CVE-2024-52770

An arbitrary file upload vulnerability in the component /admin/filemanagecontrol of DedeBIZ v6.3.0 allows attackers to execute arbitrary code via uploading a crafted file...

CVE-2024-52771

CVE-2024-52771 : DedeBIZ v6.3.0 is affected by an arbitrary file deletion vulnerability in the /admin/file_manage_view component. The issue, assigned a CVSS v3.1 base score of 9.1 (CRITICAL; Network attack vector; no user interaction; I/H/A : integrity/high, availability/high, confidentiality non...

PT-2024-35432

Name of the Vulnerable Software and Affected Versions DedeBIZ version 6.3.0 Description The issue is related to an arbitrary file deletion vulnerability. It can be exploited via the /admin/file manage view component. Recommendations For DedeBIZ version 6.3.0, consider restricting access to the...

CVE-2024-20476

A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific file management functions. This vulnerability is due to lack of server-side validation of Administrator permissions. An attacker cou...

CVE-2024-20476 Cisco Identity Services Engine Authorization Bypass Vulnerability

A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific file management functions. This vulnerability is due to lack of server-side validation of Administrator permissions. An attacker cou...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an improperly managed proc file, which could lead to a resource leak...

File Management System 1.0 Insecure Direct Object Reference

============================================================================================================================================= | Title : File Management System 1.0 IDOR Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3 64 bits...

File Management System 1.0 Cross Site Request Forgery

============================================================================================================================================= | Title : File Management System 1.0 CSRF Add Admin Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0...

File Management System 1.0 Arbitrary File Upload

============================================================================================================================================= | Title : File Management System 1.0 Arbitrary File upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefo...

PT-2024-26521 · Dedecms · Dedecms

Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7.114 Description: The issue is related to an arbitrary file upload vulnerability in the /dede/file manage control.php file. This vulnerability allows attackers to execute arbitrary code by uploading a crafted file...

OESA-2024-1632 nautilus security update

It's easier to manage your files for the GNOME desktop. Ability to browse directories on local and remote systems. preview folders and launch related programs. It is also handle icons on the GNOME desktop. Security Fixes: GNOME Nautilus 42.2 allows a NULL pointer dereference and getbasename...

Unrestricted File Upload

drupal/core is vulnerable to Unrestricted File Upload. The vulnerability is caused by the failure to properly sanitize filenames within the filesaveupload function. This allows an attacker to potentially upload malicious system files, such as .htaccess...

CVE-2024-25523

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the fileid parameter at /filemanage/filememo.aspx...

RuvarOA 安全漏洞

RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which is caused by the lack of validation of the fileid parameter of the /filemanage/filememo.aspx file against external SQL input. An attacker can exploit this vulnerability t...

CVE-2024-33749

Summary of CVE-2024-33749 : DedeCMS v5.7.114 is vulnerable to deletion of any file via the mail_file_manage.php script. The vulnerability enables unauthorized file deletion, with CVSSv3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H (base score 9.1, CRITICAL) indicating high impact on integrity and availa...

pgAdmin Session Deserialization RCE

pgAdmin versions use exploit/multi/http/pgadminsessiondeserialization msf exploit...

pgAdmin 8.3 Remote Code Execution Exploit

pgAdmin versions 8.3 and below have a path traversal vulnerability within their session management logic that can allow a pickled file to be loaded from an arbitrary location. This can be used to load a malicious, serialized Python object to execute code within the context of the target...

ROS-20240411-08

The Jenkins Automation Server vulnerability involves the creation of temporary files with insecure permissions. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to read, modify, or delete files A vulnerability in the args4j library of the Jenkins Git server...

Fedora: Security Advisory for maven-file-management (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: maven-file-management-3.1.0-6.fc40

Provides a component for plugins to easily resolve project dependencies...