Concrete CMS: Arbitrary File delete via PHAR deserialization

crayons : Concrete5 Arbitrary File delete via PHAR deserialization - Target: Concrete5 - Version: 8.5.4 Latest at 2020. 07. 12 / PHP 7.2 - Credit: WSP Lab@KAIST - Contact: [email protected] TL; DR - An attacker can send an arbitrary input value in the isdir function, which causes a PHAR...

SnapGear Management Console SG560 3.1.5 - Arbitrary File Read Vulnerability

Exploit for hardware platform in category web applications Title: Secure Computing SnapGear Management Console SG560 3.1.5 - Arbitrary File Read Author:LiquidWorm Vendor: http://www.securecomputing.com CVE: N/A Secure Computing SnapGear Management Console SG560 v3.1.5 Arbitrary File Read/Write...

WSO2 3.1.0 - Arbitrary File Delete Vulnerability

Exploit for java platform in category web applications Title: WSO2 3.1.0 - Arbitrary File Delete Author: raki ben hamouda Vendor: https://apim.docs.wso2.com Softwrare link: https://apim.docs.wso2.com/en/latest/ CVE: N/A Document Title: =============== WOS2 API ManagerDelete Extension Arbitrary Fi...

WSO2 3.1.0 - Arbitrary File Delete

Title: WSO2 3.1.0 - Arbitrary File Delete Date: 2020-04-12 Author: raki ben hamouda Vendor: https://apim.docs.wso2.com Softwrare link: https://apim.docs.wso2.com/en/latest/ CVE: N/A Document Title: =============== WOS2 API ManagerDelete Extension Arbitrary File DeletePath traversal CVE not assign...

Default credentials

MFScripts YetiShare v3.5.2 through v4.5.4 places sensitive information in the Referer header. If this leaks, then third parties may discover password-reset hashes, file-delete links, or other sensitive information...

CVE-2019-20060

MFScripts YetiShare v3.5.2 through v4.5.4 places sensitive information in the Referer header. If this leaks, then third parties may discover password-reset hashes, file-delete links, or other sensitive information...

Merge + Minify + Refresh < 1.10.7 - Authenticated Arbitrary File Delete

The plugin relied on the isadmin check, without checking the user's capabilities, when deleting arbitrary files. The functionality was also vulnerable to Cross-site Request Forgery CSRF allowing attackers to delete arbitrary files by tricking authenticated users into visiting a page they...

Merge + Minify + Refresh < 1.10.7 - Authenticated Arbitrary File Delete

The plugin relied on the isadmin check, without checking the user's capabilities, when deleting arbitrary files. The functionality was also vulnerable to Cross-site Request Forgery CSRF allowing attackers to delete arbitrary files by tricking authenticated users into visiting a page they...

Path traversal

A path traversal vulnerability in the Juniper Networks Junos OS device may allow an authenticated J-web user to read files with 'world' readable permission and delete files with 'world' writeable permission. This issue does not affect system files that can be accessed only by root user. This issu...

CVE-2020-1606 Junos OS: Path traversal vulnerability in J-Web

A path traversal vulnerability in the Juniper Networks Junos OS device may allow an authenticated J-web user to read files with 'world' readable permission and delete files with 'world' writeable permission. This issue does not affect system files that can be accessed only by root user. This issu...

CVE-2019-15627

Versions 10.0, 11.0 and 12.0 of the Trend Micro Deep Security Agent are vulnerable to an arbitrary file delete attack, which may lead to availability impact. Local OS access is required. Please note that only Windows agents are affected...

Code injection

Versions 10.0, 11.0 and 12.0 of the Trend Micro Deep Security Agent are vulnerable to an arbitrary file delete attack, which may lead to availability impact. Local OS access is required. Please note that only Windows agents are affected...

CVE-2019-15627

The CVE-2019-15627 entry concerns Trend Micro Deep Security Agent versions 10.0, 11.0 and 12.0 on Windows, vulnerable to an arbitrary file delete/overwrite that can impact availability. Local OS access is required, and only Windows agents are affected. The underlying issue is a local file manipul...

CVE-2019-15627

Versions 10.0, 11.0 and 12.0 of the Trend Micro Deep Security Agent are vulnerable to an arbitrary file delete attack, which may lead to availability impact. Local OS access is required. Please note that only Windows agents are affected...

PRODSECBUG-2449: Remote code execution via local file delete and XSLT injection

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

Joomla JS Jobs 1.2.6 Arbitrary File Delete

Exploit Title: Joomla! component comjsjobs 1.2.6 - Arbitrary File Deletion Dork: inurl:"index.php?option=comjsjobs" Date: 2019-08-16 Exploit Author: qw3rTyTy Vendor Homepage: https://www.joomsky.com/ Software Link: https://www.joomsky.com/5/download/1 Version: 1.2.6 Tested on: Debian/nginx/joomla...

CVE-2018-20924

cPanel before 70.0.23 allows arbitrary file-read and file-unlink operations via WHM style uploads SEC-378...

CVE-2019-1010149

zzcms version 8.3 and earlier is affected by: File Delete to Code Execution. The impact is: zzcms File Delete to Code Execution. The component is: user/licencesave.php...

CVE-2019-1010150

zzcms 8.3 and earlier is affected by: File Delete to Code Execution. The impact is: getshell. The component is: /user/zssave.php...

CVE-2019-1010152

zzcms 8.3 and earlier is affected by: File Delete to Code Execution. The impact is: getshell. The component is: user/manage.php line 31-80...