459 matches found
CVE-2021-22933
CVE-2021-22933 affects Pulse Connect Secure (PCS) prior to 9.1R12. An authenticated administrator can delete arbitrary files via a maliciously crafted web request due to a vulnerability in the PCS web interface. Public sources consistently describe the issue as an arbitrary file deletion with imp...
PT-2021-15283 · Pulse Secure · Pulse Connect Secure
Name of the Vulnerable Software and Affected Versions: Pulse Connect Secure versions prior to 9.1R12 Description: A vulnerability could allow an authenticated administrator to perform an arbitrary file delete via a maliciously crafted web request. Recommendations: For versions prior to 9.1R12,...
Eaton Intelligent Power Manager (IPM) < 1.69 Multiple Vulnerabilities (ETN-VA-2021-1000)
The version of Eaton Intelligent Power Manager installed on the remote Windows host is prior to 1.69. It is, therefore, affected multiple vulnerabilities: - Eaton Intelligent Power Manager IPM prior to 1.69 is vulnerable to unauthenticated arbitrary file delete vulnerability induced due to improp...
CVE-2021-23279
Eaton Intelligent Power Manager IPM prior to 1.69 is vulnerable to unauthenticated arbitrary file delete vulnerability induced due to improper input validation in metadriversrv.js class with saveDriverData action using invalidated driverID. An attacker can send specially crafted packets to delete...
CVE-2021-23278
Eaton Intelligent Power Manager IPM prior to 1.69 is vulnerable to authenticated arbitrary file delete vulnerability induced due to improper input validation at server/mapssrv.js with action removeBackground and server/nodeupgradesrv.js with action removeFirmware. An attacker can send specially...
Input validation
Eaton Intelligent Power Manager IPM prior to 1.69 is vulnerable to unauthenticated arbitrary file delete vulnerability induced due to improper input validation in metadriversrv.js class with saveDriverData action using invalidated driverID. An attacker can send specially crafted packets to delete...
CVE-2021-23279 Arbitrary File delete
Eaton Intelligent Power Manager IPM prior to 1.69 is vulnerable to unauthenticated arbitrary file delete vulnerability induced due to improper input validation in metadriversrv.js class with saveDriverData action using invalidated driverID. An attacker can send specially crafted packets to delete...
CVE-2021-23279
CVE-2021-23279 affects Eaton IPM prior to 1.69. The vulnerability is an unauthenticated arbitrary file delete caused by improper input validation in the meta_driver_srv.js class (saveDriverData) when using an invalidated driverID. An attacker could send crafted packets to delete files on the IPM ...
CVE-2021-23278
Eaton IPM before 1.69 is vulnerable to an authenticated arbitrary file-delete via improper input validation in maps_srv.js (removeBackground) and node_upgrade_srv.js (removeFirmware). An attacker with valid credentials can delete files on the IPM host. Remediation per linked advisories: upgrade t...
CVE-2021-23278 Arbitrary File delete
Eaton Intelligent Power Manager IPM prior to 1.69 is vulnerable to authenticated arbitrary file delete vulnerability induced due to improper input validation at server/mapssrv.js with action removeBackground and server/nodeupgradesrv.js with action removeFirmware. An attacker can send specially...
Arbitrary File Delete
github.com/tyktechnologies/tyk is vulnerable to arbitrary file delete. The vulnerability exists through the handleAddOrUpdateApi function in api.go where json files outside of the application can be deleted if the file path is specified in the request...
CVE-2020-28187
Multiple directory traversal vulnerabilities in TerraMaster TOS = 4.2.06 allow remote authenticated attackers to read, edit or delete any file within the filesystem via the 1 filename parameter to /tos/index.php?editor/fileGet, Event parameter to /include/ajax/logtable.php, or opt parameter to...
Marvell QConvergeConsole GUI Path Traversal Vulnerability
Marvell QConvergeConsole QCC is a unified adapter management software across data centers from Marvell. The software is primarily used for Ethernet and Fibre Channel adapter management, among other things. A path traversal vulnerability exists in the Marvell QConvergeConsole GUI version 5.5.0.74,...
Silver Peak SD-WAN Bugs Allow for Network Takeover
Silver Peak’s Unity Orchestrator, a software-defined WAN SD-WAN management platform, suffers from three remote code-execution security bugs that can be chained together to allow network takeover by unauthenticated attackers. SD-WAN is a cloud-based networking approach used by enterprises and...
Harbin Weicheng Technology Co., Ltd. OurPHP Ao Pai station building system exists arbitrary file deletion vulnerability
OurPHP Aopia website building system is a enterprise + e-commerce marketing website building system. Harbin Weicheng Technology Co., Ltd OurPHP AoPai website builder system exists arbitrary file deletion vulnerability, an attacker can take advantage of the vulnerability to delete any file under t...
BrightSign Digital Signage Diagnostic Web Server 8.2.26 - File Delete Path Traversal
Exploit Title: SpinetiX Fusion Digital Signage 3.4.8 - File Delete Path Traversal Date: 2020-09-30 Exploit Author: LiquidWorm Vendor Homepage: https://www.spinetix.com Version: = 8.2.26 SpinetiX Fusion Digital Signage 3.4.8 File Backup/Delete Path Traversal Vendor: SpinetiX AG Product web page:...
CVE-2020-4486
IBM QRadar 7.2.0 thorugh 7.2.9 could allow an authenticated user to overwrite or delete arbitrary files due to a flaw after WinCollect installation. IBM X-Force ID: 181861...
CVE-2020-13522
An exploitable arbitrary file delete vulnerability exists in SoftPerfect RAM Disk 4.1 spvve.sys driver. A specially crafted I/O request packet IRP can allow an unprivileged user to delete any file on the filesystem. An attacker can send a malicious IRP to trigger this vulnerability...
CVE-2020-13522
An exploitable arbitrary file delete vulnerability exists in SoftPerfect RAM Disk 4.1 spvve.sys driver. A specially crafted I/O request packet IRP can allow an unprivileged user to delete any file on the filesystem. An attacker can send a malicious IRP to trigger this vulnerability...
CVE-2020-13522
CVE-2020-13522 affects SoftPerfect RAM Disk 4.1, specifically the spvve.sys driver. A vulnerable device object (Device\SoftPerfectVolume) can be targeted by an unprivileged user via a crafted IRP (IOCTL 0x222004) to perform arbitrary file deletion on the system. Talos confirms affected versions a...