Design/Logic Flaw

This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/installation/setThumbnailRc endpoint. The issue results from the lack of prope...

CVE-2023-4616 thumbnail Directory Path Traversal Allows Unauthenticated Arbitrary File Read Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/thumbnail endpoint. The issue results from the lack of proper validati...

CVE-2023-4616 thumbnail Directory Path Traversal Allows Unauthenticated Arbitrary File Read Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/thumbnail endpoint. The issue results from the lack of proper validati...

CVE-2023-4614

LG LED Assistant is affected by CVE-2023-4614 due to a path traversal flaw in the /api/installation/setThumbnailRc endpoint, caused by insufficient validation of a user-supplied path. This unauthenticated vulnerability can be leveraged to access files in the current user context; some sources des...

CVE-2023-4613

This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/settings/upload endpoint. The issue results from the lack of proper validation...

CVE-2023-4613 Upload Directory Path Traversal Allows Unauthenticated Arbitrary File Read Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/settings/upload endpoint. The issue results from the lack of proper validation...

CVE-2023-4613

LG LED Assistant is affected by CVE-2023-4613, a path traversal vulnerability in the /api/settings/upload endpoint. The flaw stems from inadequate validation of a user-supplied path used in file operations, enabling remote attackers to execute arbitrary code in the current user context. Public de...

CVE-2023-4613 Upload Directory Path Traversal Allows Unauthenticated Arbitrary File Read Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/settings/upload endpoint. The issue results from the lack of proper validation...

PT-2023-29862 · Lg · Lg Led Assistant

Name of the Vulnerable Software and Affected Versions: LG LED Assistant affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of LG LED Assistant. Authentication is not required to exploit this issue. The specific flaw...

PT-2023-29877 · Lg · Lg Led Assistant

Name of the Vulnerable Software and Affected Versions: LG LED Assistant affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on affected installations. Authentication is not required to exploit this issue. The specific flaw exists withi...

PT-2023-29885 · Lg · Lg Led Assistant

Name of the Vulnerable Software and Affected Versions: LG LED Assistant affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on affected installations. Authentication is not required to exploit this issue. The specific flaw exists withi...

NETGEAR ProSAFE Network Management System ZipUtils Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within th...

LG LED Assistant setThumbnailRc Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/installation/setThumbnailRc endpoint. The issue results from the lack of prope...

LG LED Assistant upload Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/settings/upload endpoint. The issue results from the lack of proper validation...

(0Day) LG Simple Editor cp Command Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the cp command implemented in the makeDetailContent method. The issue results from the...

(0Day) LG Simple Editor FileManagerController getImageByFilename Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG Simple Editor. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

(0Day) LG Simple Editor copyStickerContent Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the copyStickerContent command. The issue results from th...

(0Day) LG Simple Editor copyTemplateAll Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the copyTemplateAll method. The issue results from the lack of proper validatio...

(0Day) LG Simple Editor putCanvasDB Directory Traversal Arbitrary File Deletion Vulnerability

This vulnerability allows remote attackers to delete arbitrary files on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the putCanvasDB method. The issue results from the lack of proper validation of a...

(0Day) LG Simple Editor PlayerController getImageByFilename Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG Simple Editor. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...