CVE-2023-39143

PaperCut NG and PaperCut MF before 22.1.3 on Windows allow path traversal, enabling attackers to upload, read, or delete arbitrary files. This leads to remote code execution when external device integration is enabled a very common configuration...

Cisco Identity Services Engine 3.1.x < 3.1P6, 3.2.x < 3.2P2 Arbitrary File Delete and File Read (cisco-sa-ise-file-delete-read-PK5ghDDd)

According to its self-reported version, Cisco Identity Services is affected by a vulnerability in the web-based management interface. These allow an authenticated, remote attacker to delete or read arbitrary files on the underlying operating system. To exploit these vulnerabilities, an attacker...

CVE-2023-20171

Multiple vulnerabilities in Cisco Identity Services Engine ISE could allow an authenticated attacker to delete or read arbitrary files on the underlying operating system. To exploit these vulnerabilities, an attacker must have valid credentials on an affected device. For more information about...

CVE-2023-20171 Cisco Identity Services Engine Arbitrary File Delete and File Read Vulnerabilities

Multiple vulnerabilities in Cisco Identity Services Engine ISE could allow an authenticated attacker to delete or read arbitrary files on the underlying operating system. To exploit these vulnerabilities, an attacker must have valid credentials on an affected device. For more information about...

CVE-2023-20172 Cisco Identity Services Engine Arbitrary File Delete and File Read Vulnerabilities

Multiple vulnerabilities in Cisco Identity Services Engine ISE could allow an authenticated attacker to delete or read arbitrary files on the underlying operating system. To exploit these vulnerabilities, an attacker must have valid credentials on an affected device. For more information about...

CVE-2023-20172

Multiple vulnerabilities in Cisco Identity Services Engine ISE could allow an authenticated attacker to delete or read arbitrary files on the underlying operating system. To exploit these vulnerabilities, an attacker must have valid credentials on an affected device. For more information about...

CVE-2023-31178

AgilePoint NX v8.0 SU2.2 & SU2.3 – Arbitrary File Delete Vulnerability allows arbitrary file deletion, by an unspecified request...

CVE-2023-31178

AgilePoint NX v8.0 SU2.2 and SU2.3 are affected by an Arbitrary File Delete vulnerability. The issue allows deletion of arbitrary files via an unspecified request. Root cause is not detailed in the provided documents, and there is no explicit remediation or fix information in the connected sources.

CVE-2022-31647

Docker Desktop before 4.6.0 on Windows allows attackers to delete any file through the hyperv/destroy dockerBackendV2 API via a symlink in the DataFolder parameter, a different vulnerability than CVE-2022-26659...

CVE-2023-1412

An unprivileged non-admin user can exploit an Improper Access Control vulnerability in the Cloudflare WARP Client for Windows = 2022.12.582.0 to perform privileged operations with SYSTEM context by working with a combination of opportunistic locks oplock and symbolic links which can both be creat...

CVE-2023-28892

Malwarebytes AdwCleaner 8.4.0 runs as Administrator and performs an insecure file delete operation on C:\AdwCleaner\Logs\AdwCleanerDebug.log in which the target location is user-controllable, allowing a non-admin user to escalate privileges to SYSTEM via a symbolic link...

CVE-2023-28892

Malwarebytes AdwCleaner 8.4.0 runs as Administrator and performs an insecure file delete operation on C:\AdwCleaner\Logs\AdwCleanerDebug.log in which the target location is user-controllable, allowing a non-admin user to escalate privileges to SYSTEM via a symbolic link...

Design/Logic Flaw

Malwarebytes AdwCleaner 8.4.0 runs as Administrator and performs an insecure file delete operation on C:\AdwCleaner\Logs\AdwCleanerDebug.log in which the target location is user-controllable, allowing a non-admin user to escalate privileges to SYSTEM via a symbolic link...

CVE-2023-28892

Malwarebytes AdwCleaner 8.4.0 runs as Administrator and performs an insecure file delete operation on C:\AdwCleaner\Logs\AdwCleanerDebug.log in which the target location is user-controllable, allowing a non-admin user to escalate privileges to SYSTEM via a symbolic link...

CVE-2023-26957

onekeyadmin v1.3.9 was discovered to contain an arbitrary file delete vulnerability via the component \admin\controller\plugins...

CVE-2023-26957

CVE-2023-26957 affects onekeyadmin v1.3.9. The vulnerability exists in the component admin\controller\plugins and allows an arbitrary file deletion . The CVSS data indicates a network-based, unauthenticated, high-severity impact with integrity and availability both affected. No explicit remediati...

CVE-2023-26957

onekeyadmin v1.3.9 was discovered to contain an arbitrary file delete vulnerability via the component \admin\controller\plugins...

Directory traversal

Arbitrary File Delete vulnerability in Razer Central before v7.8.0.381 when handling files in the Accounts directory...

PT-2023-14730 · Razer · Razercentral

Name of the Vulnerable Software and Affected Versions: Razer Central versions prior to 7.8.0.381 Description: The issue is related to an Arbitrary File Delete vulnerability when handling files in the Accounts directory. Recommendations: For versions prior to 7.8.0.381, update to version 7.8.0.381...

CVE-2022-45697

CVE-2022-45697 affects Razer Central prior to v7.8.0.381, with an Arbitrary File Delete vulnerability when handling files in the Accounts directory. Impact details from the associated records indicate a local-only exposure with high impact on confidentiality, integrity, and availability (CVSS v3....