459 matches found
Exploit for CVE-2024-2432
CVE-2024-2432 Palo Alto GlobalProtect EoP On Windows system,...
CVE-2024-26261
The functionality for file download in HGiga OAKlouds' certain modules contains an Arbitrary File Read and Delete vulnerability. Attackers can put file path in specific request parameters, allowing them to download the file without login. Furthermore, the file will be deleted after being download...
CVE-2024-26261 Hgiga OAKlouds - Arbitrary File Read And Delete
The functionality for file download in HGiga OAKlouds' certain modules contains an Arbitrary File Read and Delete vulnerability. Attackers can put file path in specific request parameters, allowing them to download the file without login. Furthermore, the file will be deleted after being download...
CVE-2023-28049
Dell Command | Monitor, versions prior to 10.9, contain an arbitrary folder deletion vulnerability. A locally authenticated malicious user may exploit this vulnerability in order to perform a privileged arbitrary file delete...
CVE-2023-28049
Dell Command | Monitor, versions prior to 10.9, contain an arbitrary folder deletion vulnerability. A locally authenticated malicious user may exploit this vulnerability in order to perform a privileged arbitrary file delete...
PT-2023-30872 · Unknown · Concrete Cms
Name of the Vulnerable Software and Affected Versions: Concrete CMS versions prior to 9.2.3 Description: The issue is related to Cross Site Request Forgery CSRF at the "/ccm/system/dialogs/file/delete/1/submit" API endpoint. This allows for unauthorized actions to be performed. Recommendations: F...
CVE-2023-6900
A vulnerability, which was classified as critical, has been found in rmountjoy92 DashMachine 0.5-4. Affected by this issue is some unknown functionality of the file /settings/deletefile. The manipulation of the argument file leads to path traversal: '../filedir'. The exploit has been disclosed to...
CVE-2023-28868
Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers to delete arbitrary files on the operating system by creating a symbolic link...
SUSE SLES15 Security Update : slurm_23_02 (SUSE-SU-2023:4564-1)
The remote SUSE Linux SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2023:4564-1 advisory. - SchedMD Slurm 23.02.x before 23.02.6 and 22.05.x before 22.05.10 allows filesystem race conditions for gaining ownership of a file, overwriting a fil...
WordPress NextGEN Gallery Plugin < 3.39 Multiple Vulnerabilities
The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:imagely:nextgengallery"; if description...
CVE-2023-3155
The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to Arbitrary File Read and Delete due to a lack of input parameter validation in the galleryedit function, allowing an attacker to access arbitrary resources on the server...
CVE-2023-3155
The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to Arbitrary File Read and Delete due to a lack of input parameter validation in the galleryedit function, allowing an attacker to access arbitrary resources on the server...
CVE-2023-3155 NextGEN Gallery < 3.39 - Admin+ Arbitrary File Read and Delete
The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to Arbitrary File Read and Delete due to a lack of input parameter validation in the galleryedit function, allowing an attacker to access arbitrary resources on the server...
CVE-2023-3155 NextGEN Gallery < 3.39 - Admin+ Arbitrary File Read and Delete
The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to Arbitrary File Read and Delete due to a lack of input parameter validation in the galleryedit function, allowing an attacker to access arbitrary resources on the server...
CVE-2023-3155
The CVE-2023-3155 entry refers to the WordPress NextGEN Gallery Plugin (versions before 3.39) with an Arbitrary File Read/Delete vulnerability caused by missing input parameter validation in the gallery_edit function. The vulnerability could allow an attacker to access arbitrary resources on the ...
PT-2023-7487 · Axis Communications · Axis Os
Name of the Vulnerable Software and Affected Versions: AXIS OS versions prior to the patched version Description: The issue is related to the VAPIX API in the AXIS OS, specifically with the overlay del.cgi endpoint, which is vulnerable to path traversal attacks. This allows an attacker, after...
WordPress plugin WordPress Gallery Plugin security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
PT-2023-23384 · WordPress · Wordpress Gallery Plugin
Name of the Vulnerable Software and Affected Versions: WordPress Gallery Plugin versions prior to 3.39 Description: The issue is related to a lack of input parameter validation in the gallery edit function, allowing an attacker to access arbitrary resources on the server. This can lead to Arbitra...
NextGEN Gallery < 3.39 - Admin+ Arbitrary File Read and Delete
Description The plugin is vulnerable to Arbitrary File Read and Delete due to a lack of input parameter validation in the galleryedit function, allowing an attacker to access arbitrary resources on the server. PoC 1. Create a Gallery called "My Gallery" and note its ID. 2. Run the following code...
CVE-2023-40623 Arbitrary File Delete via Directory Junction in SAP BusinessObjects Suite(installer)
SAP BusinessObjects Suite Installer - version 420, 430, allows an attacker within the network to create a directory under temporary directory and link it to a directory with operating system files. On successful exploitation the attacker can delete all the operating system files causing a limited...