CWE:
 

Topic
Date
Author
Med.
Nanometrics Centaur / TitanSMA Unauthenticated Remote Memory Leak
19.02.2020
byteGoblin
Med.
Sentrifugo Human Resource Management System 3.2 File Disclosure
02.05.2019
KingSkrupellos
Med.
WordPress lbg_zoominoutslider Plugins 5.0.3 File Information Exposure
14.01.2019
KingSkrupellos
Med.
WordPress lbg-audio5-html5-shoutcast_sticky 4.9.x File Information Exposure
14.01.2019
KingSkrupellos
Med.
WordPress all_in_one_bannerWithPlaylist Plugins 5.0.3 File Information Exposure
14.01.2019
KingSkrupellos
Med.
WordPress all_in_one_bannerRotator Plugins 4.9.9 File Information Exposure
14.01.2019
KingSkrupellos
Med.
WordPress lbg-audio8-html5-radio_ads Plugins 4.9.x File Information Exposure
14.01.2019
KingSkrupellos
Med.
Sophos UTM 9 Management Appplication Local File Inclusion
25.10.2017
Matt Bergin
Low
SPIP 3.1.2 File Enumeration / Path Traversal
20.10.2016
Nicolas CHATELAIN


CVEMAP Search Results

CVE
Details
Description
2021-04-08
Waiting for details
CVE-2021-1406

Updating...
 

 
A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to improper inclusion of sensitive information in downloadable files. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the attacker to obtain hashed credentials of system users. To exploit this vulnerability an attacker would need to have valid user credentials with elevated privileges.

 
2021-01-15
Low
CVE-2021-21250

Vendor: Onedev project
Software: Onedev
 

 
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which may lead to arbitrary file read. When BuildSpec is provided in XML format, the spec is processed by XmlBuildSpecMigrator.migrate(buildSpecString); which processes the XML document without preventing the expansion of external entities. These entities can be configured to read arbitrary files from the file system and dump their contents in the final XML document to be migrated. If the files are dumped in properties included in the YAML file, it will be possible for an attacker to read them. If not, it is possible for an attacker to exfiltrate the contents of these files Out Of Band. This issue was addressed in 4.0.3 by ignoring ENTITY instructions in xml file.

 
2019-08-21
Low
CVE-2019-12623

Updating...
 

 
A vulnerability in the web server functionality of Cisco Enterprise Network Functions Virtualization Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to perform file enumeration on an affected system. The vulnerability is due to the web server responding with different error codes for existing and non-existing files. An attacker could exploit this vulnerability by sending GET requests for different file names. A successful exploit could allow the attacker to enumerate files residing on the system.

 
2019-08-01
Low
CVE-2018-20932

Vendor: Cpanel
Software: Cpanel
 

 
cPanel before 70.0.23 exposes Apache HTTP Server logs after creation of certain domains (SEC-406).

 
2019-05-21
Low
CVE-2019-10320

Vendor: Jenkins
Software: Credentials
 

 
Jenkins Credentials Plugin 2.1.18 and earlier allowed users with permission to create or update credentials to confirm the existence of files on the Jenkins master with an attacker-specified path, and obtain the certificate content of files containing a PKCS#12 certificate.

 
2019-01-07
Low
CVE-2018-11798

Vendor: Apache
Software: Thrift
 

 
The Apache Thrift Node.js static web server in versions 0.9.2 through 0.11.0 have been determined to contain a security vulnerability in which a remote user has the ability to access files outside the set webservers docroot path.

 
2018-09-12
Low
CVE-2018-16970

Vendor: Wisetail
Software: Learning man...
 

 
Wisetail Learning Ecosystem (LE) through v4.11.6 allows insecure direct object reference (IDOR) attacks to download non-purchased course files via a modified id parameter.

 
2018-06-11
Low
CVE-2017-5387

Vendor: Mozilla
Software: Firefox
 

 
The existence of a specifically requested local file can be found due to the double firing of the "onerror" when the "source" attribute on a "<track>" tag refers to a file that does not exist if the source page is loaded locally. This vulnerability affects Firefox < 51.

 
2018-05-15
Medium
CVE-2018-10590

Vendor: Advantech
Software: Webaccess
 

 
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an information exposure vulnerability through directory listing has been identified, which may allow an attacker to find important files that are not normally visible.

 

 


Copyright 2022, cxsecurity.com

 

Back to Top