Lucene search

K

Frontend File Manager & Sharing – User Private Files Security Vulnerabilities

nvd
nvd

CVE-2024-31161

The upload functionality of ASUS Download Master does not properly filter user input. Remote attackers with administrative privilege can exploit this vulnerability to upload any file to any location. They may even upload malicious web page files to the website directory, allowing arbitrary system.....

7.2CVSS

0.001EPSS

2024-06-14 04:15 AM
3
nvd
nvd

CVE-2024-31160

The parameter used in the certain page of ASUS Download Master is not properly filtered for user input. A remote attacker with administrative privilege can insert JavaScript code to the parameter for Stored Cross-site scripting...

4.8CVSS

0.0004EPSS

2024-06-14 04:15 AM
2
cve
cve

CVE-2024-31161

The upload functionality of ASUS Download Master does not properly filter user input. Remote attackers with administrative privilege can exploit this vulnerability to upload any file to any location. They may even upload malicious web page files to the website directory, allowing arbitrary system.....

7.2CVSS

7.3AI Score

0.001EPSS

2024-06-14 04:15 AM
9
cve
cve

CVE-2024-31160

The parameter used in the certain page of ASUS Download Master is not properly filtered for user input. A remote attacker with administrative privilege can insert JavaScript code to the parameter for Stored Cross-site scripting...

4.8CVSS

5.1AI Score

0.0004EPSS

2024-06-14 04:15 AM
9
cve
cve

CVE-2024-31159

The parameter used in the certain page of ASUS Download Master is not properly filtered for user input. A remote attacker with administrative privilege can insert JavaScript code to the parameter for Reflected Cross-site scripting...

4.8CVSS

5.2AI Score

0.0004EPSS

2024-06-14 04:15 AM
9
nvd
nvd

CVE-2024-31159

The parameter used in the certain page of ASUS Download Master is not properly filtered for user input. A remote attacker with administrative privilege can insert JavaScript code to the parameter for Reflected Cross-site scripting...

4.8CVSS

0.0004EPSS

2024-06-14 04:15 AM
3
cve
cve

CVE-2024-27178

An attacker can get Remote Code Execution by overwriting files. Overwriting files is enable by falsifying file name variable. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than...

7.2CVSS

7.9AI Score

0.0004EPSS

2024-06-14 04:15 AM
10
nvd
nvd

CVE-2024-27177

An attacker can get Remote Code Execution by overwriting files. Overwriting files is enable by falsifying package name variable. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower...

7.2CVSS

0.0004EPSS

2024-06-14 04:15 AM
2
nvd
nvd

CVE-2024-27178

An attacker can get Remote Code Execution by overwriting files. Overwriting files is enable by falsifying file name variable. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than...

7.2CVSS

0.0004EPSS

2024-06-14 04:15 AM
2
cve
cve

CVE-2024-27177

An attacker can get Remote Code Execution by overwriting files. Overwriting files is enable by falsifying package name variable. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower...

7.2CVSS

7.8AI Score

0.0004EPSS

2024-06-14 04:15 AM
10
cve
cve

CVE-2024-27176

An attacker can get Remote Code Execution by overwriting files. Overwriting files is enable by falsifying session ID variable. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than.....

7.2CVSS

7.9AI Score

0.0004EPSS

2024-06-14 04:15 AM
10
nvd
nvd

CVE-2024-27176

An attacker can get Remote Code Execution by overwriting files. Overwriting files is enable by falsifying session ID variable. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than.....

7.2CVSS

0.0004EPSS

2024-06-14 04:15 AM
2
nvd
nvd

CVE-2024-27175

Remote Command program allows an attacker to read any file using a Local File Inclusion vulnerability. An attacker can read any file on the printer. As for the affected products/models/versions, see the reference...

4.4CVSS

0.0004EPSS

2024-06-14 04:15 AM
2
cve
cve

CVE-2024-27175

Remote Command program allows an attacker to read any file using a Local File Inclusion vulnerability. An attacker can read any file on the printer. As for the affected products/models/versions, see the reference...

