Typo3 Arbitrary File Delete

TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to delete arbitrary files on the webserver...

CVE-2020-25178

ISaGRAF CVE-2020-25178 affects Rockwell Automation ISaGRAF Runtime 4.x/5.x when interfaced with ISaGRAF Workbench over TCP/IP. The protocol transmits data unencrypted, enabling a remote unauthenticated attacker to upload, read, and delete files. Affected product details and mitigations are suppor...

Race condition

A race condition vulnerability exists in the QuickClean feature of McAfee Total Protection for Windows prior to 16.0.43 that allows a local user to gain privilege elevation and perform an arbitrary file delete. This could lead to sensitive files being deleted and potentially cause denial of...

CVE-2022-0280 McAfee Total Protection (MTP) - File Deletion vulnerability

A race condition vulnerability exists in the QuickClean feature of McAfee Total Protection for Windows prior to 16.0.43 that allows a local user to gain privilege elevation and perform an arbitrary file delete. This could lead to sensitive files being deleted and potentially cause denial of...

ICL ScadaFlex II SCADA Controllers SC-1/SC-2 1.03.07 Remote File Modification

!/usr/bin/env python3 -- coding: utf-8 -- ICL ScadaFlex II SCADA Controllers SC-1/SC-2 1.03.07 Remote File CRUD Vendor: Industrial Control Links, Inc. Product web page: http://www.iclinks.com Product datasheet:...

DRUPAL-CONTRIB-2022-023

This module enables you to manage and delete files. The module doesn't sufficiently protect unmanaged files from view under the scenario unauthenticated user knows path to visit the view and can attempt to delete files which results in duplicate files being created. To mitigate this issue without...

Fancy File Delete - Moderately critical - Access Bypass - SA-CONTRIB-2022-023

This module enables you to manage and delete files. The module doesn't sufficiently protect unmanaged files from view under the scenario unauthenticated user knows path to visit the view and can attempt to delete files which results in duplicate files being created. To mitigate this issue without...

CVE-2021-24761

The Error Log Viewer WordPress plugin before 1.1.2 does not perform nonce check when deleting a log file and does not have path traversal prevention, which could allow attackers to make a logged in admin delete arbitrary text files on the web server...

CVE-2021-45338

Multiple privilege escalation vulnerabilities in Avast Antivirus prior to 20.4 allow a local user to gain elevated privileges by calling unnecessarily powerful internal methods of the main antivirus service which could lead to the 1 arbitrary file delete, 2 write and 3 reset security...

CVE-2021-45338

Multiple privilege escalation vulnerabilities in Avast Antivirus prior to 20.4 allow a local user to gain elevated privileges by calling unnecessarily powerful internal methods of the main antivirus service which could lead to the 1 arbitrary file delete, 2 write and 3 reset security...

Privilege escalation

Multiple privilege escalation vulnerabilities in Avast Antivirus prior to 20.4 allow a local user to gain elevated privileges by calling unnecessarily powerful internal methods of the main antivirus service which could lead to the 1 arbitrary file delete, 2 write and 3 reset security...

CVE-2021-45338

Multiple privilege escalation vulnerabilities in Avast Antivirus prior to 20.4 allow a local user to gain elevated privileges by calling unnecessarily powerful internal methods of the main antivirus service which could lead to the 1 arbitrary file delete, 2 write and 3 reset security...

CVE-2021-20127

An arbitrary file deletion vulnerability exists in the file delete functionality of the Html5Servlet endpoint of Draytek VigorConnect 1.6.0-B3. This allows an authenticated user to arbitrarily delete files in any location on the target operating system with root privileges...

SonicWall Secure Mobile Access Arbitrary File Delete (SNWLID-2021-0021)

According to its self-reported version, the remote SonicWall Secure Mobile Access is affected by an arbitrary file delete vulnerability. An unauthenticated, remote attacker can exploit this to bypass authentication and delete arbitrary files. Note that Nessus has not tested for these issues but h...

CVE-2021-24491 Fileviewer <= 2.2 - Arbitrary File Upload/Deletion via CSRF

The Fileviewer WordPress plugin through 2.2 does not have CSRF checks in place when performing actions such as upload and delete files. As a result, attackers could make a logged in administrator delete and upload arbitrary files via a CSRF attack...

Incorrect access control vulnerability in Joomla!

Joomla! is a world-renowned content management system developed using the PHP language with a MySQL database, and can be implemented on various platforms such as Linux, Windows, MacOSX, etc. An incorrect access control vulnerability exists in Joomla! version 4.0.0. The vulnerability stems from th...

CVE-2021-22933

A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform an arbitrary file delete via a maliciously crafted web request...

CVE-2021-22933

A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform an arbitrary file delete via a maliciously crafted web request...

Cross site request forgery (csrf)

A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform an arbitrary file delete via a maliciously crafted web request...

CVE-2021-22933

A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform an arbitrary file delete via a maliciously crafted web request...