CWE:
 

Sorry. No results for Bugtraq WLB2


CVEMAP Search Results

CVE
Details
Description
2019-11-05
Medium
CVE-2019-17221

Vendor: Phantomjs
Software: Phantomjs
 

 
PhantomJS through 2.1.1 has an arbitrary file read vulnerability, as demonstrated by an XMLHttpRequest for a file:// URI. The vulnerability exists in the page.open() function of the webpage module, which loads a specified URL and calls a given callback. An attacker can supply a specially crafted HTML file, as user input, that allows reading arbitrary files on the filesystem. For example, if page.render() is the function callback, this generates a PDF or an image of the targeted file. NOTE: this product is no longer developed.

 
2019-10-09
Low
CVE-2019-17112

Updating...
 

 
An issue was discovered in Zoho ManageEngine DataSecurity Plus before 5.0.1 5012. An exposed service allows a basic user ("Operator" access level) to access the configuration file of the mail server (except for the password).

 
2019-10-08
Low
CVE-2019-0381

Vendor: SAP
Software: Dynamic tier
 

 
A binary planting in SAP SQL Anywhere, before version 17.0, SAP IQ, before version 16.1, and SAP Dynamic Tier, before versions 1.0 and 2.0, can result in the inadvertent access of files located in directories outside of the paths specified by the user.

 
2019-10-04
Medium
CVE-2019-17130

Vendor: Vbulletin
Software: Vbulletin
 

 
vBulletin through 5.5.4 mishandles external URLs within the /core/vb/vurl.php file and the /core/vb/vurl directories.

 
2019-09-26
Medium
CVE-2019-14273

Vendor: Silverstripe
Software: Silverstripe
 

 
In SilverStripe assets 4.0, there is broken access control on files.

 
2019-08-01
Medium
CVE-2016-10829

Vendor: Cpanel
Software: Cpanel
 

 
cPanel before 55.9999.141 allows arbitrary file-read operations because of a multipart form processing error (SEC-99).

 
2019-02-11
Medium
CVE-2018-9587

Vendor: Google
Software: Android
 

 
In savePhotoFromUriToUri of ContactPhotoUtils.java in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is possible unauthorized access to files within the contact app due to a confused deputy scenario. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Android ID: A-113597344.

 
2019-01-22
Low
CVE-2017-6922

Vendor: Drupal
Software: Drupal
 

 
In Drupal core 8.x prior to 8.3.4 and Drupal core 7.x prior to 7.56; Private files that have been uploaded by an anonymous user but not permanently attached to content on the site should only be visible to the anonymous user that uploaded them, rather than all anonymous users. Drupal core did not previously provide this protection, allowing an access bypass vulnerability to occur. This issue is mitigated by the fact that in order to be affected, the site must allow anonymous users to upload files into a private file system.

 
2018-09-11
Medium
CVE-2018-16946

Vendor: LG
Software: Lnd7210 firmware
 

 
LG LNB*, LND*, LNU*, and LNV* smart network camera devices have broken access control. Attackers are able to download /updownload/t.report (aka Log & Report) files and download backup files (via download.php) without authenticating. These backup files contain user credentials and configuration information for the camera device. An attacker is able to discover the backup filename via reading the system logs or report data, or just by brute-forcing the backup filename pattern. It may be possible to authenticate to the admin account with the admin password.

 
2018-06-11
Medium
CVE-2018-5112

Vendor: Mozilla
Software: Firefox
 

 
Development Tools panels of an extension are required to load URLs for the panels as relative URLs from the extension manifest file but this requirement was not enforced in all instances. This could allow the development tools panel for the extension to load a URL that it should not be able to access, including potentially privileged pages. This vulnerability affects Firefox < 58.

 

 


Copyright 2019, cxsecurity.com

 

Back to Top