Microsoft Windows 10 - DSSVC DSOpenSharedFile Arbitrary File Delete Privilege Escalation

Microsoft Windows 10 - DSSVC DSOpenSharedFile Arbitrary File Delete Privilege Escalation Windows: DSSVC DSOpenSharedFile Arbitrary File Delete EoP Platform: Windows 10 1803 and 1809. Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: User boundary NOTE: This is...

Microsoft Windows 10 - DSSVC DSOpenSharedFile Arbitrary File Delete Privilege Escalation

Windows: DSSVC DSOpenSharedFile Arbitrary File Delete EoP Platform: Windows 10 1803 and 1809. Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: User boundary NOTE: This is one of multiple issues I’m reporting in the same service. While I’ve tried to ensure all...

WordPress <= 5.0 - Authenticated File Delete vulnerability

Authenticated File Delete vulnerability found by RIPS Technologies in WordPress versions = 5.0. Solution Update WordPress to the latest available version at least 5.0.1...

WordPress <= 5.0 - Authenticated File Delete

Description According to WordPress: "Karim El Ouerghemmi discovered that authors could alter meta data to delete files that they weren’t authorized to."...

HuCart im***. _li***.php file has an arbitrary file deletion vulnerability

HuCart HuCart is an open source enterprise building system. HuCart im. li.php file there are arbitrary file deletion vulnerability , attackers can exploit the vulnerability to delete any file site...

LibreHealth 2.0.0 File Read / File Delete / LFI

Exploit Title: LibreHealth 2.0.0 - Arbitrary File Actions Date: 2018-10-19 Exploit Author: Carlos Avila Vendor Homepage: https://librehealth.io/ Software Link: https://github.com/LibreHealthIO/lh-ehr Version: 2.0.0 Tested on: Debian LAMP, LibreHealth 2.0.0 LibreHealth is the 'fork' of the OpenEMR...

LibreHealth 2.0.0 - (Authenticated) Arbitrary File Actions

LibreHealth 2.0.0 - Authenticated Arbitrary File Actions Exploit Title: LibreHealth 2.0.0 - Arbitrary File Actions Date: 2018-10-19 Exploit Author: Carlos Avila Vendor Homepage: https://librehealth.io/ Software Link: https://github.com/LibreHealthIO/lh-ehr Version: 2.0.0 Tested on: Debian LAMP,...

Download WP-DBManager <= 2.79.1 - Arbitrary File Delete

The WP-DBManager WordPress plugin was affected by an Arbitrary File Delete security vulnerability...

Arbitrary file reading vulnerability in YIXUNCMS 2.0.4.91SD backend

YIXUNCMS is a showcase website system developed by Yixun Software Studio for small and medium-sized enterprises, using PHP language and with a stable MYSQL database. YIXUNCMS2.0.4.91SD background arbitrary file reading vulnerability, the vulnerability stems from the system fails to strictly filte...

OpenEMR 5.0.1.3 - (Authenticated) Arbitrary File Actions

OpenEMR 5.0.1.3 - Authenticated Arbitrary File Actions Exploit Title: OpenEMR 5.0.1.3 - Arbitrary File Actions Date: 2018-08-14 Exploit Author: Joshua Fam Twitter : @Insecurity Vendor Homepage: https://www.open-emr.org/ Software Link: https://github.com/openemr/openemr/archive/v5013.tar.gz Versio...

SeedDMS Path Traversal Vulnerability

SeedDMS formerly known as LetoDMS and MyDMS is SeedDMS enthusiasts jointly developed a set of PHP and MySql-based open source document management system . The system is mainly used to store and share documents. A directory traversal vulnerability exists in SeedDMS versions prior to 5.1.8. An...

CVE-2018-11141

The 'IMAGESJSON' and 'attachmentstoremove' parameters of the '/adminui/advisory.php' script in the Quest KACE System Management Virtual Appliance 8.0.318 can be abused to write and delete files respectively via Directory Traversal. Files can be at any location where the 'www' user has write...

CVE-2018-11141

The 'IMAGESJSON' and 'attachmentstoremove' parameters of the '/adminui/advisory.php' script in the Quest KACE System Management Virtual Appliance 8.0.318 can be abused to write and delete files respectively via Directory Traversal. Files can be at any location where the 'www' user has write...

CVE-2018-11141

CVE-2018-11141 affects Quest KACE System Management Virtual Appliance 8.0.318. The vulnerability is a path traversal issue in the advisory/authored UI where the IMAGES_JSON and attachments_to_remove[] parameters can cause arbitrary file write and delete operations. Proof-of-concept details in the...

TRIM and PVS: vDisks may Reduce in Size after a Merged Base

After performing a Merged Base operation on a vDisk that is utilizing the VHDX file format, the resultant merged base VHDX file may be smaller than the original base VHDX file. For example, this behavior might occur in situations where files are deleted in a particular vDisk version, and these...

CVE-2018-10518

CMS Made Simple (CMSMS)

CVE-2018-10518

In CMS Made Simple CMSMS through 2.2.7, the "file delete" operation in the admin dashboard contains an arbitrary file deletion vulnerability that can cause DoS, exploitable by an admin user, because the attacker can remove all lib/ files in all directories...

Apache ODE Override Vulnerability

Apache ODE is the United States Apache Apache Software Foundation , a business process building engine , it has to communicate with Web services , send and receive messages , handle data manipulation and error recovery functions . A security vulnerability exists in Apache ODE. An attacker could...

Arbitrary file delete/D.O.S on Puppet Master

Directory traversal vulnerability in lib/puppet/reports/store.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, when Delete is enabled in auth.conf, allows remote authenticated users to delete arbitrary files on the puppet master server via a .. dot dot in a...

zzcms a arbitrary file delete

No description provided by source...