Lucene search
K

1649 matches found

NVD
NVD
added 2024/09/24 3:15 a.m.27 views

CVE-2024-8671

The WooEvents - Calendar and Event Booking plugin for WordPress is vulnerable to arbitrary file overwrite due to insufficient file path validation in the inc/barcode.php file in all versions up to, and including, 4.1.2. This makes it possible for unauthenticated attackers to overwrite arbitrary...

9.1CVSS0.01008EPSS
Exploits0References2
CVE
CVE
added 2024/09/24 3:6 a.m.56 views

CVE-2024-8671

The CVE-2024-8671 entry concerns WordPress plugin WooEvents – Calendar and Event Booking. Affected versions (up to 4.1.2) are vulnerable to arbitrary file overwrite due to insufficient file path validation in inc/barcode.php, enabling unauthenticated attackers to overwrite server files and potent...

9.1CVSS9.6AI score0.01008EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/09/24 3:6 a.m.25 views

CVE-2024-8671 WooEvents <= 4.1.2 - Unauthenticated Arbitrary File Overwrite

The WooEvents - Calendar and Event Booking plugin for WordPress is vulnerable to arbitrary file overwrite due to insufficient file path validation in the inc/barcode.php file in all versions up to, and including, 4.1.2. This makes it possible for unauthenticated attackers to overwrite arbitrary...

9.1CVSS0.01008EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/09/24 3:6 a.m.13 views

CVE-2024-8671 WooEvents <= 4.1.2 - Unauthenticated Arbitrary File Overwrite

The WooEvents - Calendar and Event Booking plugin for WordPress is vulnerable to arbitrary file overwrite due to insufficient file path validation in the inc/barcode.php file in all versions up to, and including, 4.1.2. This makes it possible for unauthenticated attackers to overwrite arbitrary...

9.1CVSS8AI score0.01008EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/09/24 1:4 a.m.5 views

WordPress WooEvents plugin <= 4.1.2 - Unauthenticated Arbitrary File Overwrite vulnerability

Unauthenticated Arbitrary File Overwrite vulnerability discovered by Tonn in WordPress Plugin WooEvents versions = 4.1.2...

9.1CVSS7AI score0.01008EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/09/19 7:15 p.m.3 views

CVE-2024-33109

Directory Traversal in the web interface of the Tiptel IP 286 with firmware version 2.61.13.10 allows attackers to overwrite arbitrary files on the phone via the Ringtone upload function...

9.8CVSS5.9AI score0.00879EPSS
Exploits0References2
OSV
OSV
added 2024/09/17 12:15 a.m.2 views

CVE-2024-44167

This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.7, visionOS 2, iOS 18 and iPadOS 18, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to overwrite arbitrary files...

5.5CVSS5.8AI score0.00631EPSS
Exploits0References10
CNNVD
CNNVD
added 2024/09/17 12:0 a.m.2 views

Apple macOS 安全漏洞

Apple macOS is a specialized operating system developed by Apple Inc. for Mac computers. A security vulnerability exists in Apple macOS version 13.7, which originates from an application that may be able to overwrite arbitrary files...

8.1CVSS6.3AI score0.00631EPSS
Exploits0References6
CNNVD
CNNVD
added 2024/09/05 12:0 a.m.4 views

Stripe CLI 安全漏洞

Stripe CLI is a command line tool for the Stripe e-commerce platform from Stripe Ireland. A security vulnerability exists in Stripe CLI version 1.11.1 and later versions, which stems from the inclusion of plug-in packages with formatting errors that can overwrite arbitrary files...

7.5CVSS6.8AI score0.00195EPSS
Exploits0References2
F5 Networks
F5 Networks
added 2024/08/22 6:3 p.m.23 views

K000140630: NGINX Agent vulnerability CVE-2024-7634

Security Advisory Description NGINX Agent's configdirs restriction feature allows a highly privileged attacker to gain the ability to write/overwrite files outside of the designated secure directory. CVE-2024-7634 Impact Under the default configuration, a user can overwrite arbitrary files on any...

