GMS File Path Manipulation

An unauthenticated attacker can gain access to web directory containing application's binaries and configuration files through file path manipulation vulnerability. CVE: CVE-2021-20030 Last updated: Oct. 13, 2022, 9:40 a.m...

CVE-2021-20030

SonicWall GMS is vulnerable to file path manipulation resulting that an unauthenticated attacker can gain access to web directory containing application's binaries and configuration files...

CVE-2021-20030

CVE-2021-20030 affects SonicWall Global Management System (GMS). The connected sources describe a file path manipulation vulnerability that allows an unauthenticated attacker to access the web directory containing the application's binaries and configuration files. The CVE is documented across mu...

CVE-2021-20030

SonicWall GMS is vulnerable to file path manipulation resulting that an unauthenticated attacker can gain access to web directory containing application's binaries and configuration files...

PT-2022-9165 · Sonicwall · Sonicwall Gms

Name of the Vulnerable Software and Affected Versions: SonicWall GMS affected versions not specified Description: The issue allows an unauthenticated attacker to gain access to the web directory containing the application's binaries and configuration files through file path manipulation...

CVE-2022-33920

Dell GeoDrive, versions prior to 2.2, contains an Unquoted File Path vulnerability. A low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code in the SYSTEM security context...

Design/Logic Flaw

Dell GeoDrive, versions prior to 2.2, contains an Unquoted File Path vulnerability. A low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code in the SYSTEM security context...

CVE-2022-33920

CVE-2022-33920 affects Dell GeoDrive prior to v2.2. The issue is an Unquoted File Path vulnerability that can allow a low-privilege attacker to execute arbitrary code in the SYSTEM context. Affected component: Dell GeoDrive executable/installation path with unquoted spaces. Impact: potential full...

CVE-2022-33920

Dell GeoDrive, versions prior to 2.2, contains an Unquoted File Path vulnerability. A low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code in the SYSTEM security context...

CVE-2022-33920

Dell GeoDrive, versions prior to 2.2, contains an Unquoted File Path vulnerability. A low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code in the SYSTEM security context...

PT-2022-21910 · Dell · Dell Geodrive

Name of the Vulnerable Software and Affected Versions: Dell GeoDrive versions prior to 2.2 Description: The issue allows a low privilege attacker to potentially exploit an Unquoted File Path vulnerability, leading to the execution of arbitrary code in the SYSTEM security context. Recommendations:...

CVE-2022-39802

SAP Manufacturing Execution - versions 15.1, 15.2, 15.3, allows an attacker to exploit insufficient validation of a file path request parameter. The intended file path can be manipulated to allow arbitrary traversal of directories on the remote server. The file content within each directory can b...

CVE-2022-39802

SAP Manufacturing Execution - versions 15.1, 15.2, 15.3, allows an attacker to exploit insufficient validation of a file path request parameter. The intended file path can be manipulated to allow arbitrary traversal of directories on the remote server. The file content within each directory can b...

CVE-2022-41512

An arbitrary file upload vulnerability in the component /phpaction/editFile.php of Online Diagnostic Lab Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file...

Hertz path traversal vulnerability

Hertz is a Golang microservices HTTP framework open sourced by CloudWeGo. v0.3.0 of Hertz contains a path traversal vulnerability that stems from a failure of the normalizePath function to properly filter special elements in a resource or file path. An attacker could exploit this vulnerability to...

DEBIAN-CVE-2022-3287

When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file...

Online Pet Shop We App SQL注入漏洞

Online Pet Shop We App is an online pet store web application by Carlo Montero Personal Developer. A SQL injection vulnerability exists in Online Pet Shop We App version 1.0, which originates from a lack of validation of externally entered SQL statements in the...

CVE-2022-35065

OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x65f724...

Download Monitor < 4.5.98 - Admin+ Arbitrary File Download

The plugin does not ensure that files to be downloaded are inside the blog folders, and not sensitive, allowing high privilege users such as admin to download the wp-config.php or /etc/passwd even in an hardened environment or multisite setup. PoC Create a new download on:...

CVE-2022-38325

Tenda AC15 WiFi Router V15.03.05.19multi and AC18 WiFi Router V15.03.05.19multi were discovered to contain a buffer overflow via the filePath parameter at /goform/expandDlnaFile...