20 matches found
OpenClaw Information Disclosure Vulnerability
OpenClaw is openclaw open source an intelligent artificial assistant. OpenClaw has an information disclosure vulnerability that stems from the isValidMedia function allowing arbitrary file paths, which can be exploited by an attacker to cause the reading of arbitrary files and the disclosure of...
EUVD-2005-2850
Malware in sbrugna...
EUVD-2024-25836
Malicious code in bioql PyPI...
CVE-2025-46407
A memory corruption vulnerability exists in the BMPv3 Palette Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .bmp file, an integer overflow can be made to occur which will cause a heap-based buffer to overflow when reading the palette from the...
CVE-2025-32468
A memory corruption vulnerability exists in the BMPv3 Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .bmp file, an integer overflow can be made to occur when calculating the stride for decoding. Afterwards, this will cause a heap-based...
CVE-2024-28748
A remote attacker with high privileges may use a reading file function to inject OS commands...
CVE-2024-28748 ifm: Reading function in Smart PLC allows command injections
A remote attacker with high privileges may use a reading file function to inject OS commands...
CVE-2024-28748 ifm: Reading function in Smart PLC allows command injections
A remote attacker with high privileges may use a reading file function to inject OS commands...
PT-2024-22556 · Ifm · Smart Plc Ac14Xx Firmware +1
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: A remote attacker with high privileges may use a reading file function to inject OS commands. There is no information provided about the estimated numbe...
PT-2024-23313 · Mintplex · Anything-Llm
Name of the Vulnerable Software and Affected Versions: mintplex-labs/anything-llm affected versions not specified Description: The issue is due to improper input validation, allowing attackers to read and delete arbitrary files on the server. By manipulating the logo filename parameter in the...
Apache OFBiz 代码问题漏洞
Apache OFBiz is the United States Apache Apache Foundation of a set of enterprise resource planning ERP system. The system provides a set of Java-based Web application components and tools. Apache OFBiz suffers from a server-side request forgery vulnerability that can be exploited by an attacker ...
CVE-2022-44268
ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image e.g., for resize, the resulting image could have embedded the content of an arbitrary. file if the magick binary has permissions to read it...
libwebp: excessive memory allocation when reading a file
A flaw was found in libwebp. When reading a file libwebp allocates an excessive amount of memory. The highest threat from this vulnerability is to the service availability...
Adobe Illustrator 资源管理错误漏洞
Adobe Illustrator 2021 is a vector graphics software. Adobe Illustrator 2021 25.2.3 and earlier versions are vulnerable to a post-release reuse vulnerability. An attacker could exploit this vulnerability to read arbitrary file systems...
CVE-2020-7646
curlrequest through 1.0.1 allows reading any file by populating the file parameter with user input...
CVE-2018-3732
resolve-path node module before 1.4.0 suffers from a Path Traversal vulnerability due to lack of validation of paths with certain special characters, which allows a malicious user to read content of any file with known path...
Juniper Junos FreeBSD libc db Information Disclosure (JSA10756)
According to its self-reported version number, the remote Juniper Junos device is affected by an information disclosure vulnerability in the underlying FreeBSD operating system libc db interface due to improper initialization of memory for Berkeley DB 1.85 database structures. A local attacker ca...
CVE-2014-3209
The ldns-keygen tool in ldns 1.6.x uses the current umask to set the privileges of the private key, which might allow local users to obtain the private key by reading the file...
ALCASAR-Remote
By sending a specially crafted value in the "host" HTTP header, it is possible to inject the exec function in order to execute commands as Apache user. !/usr/bin/env python -- coding: utf-8 -- ALCASAR = 2.8 Remote Root Code Execution Vulnerability Author: eF Date : 2014-02-10 db 88 ,ad8888ba, db...
CVE-2007-1191
The Social Bookmarks del.icio.us plug-in 8F in Quicksilver writes usernames and passwords in plaintext to the /Library/Logs/Console/UID/Console.log file, which allows local users to obtain sensitive information by reading this file...