Lucene search
K

229 matches found

nvd
nvd
added 2023/03/09 9:15 p.m.49 views

CVE-2023-26957

onekeyadmin v1.3.9 was discovered to contain an arbitrary file delete vulnerability via the component \admin\controller\plugins...

9.1CVSS9.3AI score0.00606EPSS
Exploits1References1
cve
cve
added 2023/03/09 12:0 a.m.54 views

CVE-2023-26957

CVE-2023-26957 affects onekeyadmin v1.3.9. The vulnerability exists in the component admin\controller\plugins and allows an arbitrary file deletion . The CVSS data indicates a network-based, unauthenticated, high-severity impact with integrity and availability both affected. No explicit remediati...

9.1CVSS9.2AI score0.00606EPSS
Exploits1References1Affected Software1
vulnrichment
vulnrichment
added 2023/03/09 12:0 a.m.7 views

CVE-2023-26957

onekeyadmin v1.3.9 was discovered to contain an arbitrary file delete vulnerability via the component \admin\controller\plugins...

7.7AI score0.00606EPSS
Exploits1References1
ptsecurity
ptsecurity
added 2023/02/27 12:0 a.m.5 views

PT-2023-14730 · Razer · Razercentral

Name of the Vulnerable Software and Affected Versions: Razer Central versions prior to 7.8.0.381 Description: The issue is related to an Arbitrary File Delete vulnerability when handling files in the Accounts directory. Recommendations: For versions prior to 7.8.0.381, update to version 7.8.0.381...

7.8CVSS7.4AI score0.00266EPSS
Exploits0References4
cvelist
cvelist
added 2023/02/27 12:0 a.m.24 views

CVE-2022-45697

Arbitrary File Delete vulnerability in Razer Central before v7.8.0.381 when handling files in the Accounts directory...

7.8AI score0.00266EPSS
Exploits0References1
cve
cve
added 2023/02/27 12:0 a.m.44 views

CVE-2022-45697

CVE-2022-45697 affects Razer Central prior to v7.8.0.381, with an Arbitrary File Delete vulnerability when handling files in the Accounts directory. Impact details from the associated records indicate a local-only exposure with high impact on confidentiality, integrity, and availability (CVSS v3....

7.8CVSS7.5AI score0.00266EPSS
Exploits0References1Affected Software1
nvd
nvd
added 2023/02/10 1:15 p.m.27 views

CVE-2023-23698

Dell Command | Update, Dell Update, and Alienware Update versions before 4.6.0 and 4.7.1 contain Insecure Operation on Windows Junction in the installer component. A local malicious user may potentially exploit this vulnerability leading to arbitrary file delete...

7.1CVSS6.1AI score0.00176EPSS
Exploits0References1
prion
prion
added 2023/02/10 1:15 p.m.15 views

Design/Logic Flaw

Dell Command | Update, Dell Update, and Alienware Update versions before 4.6.0 and 4.7.1 contain Insecure Operation on Windows Junction in the installer component. A local malicious user may potentially exploit this vulnerability leading to arbitrary file delete...

3.2CVSS6.9AI score0.00176EPSS
Exploits0References1Affected Software2
cve
cve
added 2023/02/10 12:20 p.m.52 views

CVE-2023-23698

Dell Command | Update, Dell Update, and Alienware Update prior to 4.6.0 and 4.7.1 are affected. The installer component performs an insecure operation on Windows Junction, allowing a local attacker to delete arbitrary files without user interaction. Impact: high for availability/integrity; exploi...

7.1CVSS6.9AI score0.00176EPSS
Exploits0References1Affected Software2
cvelist
cvelist
added 2023/02/10 12:20 p.m.23 views

CVE-2023-23698

Dell Command | Update, Dell Update, and Alienware Update versions before 4.6.0 and 4.7.1 contain Insecure Operation on Windows Junction in the installer component. A local malicious user may potentially exploit this vulnerability leading to arbitrary file delete...

5.5CVSS7.1AI score0.00176EPSS
Exploits0References1
cvelist
cvelist
added 2022/09/30 11:53 p.m.19 views

CVE-2022-42002

SonicJS through 0.6.0 allows file overwrite. It has the following mutations that are used for updating files: fileCreate and fileUpdate. Both of these mutations can be called without any authentication to overwrite any files on a SonicJS application, leading to Arbitrary File Write and Delete...

9.6AI score0.01066EPSS
Exploits1References2
cve
cve
added 2022/09/30 11:53 p.m.222 views

CVE-2022-42002

CVE-2022-42002 affects SonicJS up to version 0.6.0. The vulnerability stems from unauthenticated access to the file mutation mutations, specifically fileCreate and fileUpdate , which can overwrite arbitrary files on a SonicJS application. This leads to Arbitrary File Write and Delete . Connection...

9.1CVSS9.3AI score0.01066EPSS
Exploits1References2Affected Software1
github
github
added 2022/06/25 12:0 a.m.21 views

Path traversal in Concrete CMS

Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 allow traversal in /index.php/ccm/system/file/upload which could result in an Arbitrary File Delete exploit. This was remediated by sanitizing /index.php/ccm/system/file/upload to ensure Concrete doesn’t allow traversal and by changin...

9.1CVSS8.7AI score0.02021EPSS
Exploits0References5Affected Software1
attackerkb
attackerkb
added 2022/06/24 3:15 p.m.1 views

CVE-2022-30117

Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 allow traversal in /index.php/ccm/system/file/upload which could result in an Arbitrary File Delete exploit. This was remediated by sanitizing /index.php/ccm/system/file/upload to ensure Concrete doesn’t allow traversal and by changin...

9.1CVSS7.3AI score0.02021EPSS
Exploits0References4
nvd
nvd
added 2022/06/24 3:15 p.m.22 views

CVE-2022-30117

Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 allow traversal in /index.php/ccm/system/file/upload which could result in an Arbitrary File Delete exploit. This was remediated by sanitizing /index.php/ccm/system/file/upload to ensure Concrete doesn’t allow traversal and by changin...

9.1CVSS0.02021EPSS
Exploits0References3
prion
prion
added 2022/06/24 3:15 p.m.18 views

Design/Logic Flaw

Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 allow traversal in /index.php/ccm/system/file/upload which could result in an Arbitrary File Delete exploit. This was remediated by sanitizing /index.php/ccm/system/file/upload to ensure Concrete doesn’t allow traversal and by changin...

6.4CVSS9.1AI score0.02021EPSS
Exploits0References3Affected Software1
cve
cve
added 2022/06/24 2:59 p.m.109 views

CVE-2022-30117

Concrete CMS versions affected: 8.5.7 and below, and 9.0–9.0.2. The issue is a path traversal in /index.php/ccm/system/file/upload that could enable Arbitrary File Deletion. Root cause: inadequate input validation allowing traversal, enabling access to arbitrary files. Remediation implemented: sa...

9.1CVSS9.2AI score0.02021EPSS
Exploits0References3Affected Software1
osv
osv
added 2022/05/17 4:12 a.m.14 views

GHSA-WCJ4-FF9M-5R7G ImpressCMS Path Traversal to Arbitrary File Delete

Absolute path traversal vulnerability in htdocs/libraries/image-editor/image-edit.php in ImpressCMS before 1.3.6 allows remote attackers to delete arbitrary files via a full pathname in the imagepath parameter in a cancel action...

6.4CVSS6.5AI score0.03711EPSS
Exploits3References6
github
github
added 2022/05/17 4:12 a.m.21 views

ImpressCMS Path Traversal to Arbitrary File Delete

Absolute path traversal vulnerability in htdocs/libraries/image-editor/image-edit.php in ImpressCMS before 1.3.6 allows remote attackers to delete arbitrary files via a full pathname in the imagepath parameter in a cancel action...

6.4CVSS6.9AI score0.03711EPSS
Exploits3References7Affected Software1
osv
osv
added 2022/05/13 1:41 a.m.13 views

GHSA-X73X-7GMX-W835 Arbitrary file delete in baserCMS

baserCMS version 3.0.14 and earlier, 4.0.5 and earlier allows remote attackers to delete arbitrary files via unspecified vectors when the "File" field is being used in the mail form...

7.5CVSS7.5AI score0.01418EPSS
Exploits0References3
Rows per page
Query Builder