Lucene search
+L

29 matches found

Veracode
Veracode
added 2023/02/12 3:47 p.m.21 views

Arbitrary File Deletion

github.com/pterodactyl/wingso is vulnerable to Arbitrary File Deletion. A remote authenticated attacker is able to delete files and directories recursively on the host system via the vulnerable Delete function of filesystem.go. This vulnerability can further be exploited to overwrite existing fil...

9.6CVSS8AI score0.00956EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2023/02/08 6:52 p.m.8 views

CVE-2023-25152 Symbolic Link (Symlink) Following in github.com/pterodactyl/wings

Wings is Pterodactyl's server control plane. Affected versions are subject to a vulnerability which can be used to create new files and directory structures on the host system that previously did not exist, potentially allowing attackers to change their resource allocations, promote their...

8.4CVSS8.8AI score0.00682EPSS
Exploits0References2
CVE
CVE
added 2023/02/08 6:52 p.m.86 views

CVE-2023-25152

Wings (Pterodactyl) contains a privilege/escalation vector in its server control plane: affected Wings Daemon versions allow an attacker with an existing allocated server to create new files/directories on the host, potentially changing resource allocations, promoting containers to privileged mod...

8.8CVSS8.6AI score0.00682EPSS
Exploits0References2Affected Software1
Malwarebytes
Malwarebytes
added 2022/06/13 12:25 p.m.33 views

Serious vulnerabilities found in ITarian software, patches available for SaaS products

Dutch research group DIVD has identified multiple vulnerabilities in ITarian products. In cooperation with DIVD, ITarian has made patches available to deal with these vulnerabilities for its SaaS platform. Software as a service SaaS is a software distribution model in which a cloud provider hosts...

9CVSS8.6AI score0.01656EPSS
Exploits0
OSV
OSV
added 2022/06/09 5:15 p.m.4 views

CVE-2022-25152

The ITarian platform SAAS / on-premise offers the possibility to run code on agents via a function called procedures. It is possible to require a mandatory approval process. Due to a vulnerability in the approval process, present in any version prior to 6.35.37347.20040, a malicious actor with a...

8.8CVSS6.4AI score0.01656EPSS
Exploits0References2
CVE
CVE
added 2022/06/08 12:0 a.m.101 views

CVE-2022-25152

The CVE-2022-25152 entry concerns ITarian’s platform (SaaS and on-premise) where a flaw in the agent-Run code workflow (procedures) allows bypassing the mandatory approval process. Versions before 6.35.37347.20040 are affected; a user with a valid session token can create a procedure, bypass appr...

9.9CVSS9AI score0.01656EPSS
Exploits0References2Affected Software2
CVE
CVE
added 2022/04/14 8:5 p.m.58 views

CVE-2020-25152

CVE-2020-25152 is a session fixation vulnerability in B. Braun SpaceCom administrative interface and the Data module compactplus. Affected: SpaceCom software versions L81/U61 and earlier (outside US) and SpaceCom 2; Data module compactplus versions A10 and A11. Root cause: session fixation that c...

8.1CVSS7.3AI score0.01231EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2021/04/28 7:18 p.m.66 views

CVE-2021-25152

CVE-2021-25152 describes a remote insecure deserialization vulnerability in Aruba AirWave Management Platform before version 8.2.12.1. The root cause is insecure deserialization; impact is high (confidentiality, integrity, and availability). Aruba released patches addressing the vulnerability in ...

9CVSS7AI score0.01237EPSS
Exploits0References1Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2019/03/11 12:0 a.m.5 views

VulnCheck KEV: CVE-2019-25152

The Abandoned Cart Lite for WooCommerce and Abandoned Cart Pro for WooCommerce plugins for WordPress are vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 5.1.3 and 7.12.0 respectively, due to insufficient input sanitization and output escaping...

7.2CVSS6.3AI score0.01353EPSS
Exploits1References1
Rows per page
Query Builder