4.4CVSS

7AI Score

0.0004EPSS

2024-06-14 04:15 AM
10
nvd
nvd

CVE-2024-27173

Remote Command program allows an attacker to get Remote Code Execution by overwriting existing Python files containing executable code. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is...

9.8CVSS

0.0004EPSS

2024-06-14 04:15 AM
2
cve
cve

CVE-2024-27173

Remote Command program allows an attacker to get Remote Code Execution by overwriting existing Python files containing executable code. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is...

9.8CVSS

8AI Score

0.0004EPSS

2024-06-14 04:15 AM
10
nvd
nvd

CVE-2024-27170

It was observed that all the Toshiba printers contain credentials used for WebDAV access in the readable file. Then, it is possible to get a full access with WebDAV to the printer. As for the affected products/models/versions, see the reference...

7.4CVSS

0.0004EPSS

2024-06-14 04:15 AM
5
cve
cve

CVE-2024-27171

A remote attacker using the insecure upload functionality will be able to overwrite any Python file and get Remote Code Execution. As for the affected products/models/versions, see the reference...

7.4CVSS

7.7AI Score

0.0004EPSS

2024-06-14 04:15 AM
11
nvd
nvd

CVE-2024-27171

A remote attacker using the insecure upload functionality will be able to overwrite any Python file and get Remote Code Execution. As for the affected products/models/versions, see the reference...

7.4CVSS

0.0004EPSS

2024-06-14 04:15 AM
2
cve
cve

CVE-2024-27170

It was observed that all the Toshiba printers contain credentials used for WebDAV access in the readable file. Then, it is possible to get a full access with WebDAV to the printer. As for the affected products/models/versions, see the reference...

7.4CVSS

7.4AI Score

0.0004EPSS

2024-06-14 04:15 AM
10
nvd
nvd

CVE-2024-27167

Toshiba printers use Sendmail to send emails to recipients. Sendmail is used with several insecure directories. A local attacker can inject a malicious Sendmail configuration file. As for the affected products/models/versions, see the reference...

7.4CVSS

0.0004EPSS

2024-06-14 04:15 AM
2
nvd
nvd

CVE-2024-27168

It appears that some hardcoded keys are used for authentication to internal API. Knowing these private keys may allow attackers to bypass authentication and reach administrative interfaces. As for the affected products/models/versions, see the reference...

7.1CVSS

0.0004EPSS

2024-06-14 04:15 AM
3
cve
cve

CVE-2024-27167

Toshiba printers use Sendmail to send emails to recipients. Sendmail is used with several insecure directories. A local attacker can inject a malicious Sendmail configuration file. As for the affected products/models/versions, see the reference...

7.4CVSS

7.3AI Score

0.0004EPSS

2024-06-14 04:15 AM
9
cve
cve

CVE-2024-27168

It appears that some hardcoded keys are used for authentication to internal API. Knowing these private keys may allow attackers to bypass authentication and reach administrative interfaces. As for the affected products/models/versions, see the reference...

7.1CVSS

7.2AI Score

0.0004EPSS

2024-06-14 04:15 AM
15
nvd
nvd

CVE-2024-27163

Toshiba printers will display the password of the admin user in clear-text and additional passwords when sending 2 specific HTTP requests to the internal API. An attacker stealing the cookie of an admin or abusing a XSS vulnerability can recover this password in clear-text and compromise the...

6.5CVSS

0.0004EPSS

2024-06-14 04:15 AM
4
cve
cve

CVE-2024-27163

Toshiba printers will display the password of the admin user in clear-text and additional passwords when sending 2 specific HTTP requests to the internal API. An attacker stealing the cookie of an admin or abusing a XSS vulnerability can recover this password in clear-text and compromise the...

