SolarWinds Access Rights Manager OpenFile Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Access Rights Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the OpenFile method. The issue results from the lack of proper validati...

CVE-2024-1703

A vulnerability was found in ZhongBangKeJi CRMEB 5.2.2. It has been classified as problematic. This affects the function openfile of the file /adminapi/system/file/openfile. The manipulation leads to absolute path traversal. The exploit has been disclosed to the public and may be used. The...

CVE-2024-1703

A vulnerability was found in ZhongBangKeJi CRMEB 5.2.2. It has been classified as problematic. This affects the function openfile of the file /adminapi/system/file/openfile. The manipulation leads to absolute path traversal. The exploit has been disclosed to the public and may be used. The...

Path traversal

A vulnerability was found in ZhongBangKeJi CRMEB 5.2.2. It has been classified as problematic. This affects the function openfile of the file /adminapi/system/file/openfile. The manipulation leads to absolute path traversal. The exploit has been disclosed to the public and may be used. The...

CVE-2024-1703 ZhongBangKeJi CRMEB openfile absolute path traversal

A vulnerability was found in ZhongBangKeJi CRMEB 5.2.2. It has been classified as problematic. This affects the function openfile of the file /adminapi/system/file/openfile. The manipulation leads to absolute path traversal. The exploit has been disclosed to the public and may be used. The...

CRMEB Security Vulnerabilities

Zhongbang CRMEB is an open source e-commerce management system from Zhongbang in Xi'an, China. CRMEB 5.2.2 version of a security vulnerability , the vulnerability stems from the file /adminapi/system/file/openfile function openfile path traversal vulnerability...

PT-2024-18236 · Zhongbangkeji · Crmeb

Name of the Vulnerable Software and Affected Versions: ZhongBangKeJi CRMEB version 5.2.2 Description: A problematic issue has been found in the software, affecting the openfile function of the file "/adminapi/system/file/openfile". This issue leads to absolute path traversal. The exploit has been...

CVE-2023-51006

An issue in the openFile method of Chinese Perpetual Calendar v9.0.0 allows attackers to read any file via unspecified vectors...

CVE-2023-51006

An issue in the openFile method of Chinese Perpetual Calendar v9.0.0 allows attackers to read any file via unspecified vectors...

CVE-2023-51006

An issue in the openFile method of Chinese Perpetual Calendar v9.0.0 allows attackers to read any file via unspecified vectors...

CVE-2023-51006

An issue in the openFile method of Chinese Perpetual Calendar v9.0.0 allows attackers to read any file via unspecified vectors...

Chinese Perpetual Calendar Security Vulnerability

Chinese Perpetual Calendar 微鲤万年历 is a mobile calendar application. A security vulnerability exists in Chinese Perpetual Calendar version v9.0.0, which originates from an arbitrary file read vulnerability in the openFile method...

CVE-2023-51006

CVE-2023-51006 affects Chinese Perpetual Calendar v9.0.0. The openFile method reportedly allows attackers to read any file via unspecified vectors. According to the initial records, the vulnerability has a Network attack vector with low complexity, no privileges or user interaction required, and ...

SolarWinds Access Rights Manager OpenFile Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Access Rights Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the OpenFile method. The issue results from the lack of proper validati...

ASB-A-236688380

In openContentUri of ActivityManagerService.java, there is a possible way for a third party app to obtain restricted files due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

SUSE CVE-2006-6169

Heap-based buffer overflow in the askoutfilename function in openfile.c for GnuPG gpg 1.4 and 2.0, when running interactively, might allow attackers to execute arbitrary code via messages with "C-escape" expansions, which cause the makeprintablestring function to return a longer string than...

CVE-2022-20220

In openFile of CallLogProvider.java, there is a possible permission bypass due to a path traversal error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid...

CVE-2022-20220

In openFile of CallLogProvider.java, there is a possible permission bypass due to a path traversal error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid...

Heap overflow

In openFile of HeapDumpProvider.java, there is a possible way to retrieve generated heap dumps from debuggable apps due to an unprotected provider. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

CVE-2021-0693

CVE-2021-0693 pertains to Android 11 and involves the HeapDumpProvider.java openFile path, where an unprotected provider could allow retrieving generated heap dumps from debuggable apps. This creates a local information disclosure risk without requiring privileges or user interaction. The vulnera...