Total
271 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-32143 | 1 Codesys | 2 Plcwinnt, Runtime Toolkit | 2022-07-01 | 8.8 High |
| In multiple CODESYS products, file download and upload function allows access to internal files in the working directory e.g. firmware files of the PLC. All requests are processed on the controller only if no level 1 password is configured on the controller or if remote attacker has previously successfully authenticated himself to the controller. A successful Attack may lead to a denial of service, change of local files, or drain of confidential Information. User interaction is not required | ||||
| CVE-2022-30428 | 1 Ginadmin Project | 1 Ginadmin | 2022-06-08 | 7.5 High |
| In ginadmin through 05-10-2022, the incoming path value is not filtered, resulting in arbitrary file reading. | ||||
| CVE-2015-5211 | 2 Debian, Vmware | 2 Debian Linux, Spring Framework | 2022-06-05 | 9.6 Critical |
| Under some situations, the Spring Framework 4.2.0 to 4.2.1, 4.0.0 to 4.1.7, 3.2.0 to 3.2.14 and older unsupported versions is vulnerable to a Reflected File Download (RFD) attack. The attack involves a malicious user crafting a URL with a batch script extension that results in the response being downloaded rather than rendered and also includes some input reflected in the response. | ||||
| CVE-2020-11642 | 1 Br-automation | 1 Sitemanager | 2022-06-03 | 6.5 Medium |
| The local file inclusion vulnerability present in B&R SiteManager versions <9.2.620236042 allows authenticated users to impact availability of SiteManager instances. | ||||
| CVE-2020-11641 | 1 Br-automation | 1 Sitemanager | 2022-06-03 | 6.5 Medium |
| A local file inclusion vulnerability in B&R SiteManager versions <9.2.620236042 allows authenticated users to read sensitive files from SiteManager instances. | ||||
| CVE-2022-29720 | 1 74cms | 1 74cmsse | 2022-06-03 | 7.5 High |
| 74cmsSE v3.5.1 was discovered to contain an arbitrary file read vulnerability via the component \index\controller\Download.php. | ||||
| CVE-2022-29447 | 1 Wow-company | 1 Hover Effects | 2022-06-02 | 7.2 High |
| Authenticated (administrator or higher user role) Local File Inclusion (LFI) vulnerability in Wow-Company's Hover Effects plugin <= 2.1 at WordPress. | ||||
| CVE-2022-29446 | 1 Wow-company | 1 Counter Box | 2022-05-26 | 7.2 High |
| Authenticated (administrator or higher role) Local File Inclusion (LFI) vulnerability in Wow-Company's Counter Box plugin <= 1.1.1 at WordPress. | ||||
| CVE-2021-42644 | 1 Cmseasy | 1 Cmseasy | 2022-05-26 | 6.5 Medium |
| cmseasy V7.7.5_20211012 is affected by an arbitrary file read vulnerability. After login, the configuration file information of the website such as the database configuration file (config / config_database) can be read through this vulnerability. | ||||
| CVE-2020-3927 | 2 Changingtec, Microsoft | 2 Servisign, Windows | 2022-05-25 | 7.5 High |
| An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the attackers learn the specific API function, they may access arbitrary files on target system via crafted API parameter. | ||||
| CVE-2020-3926 | 2 Changingtec, Microsoft | 2 Servisign, Windows | 2022-05-24 | 7.5 High |
| An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the attackers learn the specific API function, they may access arbitrary files on target system via crafted API parameter. | ||||
| CVE-2022-29302 | 1 Contec | 2 Sv-cpt-mc310, Sv-cpt-mc310 Firmware | 2022-05-20 | 5.5 Medium |
| SolarView Compact ver.6.00 was discovered to contain a local file disclosure via /html/Solar_Ftp.php. | ||||
| CVE-2022-0656 | 1 Webtoprint | 1 Web To Print Shop\ | 2022-05-12 | 7.5 High |
| The Web To Print Shop : uDraw WordPress plugin before 3.3.3 does not validate the url parameter in its udraw_convert_url_to_base64 AJAX action (available to both unauthenticated and authenticated users) before using it in the file_get_contents function and returning its content base64 encoded in the response. As a result, unauthenticated users could read arbitrary files on the web server (such as /etc/passwd, wp-config.php etc) | ||||
| CVE-2022-28445 | 1 Kitesky | 1 Kitecms | 2022-05-02 | 6.5 Medium |
| KiteCMS v1.1.1 was discovered to contain an arbitrary file read vulnerability via the background management module. | ||||
| CVE-2022-26877 | 1 Asana | 1 Desktop | 2022-04-14 | 6.5 Medium |
| Asana Desktop before 1.6.0 allows remote attackers to exfiltrate local files if they can trick the Asana desktop app into loading a malicious web page. | ||||
| CVE-2022-28002 | 1 Movie Seat Reservation Project | 1 Movie Seat Reservation | 2022-04-14 | 7.5 High |
| Movie Seat Reservation v1 was discovered to contain an unauthenticated file disclosure vulnerability via /index.php?page=home. | ||||
| CVE-2019-13140 | 1 Intenogroup | 2 Eg200, Eg200 Firmware | 2022-03-31 | 6.5 Medium |
| Inteno EG200 EG200-WU7P1U_ADAMO3.16.4-190226_1650 routers have a JUCI ACL misconfiguration that allows the "user" account to extract the 3DES key via JSON commands to ubus. The 3DES key is used to decrypt the provisioning file provided by Adamo Telecom on a public URL via cleartext HTTP. | ||||
| CVE-2022-26271 | 1 74cms | 1 74cms | 2022-03-31 | 7.5 High |
| 74cmsSE v3.4.1 was discovered to contain an arbitrary file read vulnerability via the $url parameter at \index\controller\Download.php. | ||||
| CVE-2022-24075 | 1 Navercorp | 1 Whale | 2022-03-23 | 6.5 Medium |
| Whale browser before 3.12.129.18 allowed extensions to replace JavaScript files of the HWP viewer website which could access to local HWP files. When the HWP files were opened, the replaced script could read the files. | ||||
| CVE-2022-25497 | 1 Cuppacms | 1 Cuppacms | 2022-03-23 | 5.3 Medium |
| CuppaCMS v1.0 was discovered to contain an arbitrary file read via the copy function. | ||||