6.5CVSS

6.5AI Score

0.0004EPSS

2024-06-14 04:15 AM
13
nvd
nvd

CVE-2024-27160

All the Toshiba printers contain a shell script using the same hardcoded key to encrypt logs. An attacker can decrypt the encrypted files using the hardcoded key. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for...

6.2CVSS

0.0004EPSS

2024-06-14 04:15 AM
3
nvd
nvd

CVE-2024-27162

Toshiba printers provide a web interface that will load the JavaScript file. The file contains insecure codes vulnerable to XSS and is loaded inside all the webpages provided by the printer. An attacker can steal the cookie of an admin user. As for the affected products/models/versions, see the...

6.1CVSS

0.0004EPSS

2024-06-14 04:15 AM
2
cve
cve

CVE-2024-27160

All the Toshiba printers contain a shell script using the same hardcoded key to encrypt logs. An attacker can decrypt the encrypted files using the hardcoded key. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for...

6.2CVSS

6.6AI Score

0.0004EPSS

2024-06-14 04:15 AM
10
cve
cve

CVE-2024-27162

Toshiba printers provide a web interface that will load the JavaScript file. The file contains insecure codes vulnerable to XSS and is loaded inside all the webpages provided by the printer. An attacker can steal the cookie of an admin user. As for the affected products/models/versions, see the...

6.1CVSS

6AI Score

0.0004EPSS

2024-06-14 04:15 AM
11
nvd
nvd

CVE-2024-27161

all the Toshiba printers have programs containing a hardcoded key used to encrypt files. An attacker can decrypt the encrypted files using the hardcoded key. Insecure algorithm is used for the encryption. This vulnerability can be executed in combination with other vulnerabilities and difficult...

6.2CVSS

0.0004EPSS

2024-06-14 04:15 AM
2
cve
cve

CVE-2024-27161

all the Toshiba printers have programs containing a hardcoded key used to encrypt files. An attacker can decrypt the encrypted files using the hardcoded key. Insecure algorithm is used for the encryption. This vulnerability can be executed in combination with other vulnerabilities and difficult...

6.2CVSS

6.5AI Score

0.0004EPSS

2024-06-14 04:15 AM
10
cve
cve

CVE-2024-27159

All the Toshiba printers contain a shell script using the same hardcoded key to encrypt logs. An attacker can decrypt the encrypted files using the hardcoded key. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for...

6.2CVSS

6.6AI Score

0.0004EPSS

2024-06-14 04:15 AM
9
nvd
nvd

CVE-2024-27159

All the Toshiba printers contain a shell script using the same hardcoded key to encrypt logs. An attacker can decrypt the encrypted files using the hardcoded key. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for...

6.2CVSS

0.0004EPSS

2024-06-14 04:15 AM
1
cvelist
cvelist

CVE-2024-27179 Session disclosure inside the log files

Admin cookies are written in clear-text in logs. An attacker can retrieve them and bypass the authentication mechanism. As for the affected products/models/versions, see the reference...

4.7CVSS

0.0004EPSS

2024-06-14 04:09 AM
1
vulnrichment
vulnrichment

CVE-2024-27179 Session disclosure inside the log files

Admin cookies are written in clear-text in logs. An attacker can retrieve them and bypass the authentication mechanism. As for the affected products/models/versions, see the reference...

4.7CVSS

7.3AI Score

0.0004EPSS

2024-06-14 04:09 AM
cvelist
cvelist

CVE-2024-27178 Remote Code Execution

An attacker can get Remote Code Execution by overwriting files. Overwriting files is enable by falsifying file name variable. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than...

7.2CVSS

0.0004EPSS

2024-06-14 04:08 AM
1
vulnrichment
vulnrichment

CVE-2024-27178 Remote Code Execution

An attacker can get Remote Code Execution by overwriting files. Overwriting files is enable by falsifying file name variable. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than...

