

CVE-2024-46898

SHIRASAGI prior to v1.19.1 processes URLs in HTTP requests improperly, resulting in a path traversal vulnerability. If this vulnerability is exploited, arbitrary files on the server may be retrieved when processing crafted HTTP requests...

8.6CVSS6.9AI score0.01016EPSS
Exploits0References3
CVE
CVE
added 2024/10/15 6:10 a.m.61 views

CVE-2024-46898

SHIRASAGI before v1.19.1 is vulnerable to a path traversal issue caused by improper handling of URLs in HTTP requests. The vulnerability may allow an attacker to retrieve arbitrary server files when processing crafted HTTP requests. Mitigation: upgrade to SHIRASAGI v1.19.1 (or later) as released ...

8.6CVSS6.9AI score0.01016EPSS
Exploits0References3Affected Software1
GithubExploit
GithubExploit
added 2024/02/20 3:26 p.m.288 views

Exploit for Path Traversal in Jenkins

🤵🏻 CVE-2024-23897 Arbitrary-file-read 🤵🏻 ============= ---------...

9.8CVSS9AI score0.99999EPSS
Exploits46
NVD
NVD
added 2023/07/11 5:15 p.m.28 views

CVE-2023-25606

An improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability CWE-23 in FortiAnalyzer and FortiManager management interface 7.2.0 through 7.2.1, 7.0.0 through 7.0.5, 6.4 all versions may allow a remote and authenticated attacker to retrieve arbitrary files from the...

6.5CVSS6.5AI score0.00554EPSS
Exploits0References1
0day.today
0day.today
added 2022/07/31 12:0 a.m.183 views

Geonetwork 4.2.0 - XML External Entity Vulnerability

Exploit Title: Geonetwork 4.2.0 - XML External Entity XXE Exploit Author: Amel BOUZIANE-LEBLOND https://twitter.com/amellb Vendor Homepage: https://geonetwork-opensource.org/ Version: Geonetwork 3.10.X through 4.2.0 Tested on: Microsoft Windows Server & Linux Description: GeoNetwork 3.1.x through...

0.1AI score
Exploits0
CVE
CVE
added 2022/04/12 4:11 p.m.743 views

CVE-2022-28213

CVE-2022-28213 concerns SAP BusinessObjects BI Platform (SOAP Web services) where XML input from an untrusted source is insufficiently validated, enabling XML External Entity (XXE) style behavior. Public entries identify affected releases as SAP BusinessObjects BI Platform 4.2/4.3; the issue can ...

8.1CVSS8.1AI score0.12476EPSS
Exploits4References3Affected Software1
CNVD
CNVD
added 2022/03/14 12:0 a.m.12 views

Aternity SteelCentral AppInternals Directory Traversal Vulnerability (CNVD-2022-22670)

Aternity SteelCentral AppInternals is a monitoring modern automation solution from Aternity, Inc. A directory traversal vulnerability exists in Aternity SteelCentral AppInternals, which stems from the fact that /api/appInternals/1.0/plugin/pmx does not perform any validation of user input that...

9.8CVSS4.4AI score0.01544EPSS
Exploits0References1
Prion
Prion
added 2021/01/15 7:15 a.m.14 views

Arbitrary file deletion

An issue was discovered in flatCore before 2.0.0 build 139. A local file disclosure vulnerability was identified in the docsfile HTTP request body parameter for the acp interface. This can be exploited with admin access rights. The affected parameter which retrieves the contents of the specified...

4CVSS4.9AI score0.0168EPSS
Exploits2References3Affected Software1
Prion
Prion
added 2020/11/27 6:15 p.m.12 views

Xxe

Crafter CMS Crafter Studio 3.0.1 is affected by: XML External Entity XXE. An unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band...

5CVSS8.5AI score0.01655EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2020/11/27 6:15 p.m.12 views

Design/Logic Flaw

In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band...

5CVSS8.5AI score0.01516EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/11/27 5:26 p.m.34 views

CVE-2017-15685

Crafter CMS Crafter Studio 3.0.1 is affected by: XML External Entity XXE. An unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band...

8.6AI score0.01655EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2020/11/03 12:0 a.m.328 views

Processwire CMS 2.4.0 Local File Inclusion

Exploit Title: Local File Inclusion Processwire CMS 2.4.0 Vulnerability Type: Unauthenticated LFI Date: 03.11.2020 Exploit Author: Y1LD1R1M Type: WEBAPPS Platform: PHP Vendor Homepage: https://processwire.com/ Version: 2.4.0 Tested on: Kali Linux Description Local File Inclusion in Processwire CM...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2020/08/06 12:0 a.m.28 views

FreeBSD : typo3 -- multiple vulnerabilities (eab964f8-d632-11ea-9172-4c72b94353b5)

Typo3 Team reports : In case an attacker manages to generate a valid cryptographic message authentication code HMAC-SHA1 - either by using a different existing vulnerability or in case the internal encryptionKey was exposed - it is possible to retrieve arbitrary files of a TYPO3 installation. Thi...

8.8CVSS8.5AI score0.02229EPSS
Exploits1References6
NVD
NVD
added 2019/11/01 12:15 p.m.29 views

CVE-2013-2738

minidlna has SQL Injection that may allow retrieval of arbitrary files...

9.8CVSS10AI score0.02177EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2019/11/01 12:15 p.m.31 views

CVE-2013-2738

minidlna has SQL Injection that may allow retrieval of arbitrary files...

9.8CVSS7.3AI score0.02177EPSS
Exploits1References2
Veracode
Veracode
added 2019/04/04 6:39 a.m.16 views

Directory Traversal

servey is vulnerable to directory traversal. A lack of validation of the URL allows a remote attacker to retrieve system files by using the ../ characters...

7.5CVSS7.3AI score0.01986EPSS
Exploits1References3Affected Software1
Veracode
Veracode
added 2018/12/12 9:37 a.m.28 views

Information Disclosure

phpmyadmin is vulnerable to information disclosure. An attacker with access to the login system and configuration storage tables is able to retrieve local files due to an error in the transformation feature...

6.5CVSS6AI score0.03254EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2018/11/02 12:0 a.m.29 views

F5 Networks BIG-IP : BIG-IP Configuration utility vulnerability (K00363258)

A local file vulnerability exists in the BIG-IP Configuration utility that exposes files containing F5-provided data only, and do not include configuration data, proxied traffic, or other potentially sensitive customer data. CVE-2018-5525 Impact Authenticated users may be able to retrieve files...

4.3CVSS5.1AI score0.01008EPSS
Exploits0References2
Rows per page
Query Builder