2037 matches found
Ivanti EPM 安全漏洞
Ivanti EPM is a comprehensive endpoint management solution developed by Ivanti. Ivanti EPM suffers from an absolute path traversal vulnerability that can be exploited by an attacker to obtain sensitive information...
Ivanti EPM 安全漏洞
Ivanti EPM is a one-stop-shop for managing user profiles and all client devices from Ivanti, USA. A security vulnerability exists in Ivanti EPM that stems from the inclusion of an absolute path traversal. Allowing a remote unauthenticated attacker to exploit the vulnerability could reveal sensiti...
Ivanti EPM 安全漏洞
Ivanti EPM is a one-stop-shop for managing user profiles and all client devices from Ivanti, USA. A security vulnerability exists in Ivanti EPM that stems from the inclusion of an absolute path traversal. Allowing a remote unauthenticated attacker to exploit the vulnerability could reveal sensiti...
Ivanti EPM 安全漏洞
Ivanti EPM is a comprehensive endpoint management solution developed by Ivanti. Ivanti EPM suffers from an absolute path traversal vulnerability that can be exploited by an attacker to obtain sensitive information...
PT-2025-1134
Name of the Vulnerable Software and Affected Versions Ivanti EPM versions before 2024 January-2025 Security Update Ivanti EPM versions before 2022 SU6 January-2025 Security Update Description The issue is related to an absolute path traversal in Ivanti EPM, which can be exploited by a remote...
CVE-2024-12806
A post-authentication absolute path traversal vulnerability in SonicOS management allows a remote attacker to read an arbitrary file...
CVE-2024-11635
The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.24.12 via the 'wfuABSPATH' cookie parameter. This makes it possible for unauthenticated attackers to execute code on the server...
WordPress plugin WordPress File Upload 代码注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...
CVE-2024-12425
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in The Document Foundation LibreOffice allows Absolute Path Traversal. An attacker can write to arbitrary locations, albeit suffixed with ".ttf", by supplying a file in a format that supports embedded font...
CVE-2024-12643
The tbm-client from Chunghwa Telecom has an Arbitrary File Delete vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticated remote attackers could use these APIs...
CVE-2024-12644
The tbm-client from Chunghwa Telecom has an Arbitrary File vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticated remote attackers could use these APIs through...
CVE-2024-12646
The topm-client from Chunghwa Telecom has an Arbitrary File Delete vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticated remote attackers could use these APIs...
CVE-2024-12646
The CVE-2024-12646 entry concerns Chunghwa Telecom’s topm-client. Affected component: topm-client API surface that lacks CSRF protection, enabling unauthenticated remote attackers to interact with the local web server via phishing. A second issue is an Absolute Path Traversal vulnerability in one...
CVE-2024-12644 Chunghwa Telecom tbm-client - Arbitrary File Copy and Paste
The tbm-client from Chunghwa Telecom has an Arbitrary File vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticated remote attackers could use these APIs through...
CVE-2024-12644
The CVE-2024-12644 entry concerns Chunghwa Telecom’s tbm-client. Affected component: tbm-client; vulnerability: Arbitrary File Copy and Absolute Path Traversal via API endpoints exposed by a local web server. Root cause: lack of CSRF protection enabling unauthenticated remote exploitation through...
CVE-2024-12644 Chunghwa Telecom tbm-client - Arbitrary File Copy and Paste
The tbm-client from Chunghwa Telecom has an Arbitrary File vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticated remote attackers could use these APIs through...
CVE-2024-12643 Chunghwa Telecom tbm-client - Arbitrary File Delete
The tbm-client from Chunghwa Telecom has an Arbitrary File Delete vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticated remote attackers could use these APIs...
CVE-2024-12643
The CVE-2024-12643 entry concerns Chunghwa Telecom's tbm-client, where an API lacking CSRF protection enables unauthenticated remote use via phishing, and one API contains an Absolute Path Traversal flaw that can delete arbitrary files on a user’s system. Affected versions (per CNNVD) are 0.3.15 ...
Chunghwa Telecom tbm-client 安全漏洞
Chunghwa Telecom tbm-client is an application from Chunghwa Telecom China. A security vulnerability exists in Chunghwa Telecom tbm-client versions 0.3.15 through 0.3.20, which stems from the presence of arbitrary file deletion and lack of CSRF protection, as well as an absolute path traversal...
PT-2024-10222 · Document Foundation +5 · Libreoffice +5
Name of the Vulnerable Software and Affected Versions: LibreOffice versions 24.8 through 24.8.3 Description: The issue is related to an improper limitation of a pathname to a restricted directory, allowing absolute path traversal. An attacker can write to arbitrary locations, albeit suffixed with...