7.2CVSS

7.9AI Score

0.0004EPSS

2024-06-14 04:08 AM
githubexploit
githubexploit

Exploit for Path Traversal in Solarwinds Serv-U

CVE-2024-28995 (PoC) SolarWinds Serv-U was susceptible to a...

8.6CVSS

6.8AI Score

0.001EPSS

2024-06-14 04:06 AM
71
cvelist
cvelist

CVE-2024-27177 Remote Code Execution

An attacker can get Remote Code Execution by overwriting files. Overwriting files is enable by falsifying package name variable. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower...

7.2CVSS

0.0004EPSS

2024-06-14 04:06 AM
1
cvelist
cvelist

CVE-2024-27176 Remote Code Execution

An attacker can get Remote Code Execution by overwriting files. Overwriting files is enable by falsifying session ID variable. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than.....

7.2CVSS

0.0004EPSS

2024-06-14 04:05 AM
1
cvelist
cvelist

CVE-2024-27175 Local File Inclusion

Remote Command program allows an attacker to read any file using a Local File Inclusion vulnerability. An attacker can read any file on the printer. As for the affected products/models/versions, see the reference...

4.4CVSS

0.0004EPSS

2024-06-14 04:04 AM
cvelist
cvelist

CVE-2024-27173 insecure upload

Remote Command program allows an attacker to get Remote Code Execution by overwriting existing Python files containing executable code. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is...

9.8CVSS

0.0004EPSS

2024-06-14 04:01 AM
1
cvelist
cvelist

CVE-2024-27171 Insecure permissions

A remote attacker using the insecure upload functionality will be able to overwrite any Python file and get Remote Code Execution. As for the affected products/models/versions, see the reference...

7.4CVSS

0.0004EPSS

2024-06-14 03:59 AM
1
vulnrichment
vulnrichment

CVE-2024-27171 Insecure permissions

A remote attacker using the insecure upload functionality will be able to overwrite any Python file and get Remote Code Execution. As for the affected products/models/versions, see the reference...

7.4CVSS

7.5AI Score

0.0004EPSS

2024-06-14 03:59 AM
1
vulnrichment
vulnrichment

CVE-2024-27170 Hardcoded credentials for WebDAV access

It was observed that all the Toshiba printers contain credentials used for WebDAV access in the readable file. Then, it is possible to get a full access with WebDAV to the printer. As for the affected products/models/versions, see the reference...

7.4CVSS

6.8AI Score

0.0004EPSS

2024-06-14 03:56 AM
cvelist
cvelist

CVE-2024-27170 Hardcoded credentials for WebDAV access

It was observed that all the Toshiba printers contain credentials used for WebDAV access in the readable file. Then, it is possible to get a full access with WebDAV to the printer. As for the affected products/models/versions, see the reference...

7.4CVSS

0.0004EPSS

2024-06-14 03:56 AM
cvelist
cvelist

CVE-2024-27168 Hardcoded keys used to generate authentication cookies

It appears that some hardcoded keys are used for authentication to internal API. Knowing these private keys may allow attackers to bypass authentication and reach administrative interfaces. As for the affected products/models/versions, see the reference...

7.1CVSS

0.0004EPSS

2024-06-14 03:53 AM
1
vulnrichment
vulnrichment

CVE-2024-27168 Hardcoded keys used to generate authentication cookies

It appears that some hardcoded keys are used for authentication to internal API. Knowing these private keys may allow attackers to bypass authentication and reach administrative interfaces. As for the affected products/models/versions, see the reference...

7.1CVSS

7.3AI Score

0.0004EPSS

2024-06-14 03:53 AM
1
cvelist
cvelist

CVE-2024-31161 ASUS Download Master - Arbitrary File Upload

The upload functionality of ASUS Download Master does not properly filter user input. Remote attackers with administrative privilege can exploit this vulnerability to upload any file to any location. They may even upload malicious web page files to the website directory, allowing arbitrary system.....

7.2CVSS

0.001EPSS

2024-06-14 03:53 AM
Total number of security vulnerabilities1031810