• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-552

CVE-2019-17221

February 26, 2023 by

PhantomJS through 2.1.1 has an arbitrary file read vulnerability, as demonstrated by an XMLHttpRequest for a file:// URI. The vulnerability exists in the page.open() function of the webpage module, which loads a specified URL and calls a given callback. An attacker can supply a specially crafted HTML file, as user input, that allows reading arbitrary files on the filesystem. For example, if page.render() is the function callback, this generates a PDF or an image of the targeted file. NOTE: this product is no longer developed.

CVE-2019-17112

February 26, 2023 by

An issue was discovered in Zoho ManageEngine DataSecurity Plus before 5.0.1 5012. An exposed service allows a basic user (“Operator” access level) to access the configuration file of the mail server (except for the password).

CVE-2019-17130

February 26, 2023 by

vBulletin through 5.5.4 mishandles external URLs within the /core/vb/vurl.php file and the /core/vb/vurl directories.

CVE-2019-14273

February 26, 2023 by

In SilverStripe assets 4.0, there is broken access control on files.

CVE-2019-13941

February 26, 2023 by

A vulnerability has been identified in OZW672 (All versions < V10.00), OZW772 (All versions < V10.00). Vulnerable versions of OZW Web Server use predictable path names for project files that legitimately authenticated users have created by using the application's export function. By accessing a specific uniform resource locator on the web server, a remote attacker could be able to download a project file without prior authentication. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected system. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises the confidentiality of the targeted system.

CVE-2019-13404

February 26, 2023 by

** DISPUTED ** The MSI installer for Python through 2.7.16 on Windows defaults to the C:Python27 directory, which makes it easier for local users to deploy Trojan horse code. (This also affects old 3.x releases before 3.5.) NOTE: the vendor’s position is that it is the user’s responsibility to ensure C:Python27 access control or choose a different directory, because backwards compatibility requires that C:Python27 remain the default for 2.7.x.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 7
  • Go to page 8
  • Go to page 9
  • Go to page 10
  • Go to page 11
  • Interim pages omitted …
  • Go to page 29
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE