229 matches found
WordPress PluginPass plugin <= 0.9.10 - Arbitrary File Download/Delete vulnerability
Arbitrary File Download/Delete vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin PluginPass versions = 0.9.10...
CVE-2020-13522
An exploitable arbitrary file delete vulnerability exists in SoftPerfect RAM Disk 4.1 spvve.sys driver. A specially crafted I/O request packet IRP can allow an unprivileged user to delete any file on the filesystem. An attacker can send a malicious IRP to trigger this vulnerability...
CVE-2024-12646
The topm-client from Chunghwa Telecom has an Arbitrary File Delete vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticated remote attackers could use these APIs...
CVE-2024-12643
The tbm-client from Chunghwa Telecom has an Arbitrary File Delete vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticated remote attackers could use these APIs...
CVE-2024-12646 Chunghwa Telecom topm-client - Arbitrary File Delete
The topm-client from Chunghwa Telecom has an Arbitrary File Delete vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticated remote attackers could use these APIs...
CVE-2024-12646 Chunghwa Telecom topm-client - Arbitrary File Delete
The topm-client from Chunghwa Telecom has an Arbitrary File Delete vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticated remote attackers could use these APIs...
CVE-2024-12646
The CVE-2024-12646 entry concerns Chunghwa Telecom’s topm-client. Affected component: topm-client API surface that lacks CSRF protection, enabling unauthenticated remote attackers to interact with the local web server via phishing. A second issue is an Absolute Path Traversal vulnerability in one...
CVE-2024-12643 Chunghwa Telecom tbm-client - Arbitrary File Delete
The tbm-client from Chunghwa Telecom has an Arbitrary File Delete vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticated remote attackers could use these APIs...
CVE-2024-12643
The CVE-2024-12643 entry concerns Chunghwa Telecom's tbm-client, where an API lacking CSRF protection enables unauthenticated remote use via phishing, and one API contains an Absolute Path Traversal flaw that can delete arbitrary files on a user’s system. Affected versions (per CNNVD) are 0.3.15 ...
CVE-2024-12643 Chunghwa Telecom tbm-client - Arbitrary File Delete
The tbm-client from Chunghwa Telecom has an Arbitrary File Delete vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticated remote attackers could use these APIs...
CVE-2024-8424
Improper Privilege Management vulnerability in WatchGuard EPDR, Panda AD360 and Panda Dome on Windows PSANHost.exe module allows arbitrary file delete with SYSTEM permissions. This issue affects EPDR: before 8.00.23.0000; Panda AD360: before 8.00.23.0000; Panda Dome: before 22.03.00...
CVE-2024-8424 WatchGuard Endpoint Protection Privilege Escalation in PSANHost Enables Arbitrary File Delete as SYSTEM
Improper Privilege Management vulnerability in WatchGuard EPDR, Panda AD360 and Panda Dome on Windows PSANHost.exe module allows arbitrary file delete with SYSTEM permissions. This issue affects EPDR: before 8.00.23.0000; Panda AD360: before 8.00.23.0000; Panda Dome: before 22.03.00...
CVE-2024-8424
CVE-2024-8424 affects WatchGuard EPDR, Panda AD360, and Panda Dome on Windows via the PSANHost.exe module. The vulnerability is a local privilege escalation caused by improper privilege management, enabling arbitrary file deletion with SYSTEM permissions. Affected versions: EPDR before 8.00.23.00...
CVE-2024-8424 WatchGuard Endpoint Protection Privilege Escalation in PSANHost Enables Arbitrary File Delete as SYSTEM
Improper Privilege Management vulnerability in WatchGuard EPDR, Panda AD360 and Panda Dome on Windows PSANHost.exe module allows arbitrary file delete with SYSTEM permissions. This issue affects EPDR: before 8.00.23.0000; Panda AD360: before 8.00.23.0000; Panda Dome: before 22.03.00...
Arbitrary File Write And Delete
open-webui is vulnerable to Arbitrary File write and delete. The vulnerability is due to unsanitized file.filename concatenation with CACHEDIR, allowing attackers to overwrite and delete system files...
GHSA-54F4-V6V9-9Q82 open-webui allows writing and deleting arbitrary files
In version v0.3.8 of open-webui/open-webui, the endpoint /api/pipelines/upload is vulnerable to arbitrary file write and delete due to unsanitized file.filename concatenation with CACHEDIR. This vulnerability allows attackers to overwrite and delete system files, potentially leading to remote cod...
Saltcorn Server allows logged-in users to delete arbitrary files because of a path traversal vulnerability
Summary A logged-in user with any role can delete arbitrary files on the filesystem by calling the sync/cleansyncdir endpoint. The dirname POST parameter is not validated/sanitized and is used to construct the syncDir that is deleted by calling fs.rm. Details - file:...
ABB Cylon Aspect 3.08.01 Arbitrary File Deletion
ABB Cylon Aspect 3.08.01 databaseFileDelete.php Arbitrary File Delete Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.01 Summary: ASPECT is an award-winning scalable building energy...
ABB Cylon Aspect 3.08.01 (bigUpload.php) Remote Code Execution
Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB BMS/BAS controller suffers from a remote code execution...
ABB Cylon Aspect 3.08.01 (databaseFileDelete.php) Arbitrary File Delete
Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The BMS/BAS controller suffers from an arbitrary file deletion...