Lucene search
K

229 matches found

Patchstack
Patchstack
added 2025/03/14 7:13 a.m.5 views

WordPress PluginPass plugin <= 0.9.10 - Arbitrary File Download/Delete vulnerability

Arbitrary File Download/Delete vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin PluginPass versions = 0.9.10...

8.6CVSS7AI score0.00517EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/05 1:45 p.m.18 views

CVE-2020-13522

An exploitable arbitrary file delete vulnerability exists in SoftPerfect RAM Disk 4.1 spvve.sys driver. A specially crafted I/O request packet IRP can allow an unprivileged user to delete any file on the filesystem. An attacker can send a malicious IRP to trigger this vulnerability...

8.8CVSS6.8AI score0.00455EPSS
Exploits1
NVD
NVD
added 2024/12/16 7:15 a.m.16 views

CVE-2024-12646

The topm-client from Chunghwa Telecom has an Arbitrary File Delete vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticated remote attackers could use these APIs...

8.1CVSS0.00307EPSS
Exploits0References2
NVD
NVD
added 2024/12/16 7:15 a.m.15 views

CVE-2024-12643

The tbm-client from Chunghwa Telecom has an Arbitrary File Delete vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticated remote attackers could use these APIs...

8.1CVSS0.00314EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/12/16 6:54 a.m.9 views

CVE-2024-12646 Chunghwa Telecom topm-client - Arbitrary File Delete

The topm-client from Chunghwa Telecom has an Arbitrary File Delete vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticated remote attackers could use these APIs...

8.1CVSS7.3AI score0.00307EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/12/16 6:54 a.m.16 views

CVE-2024-12646 Chunghwa Telecom topm-client - Arbitrary File Delete

The topm-client from Chunghwa Telecom has an Arbitrary File Delete vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticated remote attackers could use these APIs...

8.1CVSS0.00307EPSS
Exploits0References2
CVE
CVE
added 2024/12/16 6:54 a.m.75 views

CVE-2024-12646

The CVE-2024-12646 entry concerns Chunghwa Telecom’s topm-client. Affected component: topm-client API surface that lacks CSRF protection, enabling unauthenticated remote attackers to interact with the local web server via phishing. A second issue is an Absolute Path Traversal vulnerability in one...

8.1CVSS8.2AI score0.00307EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/12/16 6:37 a.m.10 views

CVE-2024-12643 Chunghwa Telecom tbm-client - Arbitrary File Delete

The tbm-client from Chunghwa Telecom has an Arbitrary File Delete vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticated remote attackers could use these APIs...

8.1CVSS7.3AI score0.00314EPSS
Exploits0References2
CVE
CVE
added 2024/12/16 6:37 a.m.77 views

CVE-2024-12643

The CVE-2024-12643 entry concerns Chunghwa Telecom's tbm-client, where an API lacking CSRF protection enables unauthenticated remote use via phishing, and one API contains an Absolute Path Traversal flaw that can delete arbitrary files on a user’s system. Affected versions (per CNNVD) are 0.3.15 ...

8.1CVSS8.2AI score0.00314EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/12/16 6:37 a.m.14 views

CVE-2024-12643 Chunghwa Telecom tbm-client - Arbitrary File Delete

The tbm-client from Chunghwa Telecom has an Arbitrary File Delete vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticated remote attackers could use these APIs...

8.1CVSS0.00314EPSS
Exploits0References2
NVD
NVD
added 2024/11/08 12:15 a.m.15 views

CVE-2024-8424

Improper Privilege Management vulnerability in WatchGuard EPDR, Panda AD360 and Panda Dome on Windows PSANHost.exe module allows arbitrary file delete with SYSTEM permissions. This issue affects EPDR: before 8.00.23.0000; Panda AD360: before 8.00.23.0000; Panda Dome: before 22.03.00...