6.9CVSS5.4AI score0.00471EPSS
Exploits0Affected Software2
Positive Technologies
Positive Technologies
added 2024/07/29 12:0 a.m.2 views

PT-2024-29083 · Apple · Apple Macos

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 12.7.6 macOS versions prior to 13.6.8 macOS versions prior to 14.6 Description: The issue was addressed with improved checks. An app may be able to overwrite arbitrary files. Recommendations: For macOS versions prior t...

5.5CVSS6.2AI score0.00264EPSS
Exploits0References13
Veracode
Veracode
added 2024/07/12 6:46 a.m.13 views

Arbitrary File Overwrite

aim is vulnerable to Arbitrary File Overwrite. The vulnerability is due to improper handling of the runhash and repo.path parameters in the backuprun-function, allowing any file on the host server to be overwritten and arbitrary data to be exfiltrated...

9.8CVSS6.9AI score0.53394EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2024/07/12 12:0 a.m.21 views

CVE-2024-6396 Arbitrary File Overwrite and Data Exfiltration in aimhubio/aim

A vulnerability in the backuprun function in aimhubio/aim version 3.19.3 allows remote attackers to overwrite any file on the host server and exfiltrate arbitrary data. The vulnerability arises due to improper handling of the runhash and repo.path parameters, which can be manipulated to create an...

9.8CVSS0.53394EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2024/07/03 7:26 a.m.791 views

Exploit for CVE-2024-37726

CVE-2024-37726 MSI Center Local Privilege Escalation - Arbitra...

6.8CVSS6.9AI score0.0086EPSS
Exploits1
NVD
NVD
added 2024/06/13 12:15 p.m.29 views

CVE-2024-34129

Acrobat Mobile Sign Android versions 24.4.2.33155 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to access files and directories...

7.5CVSS0.00283EPSS
Exploits0References1
NVD
NVD
added 2024/06/10 10:15 p.m.19 views

CVE-2024-36473

Trend Micro VPN Proxy One Pro, version 5.8.1012 and below is vulnerable to an arbitrary file overwrite or create attack but is limited to local Denial of Service DoS and under specific conditions can lead to elevation of privileges...

5.3CVSS0.00211EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/06/10 9:22 p.m.14 views

CVE-2024-36473

Trend Micro VPN Proxy One Pro, version 5.8.1012 and below is vulnerable to an arbitrary file overwrite or create attack but is limited to local Denial of Service DoS and under specific conditions can lead to elevation of privileges...

5.3CVSS0.00211EPSS
Exploits0References2
CVE
CVE
added 2024/06/10 9:22 p.m.59 views

CVE-2024-36473

Affected software/versions: Trend Micro VPN Proxy One Pro, 5.8.1012 and below. What is vulnerable: an arbitrary file overwrite or create attack, leading to a local DoS and, under specific conditions, privilege elevation. Root cause / vector (as described): impact stems from the Vpn Background Con...

5.3CVSS6.9AI score0.00211EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/06/10 12:0 a.m.3 views

PT-2024-4340 · Trend Micro · Trend Micro Vpn Proxy One Pro

Name of the Vulnerable Software and Affected Versions: Trend Micro VPN Proxy One Pro versions 5.8.1012 and below Description: The issue is related to an arbitrary file overwrite or create attack, which can lead to a local Denial of Service DoS and, under specific conditions, elevation of...

5.3CVSS5.3AI score0.00211EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2024/06/08 3:5 a.m.2 views

SUSE CVE-2024-5187

A vulnerability in the downloadmodelwithtestdata function of the onnx/onnx framework, version 1.16.0, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability enables attackers to overwrite any file on the system,...

8.8CVSS7.7AI score0.01168EPSS
Exploits1References3
Rows per page
Query Builder