Lucene search
K

314 matches found

BDU FSTEC
BDU FSTEC
added 2024/08/21 12:0 a.m.4 views

The vulnerability of the PAN-OS operating system in the centralized network switch management system of Palo Alto Networks Panorama allows a attacker to trigger a service failure.

The vulnerability of the PAN-OS operating system in the Palo Alto Networks Panorama network switch management system is related to the ability to download unlimited files of a malicious nature. Exploiting this vulnerability allows a malicious actor to cause service interruptions by downloading...

6.8CVSS5.4AI score0.00576EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/07/23 12:0 a.m.7 views

The vulnerability of the SINEMA Remote Connect VPN service lies in its ability to download files of a dangerous type without restrictions, allowing a hacker to execute arbitrary code.

The vulnerability of the SINEMA Remote Connect VPN service lies in the ability to download files of a dangerous type without restrictions. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially created file...

9CVSS7.7AI score0.00447EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/05/30 12:0 a.m.4 views

PT-2024-26501 · Zkteco · Zkbio Cvsecurity

Name of the Vulnerable Software and Affected Versions: ZKTeco ZKBio CVSecurity version 6.1.1 Description: The issue allows an unauthenticated user to perform a Directory Traversal attack via the photoBase64 parameter, enabling them to download local files from the server. Recommendations: For...

7.5CVSS6.5AI score0.01EPSS
Exploits1References4
BDU FSTEC
BDU FSTEC
added 2024/05/15 12:0 a.m.5 views

The vulnerability of the CMS system Netcat, related to the lack of restrictions on file downloads, allows attackers to execute arbitrary code or cause service interruptions.

The vulnerability of the CMS system Netcat is related to the lack of restrictions on file downloads. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or cause service failures...

9.4CVSS6AI score
Exploits0Affected Software1
CVE
CVE
added 2024/04/15 2:5 p.m.61 views

CVE-2024-3783

WBSAirback 21.02.04 Backup Agents contains a path traversal vulnerability that a low-privilege user can exploit to download files from the system. Affected component: path handling in WBSAirback; impact is confidentiality breach. No remediation details are provided in the supplied documents.

7.7CVSS6.7AI score0.00532EPSS
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added 2024/04/02 4:2 p.m.62 views

Moderate: Red Hat Security Advisory: curl security and bug fix update

An update for curl is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

6.5CVSS7AI score0.06208EPSS
Exploits2References5
VulnCheck KEV
VulnCheck KEV
added 2024/03/29 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-27954

The WordPress Automatic Plugin plugin for WordPress is vulnerable to Server-Side Request Forgery and Arbitrary File Downloads in all versions up to, and including, 3.92.0. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web...

9.3CVSS7.4AI score0.72953EPSS
Exploits2References1
CNNVD
CNNVD
added 2024/03/21 12:0 a.m.4 views

OpenText PVCS Version Manager 安全漏洞

OpenText PVCS Version Manager is a version control software from OpenText, Inc. A security vulnerability exists in OpenText PVCS Version Manager that stems from the presence of weak access control that could bypass authentication for file downloads...

9.8CVSS6.9AI score0.00697EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/03/13 12:0 a.m.8 views

PT-2024-15083 · WordPress · Download Manager

Name of the Vulnerable Software and Affected Versions: Download Manager plugin for WordPress versions up to, and including, 3.2.84 Description: The issue allows unauthorized file download of files added via the plugin, making it possible for unauthenticated attackers to download files, even those...

5.3CVSS9.6AI score0.00546EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/03/13 12:0 a.m.4 views

WordPress Plugin Download Manager Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

5.3CVSS6.6AI score0.00546EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/02/26 12:0 a.m.5 views

Bentley Assetwise ALIM Web Security Vulnerability

Bentley AssetWise ALIM Web is a Bentley web-based application for managing asset and infrastructure lifecycles. A security vulnerability exists in Bentley Assetwise ALIM Web versions prior to 23.00.02.03 and Assetwise Information Integrity Server versions prior to 23.00.04.04, which stems from th...

9.1CVSS6.7AI score0.00645EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/02/25 12:0 a.m.4 views

PT-2024-21908 · Bentley · Assetwise Information Integrity Server +1

Name of the Vulnerable Software and Affected Versions: Assetwise ALIM Web versions prior to 23.00.04.04 Assetwise Information Integrity Server versions prior to 23.00.02.03 Description: The issue arises in the Bentley ALIM Web application when certain configuration settings cause exposure of a...

9.1CVSS7.2AI score0.00645EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2024/01/11 2:15 p.m.1 views

CVE-2023-51750

ScaleFusion 10.5.2 does not properly limit users to the Edge application because file downloads can occur. NOTE: the vendor's position is "Not vulnerable if the default Windows device profile configuration is used which utilizes modern management with website allow-listing rules."...

4.6CVSS5.8AI score0.00286EPSS
Exploits0References4
NVD
NVD
added 2024/01/11 2:15 p.m.20 views

CVE-2023-51750

ScaleFusion 10.5.2 does not properly limit users to the Edge application because file downloads can occur. NOTE: the vendor's position is "Not vulnerable if the default Windows device profile configuration is used which utilizes modern management with website allow-listing rules."...

4.6CVSS4.8AI score0.00286EPSS
Exploits0References3
Prion
Prion
added 2024/01/11 2:15 p.m.18 views

Design/Logic Flaw

ScaleFusion 10.5.2 does not properly limit users to the Edge application because file downloads can occur. NOTE: the vendor's position is "Not vulnerable if the default Windows device profile configuration is used which utilizes modern management with website allow-listing rules."...

2.1CVSS7.1AI score0.00286EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2024/01/11 12:0 a.m.4 views

PT-2024-14284 · Unknown · Scalefusion

Name of the Vulnerable Software and Affected Versions: ScaleFusion version 10.5.2 Description: The issue arises because ScaleFusion does not properly limit users to the Edge application, allowing file downloads to occur. The vendor notes that the default Windows device profile configuration, whic...

4.6CVSS7.2AI score0.00286EPSS
Exploits0References8
Cvelist
Cvelist
added 2024/01/11 12:0 a.m.32 views

CVE-2023-51750

ScaleFusion 10.5.2 does not properly limit users to the Edge application because file downloads can occur. NOTE: the vendor's position is "Not vulnerable if the default Windows device profile configuration is used which utilizes modern management with website allow-listing rules."...

5.1AI score0.00286EPSS
Exploits0References3
CVE
CVE
added 2024/01/11 12:0 a.m.40 views

CVE-2023-51750

ScaleFusion 10.5.2 is affected by a vulnerability where the kiosk mode does not properly restrict users to the Edge application, allowing file downloads to occur. Public descriptions consistently report the issue and note the vendor’s stance that the product is not vulnerable if the default Windo...

4.6CVSS4.7AI score0.00286EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/11 12:0 a.m.8 views

CVE-2023-51750

ScaleFusion 10.5.2 does not properly limit users to the Edge application because file downloads can occur. NOTE: the vendor's position is "Not vulnerable if the default Windows device profile configuration is used which utilizes modern management with website allow-listing rules."...

6.8AI score0.00286EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2023/12/13 1:35 p.m.42 views

Unauthenticated db-file-storage views

Impact In Nautobot 1.x and 2.0.x, the URLs /files/get/?name=... and /files/download/?name=... are used to provide admin access to files that have been uploaded as part of a run request for a Job that has FileVar inputs. Under normal operation these files are ephemeral and are deleted once the Job...

5.3CVSS7.3AI score0.00748EPSS
Exploits0References10Affected Software1
Rows per page
Query Builder