7 matches found
CVE-2023-1288
An XML External Entity injection XXE vulnerability in ENOVIA Live Collaboration V6R2013xE allows an attacker to read local files on the server...
CVE-2019-9187
ikiwiki before 3.20170111.1 and 3.2018x and 3.2019x before 3.20190228 allows SSRF via the aggregate plugin. The impact also includes reading local files via file: URIs...
Infogram: LFI through the MySQL connection
Hello team! I've found a way to read Infogram's server local files through the MySQL connection. The problem is that you're using the LOAD DATA LOCAL feature with your MySQL client. This how an attacker can easily send server's local files to her/his database. I've successfully readed the...
CVE-2019-9187
ikiwiki before 3.20170111.1 and 3.2018x and 3.2019x before 3.20190228 allows SSRF via the aggregate plugin. The impact also includes reading local files via file: URIs...
CVE-2018-3770
A path traversal exists in markdown-pdf version 9.0.0 that allows a user to insert a malicious html code that can result in reading the local files...
CVE-2018-5107
The printing process can bypass local access protections to read files available through symlinks, bypassing local file restrictions. The printing process requires files in a specific format so arbitrary data cannot be read but it is possible that some local file information could be exposed. Thi...
KLA10070 RLF vulnerability in Apache Tomcat
An improper class constriction vulnerability was found in Apache Tomcat. By exploiting this vulnerability malicious users can read arbitrary files. This vulnerability can be exploited from the network at a point related to the XML parser via a specially designed web application. Original advisori...