CWE:
 

Sorry. No results for Bugtraq WLB2


CVEMAP Search Results

CVE
Details
Description
2022-05-19
Low
CVE-2022-29446

Vendor: Wow-company
Software: Counter box
 

 
Authenticated (administrator or higher role) Local File Inclusion (LFI) vulnerability in Wow-Company's Counter Box plugin <= 1.1.1 at WordPress.

 
2022-05-12
Low
CVE-2022-29302

Updating...
 

 
SolarView Compact ver.6.00 was discovered to contain a local file disclosure via /html/Solar_Ftp.php.

 
2022-05-05
Medium
CVE-2022-28462

Vendor: Novel-plus project
Software: Novel-plus
 

 
novel-plus 3.6.0 suffers from an Arbitrary file reading vulnerability.

 
2022-04-25
Waiting for details
CVE-2022-0656

Updating...
 

 
The Web To Print Shop : uDraw WordPress plugin before 3.3.3 does not validate the url parameter in its udraw_convert_url_to_base64 AJAX action (available to both unauthenticated and authenticated users) before using it in the file_get_contents function and returning its content base64 encoded in the response. As a result, unauthenticated users could read arbitrary files on the web server (such as /etc/passwd, wp-config.php etc)

 
2022-04-09
Low
CVE-2022-26877

Vendor: Asana
Software: Desktop
 

 
Asana Desktop before 1.6.0 allows remote attackers to exfiltrate local files if they can trick the Asana desktop app into loading a malicious web page.

 
2022-04-08
Medium
CVE-2022-28002

Vendor: Movie seat reservation project
Software: Movie seat r...
 

 
Movie Seat Reservation v1 was discovered to contain an unauthenticated file disclosure vulnerability via /index.php?page=home.

 
2022-04-05
Medium
CVE-2021-43008

Vendor: Adminer
Software: Adminer
 

 
Improper Access Control in Adminer versions 1.12.0 to 4.6.2 (fixed in version 4.6.3) allows an attacker to achieve Arbitrary File Read on the remote server by requesting the Adminer to connect to a remote MySQL database.

 
2022-03-28
Medium
CVE-2022-26271

Vendor: 74cms
Software: 74cms
 

 
74cmsSE v3.4.1 was discovered to contain an arbitrary file read vulnerability via the $url parameter at \index\controller\Download.php.

 
2022-03-17
Low
CVE-2022-24075

Vendor: Navercorp
Software: Whale
 

 
Whale browser before 3.12.129.18 allowed extensions to replace JavaScript files of the HWP viewer website which could access to local HWP files. When the HWP files were opened, the replaced script could read the files.

 
2022-03-15
Medium
CVE-2022-25497

Vendor: Cuppacms
Software: Cuppacms
 

 
CuppaCMS v1.0 was discovered to contain an arbitrary file read via the copy function.

 

 


Copyright 2022, cxsecurity.com

 

Back to Top