17 matches found
EUVD-2009-4267
Malware in sbrugna...
EUVD-2015-6608
Malware in sbrugna...
EUVD-2022-2534
Malicious code in bioql PyPI...
CVE-2023-51006
An issue in the openFile method of Chinese Perpetual Calendar v9.0.0 allows attackers to read any file via unspecified vectors...
CVE-2020-8278
Improper access control in Nextcloud Social app version 0.3.1 allowed to read posts of any user...
PT-2024-19351 · Ibm · Ibm Txseries For Multiplatforms
Name of the Vulnerable Software and Affected Versions: IBM TXSeries for Multiplatforms version 8.2 Description: The issue allows web pages to be stored locally, which can then be read by another user on the system. Recommendations: For IBM TXSeries for Multiplatforms version 8.2, consider...
CVE-2024-3025 Path Traversal in mintplex-labs/anything-llm
mintplex-labs/anything-llm is vulnerable to path traversal attacks due to insufficient validation of user-supplied input in the logo filename functionality. Attackers can exploit this vulnerability by manipulating the logo filename to reference files outside of the restricted directory. This can...
WordPress Plugin Error Log Viewer by BestWebSoft Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...
CVE-2023-6879
A heap-based buffer overflow vulnerability was found in AOM. When increasing the resolution of video frames during a multi-threaded encode, a heap overflow may occur in av1looprestorationdealloc within threadcommon.c, leading to a denial of service or unauthorized reading of memory. Mitigation...
CVE-2023-22061
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics component: Visual Analyzer. The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...
CVE-2018-12713
GIMP through 2.10.2 makes ggettmpdir calls to establish temporary filenames, which may result in a filename that already exists, as demonstrated by the gimpwriteandreadfile function in app/tests/test-xcf.c. This might be leveraged by attackers to overwrite files or read file content that was...
F5 BIG-IP - SOAP parser vulnerability CVE-2013-1824
The remote host is missing a security patch. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/h:f5:big-ip"; if description...
Design/Logic Flaw
Mahara before 1.5.12, 1.6.x before 1.6.7, and 1.7.x before 1.7.3 does not properly restrict access to artefacts, which allows remote authenticated users to read arbitrary artefacts via the 1 artefact id in an upload action when creating a journal or 2 instconfartefactidselectedID parameter in an...
PostgreSQL: Multiple vulnerabilities
Background PostgreSQL is an open source object-relational database management system. Description PostgreSQL does not correctly check the data types of the SQL function arguments under unspecified circumstances nor the format of the provided tables in the query planner. Impact A remote...
Microsoft Windows XMLHTTP component allows remote access to local data sources
Overview The Microsoft XMLHTTP ActiveX control allows unauthorized reading of any known file on a system. A victim must be enticed to visit a malicious site in order to be attacked. Description Description from MS02-008:Microsoft XML Core Services MSXML includes the XMLHTTP ActiveX control, which...
Generation Terrorists Designs Concepts Sojourn 2.0 - File Access
Generation Terrorists Designs Concepts Sojourn 2.0 - File Access source: https://www.securityfocus.com/bid/1052/info Any file that the webserver has read access to can be read on a server running the Sojourn search engine. The Sojourn software includes the ability to organize a website into...
CVE-1999-0296
Solaris volrmmount program allows attackers to read any file...