29 matches found
Arbitrary File Deletion
github.com/pterodactyl/wingso is vulnerable to Arbitrary File Deletion. A remote authenticated attacker is able to delete files and directories recursively on the host system via the vulnerable Delete function of filesystem.go. This vulnerability can further be exploited to overwrite existing fil...
CVE-2023-25152 Symbolic Link (Symlink) Following in github.com/pterodactyl/wings
Wings is Pterodactyl's server control plane. Affected versions are subject to a vulnerability which can be used to create new files and directory structures on the host system that previously did not exist, potentially allowing attackers to change their resource allocations, promote their...
CVE-2023-25152
Wings (Pterodactyl) contains a privilege/escalation vector in its server control plane: affected Wings Daemon versions allow an attacker with an existing allocated server to create new files/directories on the host, potentially changing resource allocations, promoting containers to privileged mod...
Serious vulnerabilities found in ITarian software, patches available for SaaS products
Dutch research group DIVD has identified multiple vulnerabilities in ITarian products. In cooperation with DIVD, ITarian has made patches available to deal with these vulnerabilities for its SaaS platform. Software as a service SaaS is a software distribution model in which a cloud provider hosts...
CVE-2022-25152
The ITarian platform SAAS / on-premise offers the possibility to run code on agents via a function called procedures. It is possible to require a mandatory approval process. Due to a vulnerability in the approval process, present in any version prior to 6.35.37347.20040, a malicious actor with a...
CVE-2022-25152
The CVE-2022-25152 entry concerns ITarian’s platform (SaaS and on-premise) where a flaw in the agent-Run code workflow (procedures) allows bypassing the mandatory approval process. Versions before 6.35.37347.20040 are affected; a user with a valid session token can create a procedure, bypass appr...
CVE-2020-25152
CVE-2020-25152 is a session fixation vulnerability in B. Braun SpaceCom administrative interface and the Data module compactplus. Affected: SpaceCom software versions L81/U61 and earlier (outside US) and SpaceCom 2; Data module compactplus versions A10 and A11. Root cause: session fixation that c...
CVE-2021-25152
CVE-2021-25152 describes a remote insecure deserialization vulnerability in Aruba AirWave Management Platform before version 8.2.12.1. The root cause is insecure deserialization; impact is high (confidentiality, integrity, and availability). Aruba released patches addressing the vulnerability in ...
VulnCheck KEV: CVE-2019-25152
The Abandoned Cart Lite for WooCommerce and Abandoned Cart Pro for WooCommerce plugins for WordPress are vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 5.1.3 and 7.12.0 respectively, due to insufficient input sanitization and output escaping...