314 matches found
The vulnerability of the PAN-OS operating system in the centralized network switch management system of Palo Alto Networks Panorama allows a attacker to trigger a service failure.
The vulnerability of the PAN-OS operating system in the Palo Alto Networks Panorama network switch management system is related to the ability to download unlimited files of a malicious nature. Exploiting this vulnerability allows a malicious actor to cause service interruptions by downloading...
The vulnerability of the SINEMA Remote Connect VPN service lies in its ability to download files of a dangerous type without restrictions, allowing a hacker to execute arbitrary code.
The vulnerability of the SINEMA Remote Connect VPN service lies in the ability to download files of a dangerous type without restrictions. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially created file...
PT-2024-26501 · Zkteco · Zkbio Cvsecurity
Name of the Vulnerable Software and Affected Versions: ZKTeco ZKBio CVSecurity version 6.1.1 Description: The issue allows an unauthenticated user to perform a Directory Traversal attack via the photoBase64 parameter, enabling them to download local files from the server. Recommendations: For...
The vulnerability of the CMS system Netcat, related to the lack of restrictions on file downloads, allows attackers to execute arbitrary code or cause service interruptions.
The vulnerability of the CMS system Netcat is related to the lack of restrictions on file downloads. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or cause service failures...
CVE-2024-3783
WBSAirback 21.02.04 Backup Agents contains a path traversal vulnerability that a low-privilege user can exploit to download files from the system. Affected component: path handling in WBSAirback; impact is confidentiality breach. No remediation details are provided in the supplied documents.
Moderate: Red Hat Security Advisory: curl security and bug fix update
An update for curl is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...
VulnCheck KEV: CVE-2024-27954
The WordPress Automatic Plugin plugin for WordPress is vulnerable to Server-Side Request Forgery and Arbitrary File Downloads in all versions up to, and including, 3.92.0. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web...
OpenText PVCS Version Manager 安全漏洞
OpenText PVCS Version Manager is a version control software from OpenText, Inc. A security vulnerability exists in OpenText PVCS Version Manager that stems from the presence of weak access control that could bypass authentication for file downloads...
PT-2024-15083 · WordPress · Download Manager
Name of the Vulnerable Software and Affected Versions: Download Manager plugin for WordPress versions up to, and including, 3.2.84 Description: The issue allows unauthorized file download of files added via the plugin, making it possible for unauthenticated attackers to download files, even those...
WordPress Plugin Download Manager Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
Bentley Assetwise ALIM Web Security Vulnerability
Bentley AssetWise ALIM Web is a Bentley web-based application for managing asset and infrastructure lifecycles. A security vulnerability exists in Bentley Assetwise ALIM Web versions prior to 23.00.02.03 and Assetwise Information Integrity Server versions prior to 23.00.04.04, which stems from th...
PT-2024-21908 · Bentley · Assetwise Information Integrity Server +1
Name of the Vulnerable Software and Affected Versions: Assetwise ALIM Web versions prior to 23.00.04.04 Assetwise Information Integrity Server versions prior to 23.00.02.03 Description: The issue arises in the Bentley ALIM Web application when certain configuration settings cause exposure of a...
CVE-2023-51750
ScaleFusion 10.5.2 does not properly limit users to the Edge application because file downloads can occur. NOTE: the vendor's position is "Not vulnerable if the default Windows device profile configuration is used which utilizes modern management with website allow-listing rules."...
CVE-2023-51750
ScaleFusion 10.5.2 does not properly limit users to the Edge application because file downloads can occur. NOTE: the vendor's position is "Not vulnerable if the default Windows device profile configuration is used which utilizes modern management with website allow-listing rules."...
Design/Logic Flaw
ScaleFusion 10.5.2 does not properly limit users to the Edge application because file downloads can occur. NOTE: the vendor's position is "Not vulnerable if the default Windows device profile configuration is used which utilizes modern management with website allow-listing rules."...
PT-2024-14284 · Unknown · Scalefusion
Name of the Vulnerable Software and Affected Versions: ScaleFusion version 10.5.2 Description: The issue arises because ScaleFusion does not properly limit users to the Edge application, allowing file downloads to occur. The vendor notes that the default Windows device profile configuration, whic...
CVE-2023-51750
ScaleFusion 10.5.2 does not properly limit users to the Edge application because file downloads can occur. NOTE: the vendor's position is "Not vulnerable if the default Windows device profile configuration is used which utilizes modern management with website allow-listing rules."...
CVE-2023-51750
ScaleFusion 10.5.2 is affected by a vulnerability where the kiosk mode does not properly restrict users to the Edge application, allowing file downloads to occur. Public descriptions consistently report the issue and note the vendor’s stance that the product is not vulnerable if the default Windo...
CVE-2023-51750
ScaleFusion 10.5.2 does not properly limit users to the Edge application because file downloads can occur. NOTE: the vendor's position is "Not vulnerable if the default Windows device profile configuration is used which utilizes modern management with website allow-listing rules."...
Unauthenticated db-file-storage views
Impact In Nautobot 1.x and 2.0.x, the URLs /files/get/?name=... and /files/download/?name=... are used to provide admin access to files that have been uploaded as part of a run request for a Job that has FileVar inputs. Under normal operation these files are ephemeral and are deleted once the Job...