CVE-2023-45253

CVE-2023-45253 affects Huddly HuddlyCameraService prior to version 8.0.7 (excluding 7.99). The Red Hat entries describe a related DLL Hijacking weakness in the same product line, with write-privilege directory installation enabling file manipulation and potential privilege escalation. For CVE-202...

CVE-2023-45253

An issue was discovered in Huddly HuddlyCameraService before version 8.0.7, not including version 7.99, allows attackers to manipulate files and escalate privileges via RollingFileAppender.DeleteFile method performed by the log4net library...

PT-2023-29470 · Huddly · Huddlycameraservice

Name of the Vulnerable Software and Affected Versions: Huddly HuddlyCameraService versions prior to 8.0.7, excluding version 7.99 Description: The issue allows attackers to manipulate files, execute arbitrary code, and escalate privileges due to the installation of the service in a directory that...

Huddly Camera Service Security Vulnerability

Huddly Camera Service is a connected camera technology from Huddly, Inc. in the United States. A security vulnerability exists in Huddly Camera Service versions prior to 8.0.7 excluding version 7.99 that originates from a vulnerability that allows an attacker to manipulate files and elevate...

CVE-2023-45253

An issue was discovered in Huddly HuddlyCameraService before version 8.0.7, not including version 7.99, allows attackers to manipulate files and escalate privileges via RollingFileAppender.DeleteFile method performed by the log4net library...

CVE-2023-6354

Tyler Technologies Magistrate Court Case Management Plus allows an unauthenticated, remote attacker to upload, delete, and view files by manipulating the PDFViewer.aspx 'filename' parameter...

Code injection

Tyler Technologies Magistrate Court Case Management Plus allows an unauthenticated, remote attacker to upload, delete, and view files by manipulating the PDFViewer.aspx 'filename' parameter...

CVE-2023-6354 Tyler Technologies Magistrate Court Case Management Plus PDFViewer.aspx allows authentication bypass

Tyler Technologies Magistrate Court Case Management Plus allows an unauthenticated, remote attacker to upload, delete, and view files by manipulating the PDFViewer.aspx 'filename' parameter...

CVE-2023-6354

Tyler Technologies Magistrate Court Case Management Plus is affected by CVE-2023-6354. An unauthenticated remote attacker can upload, delete, and view files by manipulating the PDFViewer.aspx?filename parameter, indicating inadequate input handling/authorization on that endpoint. The root cause c...

CVE-2023-6353 Tyler Technologies Civil and Criminal Electronic Filing Upload.aspx allows authentication bypass

Tyler Technologies Civil and Criminal Electronic Filing allows an unauthenticated, remote attacker to upload, delete, and view files by manipulating the Upload.aspx 'enky' parameter...

Path Traversal

oro/platform is vulnerable to Path Traversal. The vulnerability is due to the getTemporaryFileName function in Oro/Bundle/GaufretteBundle/FileManager.php. An attacker can exploit this method to pass the path to a non-existent file, which will allow writing the content to a new file that will be...

GHSA-9V3J-4J64-P937 OroPlatform vulnerable to path traversal during temporary file manipulations

Impact Path Traversal is possible in Oro\Bundle\GaufretteBundle\FileManager::getTemporaryFileName. With this method, an attacker can pass the path to a non-existent file, which will allow writing the content to a new file that will be available during script execution. The file will be deleted...

CVE-2022-41951 OroPlatform vulnerable to path traversal during temporary file manipulations

OroPlatform is a PHP Business Application Platform BAP designed to make development of custom business applications easier and faster. Path Traversal is possible in Oro\Bundle\GaufretteBundle\FileManager::getTemporaryFileName. With this method, an attacker can pass the path to a non-existent file...

CVE-2023-6274

Byzoro Smart S80 up to 20231108 has a vulnerability in /sysmanage/updatelib.php (PHP File Handler) where the file_upload parameter can be manipulated to achieve unrestricted uploads. The vulnerability is exploitable remotely and the exploit has been publicly disclosed (VDB-246103). Connected advi...

CVE-2023-49298

OpenZFS through 2.1.13 and 2.2.x through 2.2.1, in certain scenarios involving applications that try to rely on efficient copying of file data, can replace file contents with zero-valued bytes and thus potentially disable security mechanisms. NOTE: this issue is not always security related, but c...

WP All Export (Free < 1.4.1, Pro < 1.8.6) - Author+ PHAR Deserialization via CSRF

Description The plugin does not check nonce tokens early enough in the request lifecycle, allowing attackers with the ability to upload files to make logged in users perform unwanted actions leading to PHAR deserialization, which may lead to remote code execution. 1. Ensure your WordPress...

Code injection

A vulnerability was found in GetSimpleCMS 3.3.16/3.4.0a. It has been rated as critical. This issue affects some unknown processing of the file /admin/theme-edit.php. The manipulation leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and ma...

CVE-2023-48031

OpenSupports v4.11.0 is vulnerable to Unrestricted Upload of File with Dangerous Type. In the comment function, an attacker can bypass security restrictions and upload a .bat file by manipulating the file's magic bytes to masquerade as an allowed type. This can enable the attacker to execute...

CVE-2023-6101

A vulnerability, which was classified as problematic, has been found in Maiwei Safety Production Control Platform 4.1. This issue affects some unknown processing of the file /TC/V2.7/ha.html of the component Intelligent Monitoring. The manipulation leads to information disclosure. The attack may ...

CVE-2023-6099 Shenzhen Youkate Industrial Facial Love Cloud Payment System Account SystemMng.ashx privileges management

A vulnerability classified as critical has been found in Shenzhen Youkate Industrial Facial Love Cloud Payment System up to 1.0.55.0.0.1. This affects an unknown part of the file /SystemMng.ashx of the component Account Handler. The manipulation of the argument operatorRole with the input 00 lead...