7.8CVSS0.00188EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/07 11:27 p.m.22 views

CVE-2024-8424 WatchGuard Endpoint Protection Privilege Escalation in PSANHost Enables Arbitrary File Delete as SYSTEM

Improper Privilege Management vulnerability in WatchGuard EPDR, Panda AD360 and Panda Dome on Windows PSANHost.exe module allows arbitrary file delete with SYSTEM permissions. This issue affects EPDR: before 8.00.23.0000; Panda AD360: before 8.00.23.0000; Panda Dome: before 22.03.00...

7.8CVSS0.00188EPSS
Exploits0References1
CVE
CVE
added 2024/11/07 11:27 p.m.69 views

CVE-2024-8424

CVE-2024-8424 affects WatchGuard EPDR, Panda AD360, and Panda Dome on Windows via the PSANHost.exe module. The vulnerability is a local privilege escalation caused by improper privilege management, enabling arbitrary file deletion with SYSTEM permissions. Affected versions: EPDR before 8.00.23.00...

7.8CVSS7.8AI score0.00188EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/07 11:27 p.m.9 views

CVE-2024-8424 WatchGuard Endpoint Protection Privilege Escalation in PSANHost Enables Arbitrary File Delete as SYSTEM

Improper Privilege Management vulnerability in WatchGuard EPDR, Panda AD360 and Panda Dome on Windows PSANHost.exe module allows arbitrary file delete with SYSTEM permissions. This issue affects EPDR: before 8.00.23.0000; Panda AD360: before 8.00.23.0000; Panda Dome: before 22.03.00...

7.8CVSS7.1AI score0.00188EPSS
Exploits0References1
Veracode
Veracode
added 2024/10/15 6:30 a.m.10 views

Arbitrary File Write And Delete

open-webui is vulnerable to Arbitrary File write and delete. The vulnerability is due to unsanitized file.filename concatenation with CACHEDIR, allowing attackers to overwrite and delete system files...

7.2CVSS6.8AI score0.01032EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2024/10/09 9:31 p.m.7 views

GHSA-54F4-V6V9-9Q82 open-webui allows writing and deleting arbitrary files

In version v0.3.8 of open-webui/open-webui, the endpoint /api/pipelines/upload is vulnerable to arbitrary file write and delete due to unsanitized file.filename concatenation with CACHEDIR. This vulnerability allows attackers to overwrite and delete system files, potentially leading to remote cod...

7CVSS7AI score0.01032EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2024/10/07 3:10 p.m.13 views

Saltcorn Server allows logged-in users to delete arbitrary files because of a path traversal vulnerability

Summary A logged-in user with any role can delete arbitrary files on the filesystem by calling the sync/cleansyncdir endpoint. The dirname POST parameter is not validated/sanitized and is used to construct the syncDir that is deleted by calling fs.rm. Details - file:...

6.5CVSS7.5AI score0.00751EPSS
Exploits0References5Affected Software1
Packet Storm
Packet Storm
added 2024/09/24 12:0 a.m.416 views

ABB Cylon Aspect 3.08.01 Arbitrary File Deletion

ABB Cylon Aspect 3.08.01 databaseFileDelete.php Arbitrary File Delete Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.01 Summary: ASPECT is an award-winning scalable building energy...

10CVSS7.1AI score0.17159EPSS
Exploits3
Zero Science Lab
Zero Science Lab
added 2024/09/23 12:0 a.m.290 views

ABB Cylon Aspect 3.08.01 (bigUpload.php) Remote Code Execution

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB BMS/BAS controller suffers from a remote code execution...

10CVSS8AI score0.1901EPSS
Exploits4
Zero Science Lab
Zero Science Lab
added 2024/09/23 12:0 a.m.369 views

ABB Cylon Aspect 3.08.01 (databaseFileDelete.php) Arbitrary File Delete

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The BMS/BAS controller suffers from an arbitrary file deletion...

10CVSS5.9AI score0.17159EPSS
Exploits3
Rows per page
Query Builder