Lucene search
+L

54 matches found

OSV
OSV
added 2024/05/02 2:15 p.m.5 views

CVE-2023-37244

The affected AutomationManager.AgentService.exe application contains a TOCTOU race condition vulnerability that allows standard users to create a pseudo-symlink at C:\ProgramData\N-Able Technologies\AutomationManager\Temp, which could be leveraged by an attacker to manipulate the process into...

7CVSS5.9AI score0.00233EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/05/02 1:21 p.m.27 views

CVE-2023-37244 Privilege escalation in N-Able's AutomationManagerAgent

The affected AutomationManager.AgentService.exe application contains a TOCTOU race condition vulnerability that allows standard users to create a pseudo-symlink at C:\ProgramData\N-Able Technologies\AutomationManager\Temp, which could be leveraged by an attacker to manipulate the process into...

5.3CVSS6.8AI score0.00233EPSS
Exploits0References1
CVE
CVE
added 2024/05/02 1:21 p.m.91 views

CVE-2023-37244

The CVE-2023-37244 entry concerns AutomationManager.AgentService.exe and describes a TOCTOU race condition that lets standard users create a pseudo-symlink at C:\ProgramData\N-Able Technologies\AutomationManager\Temp. This could enable an attacker to manipulate the process into performing arbitra...

7CVSS6.7AI score0.00233EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/05/02 1:21 p.m.30 views

CVE-2023-37244 Privilege escalation in N-Able's AutomationManagerAgent

The affected AutomationManager.AgentService.exe application contains a TOCTOU race condition vulnerability that allows standard users to create a pseudo-symlink at C:\ProgramData\N-Able Technologies\AutomationManager\Temp, which could be leveraged by an attacker to manipulate the process into...

5.3CVSS5.5AI score0.00233EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/04/18 12:0 a.m.12 views

PT-2024-24118 · Mintplex +1 · Anything-Llm +1

Name of the Vulnerable Software and Affected Versions: mintplex-labs/anything-llm affected versions not specified Description: A Server-Side Request Forgery SSRF vulnerability exists in the upload link feature of mintplex-labs/anything-llm. This feature, intended for users with manager or admin...

9.6CVSS9.3AI score0.00519EPSS
Exploits1References8
WPVulnDB
WPVulnDB
added 2024/02/09 12:0 a.m.65 views

Elementor < 3.19.1 - Authenticated(Contributor+) Arbitrary File Deletion and PHAR Deserialization

Description The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to arbitrary file deletions and PHAR deserialization in version up to, and including 3.19.0. This is due to the plugin not providing sufficient path validation on the 'tmpname' parameter...

8.5CVSS7.4AI score0.00715EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/02/08 12:0 a.m.8 views

CVE-2024-23756

The HTTP PUT and DELETE methods are enabled in the Plone official Docker version 5.2.13 5221, allowing unauthenticated attackers to execute dangerous actions such as uploading files to the server or deleting them...

7.7AI score0.00602EPSS
Exploits1References1
CVE
CVE
added 2023/02/16 9:7 a.m.51 views

CVE-2023-0862

The CVE-2023-0862 entry describes a path-traversal vulnerability in NetModule NSRW web administration interface. Affected NSRW versions: 4.3.0.0 before 4.3.0.119, 4.4.0.0 before 4.4.0.118, 4.6.0.0 before 4.6.0.105, and 4.7.0.0 before 4.7.0.103. Attackers could upload malicious files to the web ro...

8.8CVSS7.5AI score0.02353EPSS
Exploits0References2Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 4:24 a.m.2 views

SUSE CVE-2018-16587

In Open Ticket Request System OTRS 4.0.x before 4.0.32, 5.0.x before 5.0.30, and 6.0.x before 6.0.11, an attacker could send a malicious email to an OTRS system. If a user with admin permissions opens it, it causes deletions of arbitrary files that the OTRS web server user has write access to...

6.5CVSS6.9AI score0.01754EPSS
Exploits0References4
OSV
OSV
added 2022/09/30 6:15 p.m.26 views

CVE-2021-33354

Directory Traversal vulnerability in htmly before 2.8.1 allows remote attackers to perform arbitrary file deletions via modified file parameter...

8.1CVSS7.1AI score
Exploits0References1
NVD
NVD
added 2022/09/30 6:15 p.m.24 views

CVE-2021-33354

Directory Traversal vulnerability in htmly before 2.8.1 allows remote attackers to perform arbitrary file deletions via modified file parameter...

8.1CVSS0.01346EPSS
Exploits1References1
Prion
Prion
added 2022/09/30 6:15 p.m.23 views

Directory traversal

Directory Traversal vulnerability in htmly before 2.8.1 allows remote attackers to perform arbitrary file deletions via modified file parameter...

5.5CVSS8AI score0.01346EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2022/09/30 5:5 p.m.30 views

CVE-2021-33354

Directory Traversal vulnerability in htmly before 2.8.1 allows remote attackers to perform arbitrary file deletions via modified file parameter...

8.3AI score0.01346EPSS
Exploits1References1
CVE
CVE
added 2022/09/30 5:5 p.m.67 views

CVE-2021-33354

The CVE-2021-33354 issue affects htmly prior to 2.8.1 and is a Directory Traversal vulnerability that allows remote attackers to delete arbitrary files via a modified file parameter. The root cause is improper validation of the file parameter, enabling access to files outside the intended directo...

8.1CVSS8AI score0.01346EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2022/06/13 1:15 p.m.35 views

CVE-2022-1777

The Filr WordPress plugin before 1.2.2.1 does not have authorisation check in two of its AJAX actions, allowing them to be called by any authenticated users, such as subscriber. They are are protected with a nonce, however the nonce is leaked on the dashboard. This could allow them to upload...

8.8CVSS0.01263EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2022/06/13 1:15 p.m.6 views

CVE-2022-1777

The Filr WordPress plugin before 1.2.2.1 does not have authorisation check in two of its AJAX actions, allowing them to be called by any authenticated users, such as subscriber. They are are protected with a nonce, however the nonce is leaked on the dashboard. This could allow them to upload...

8.8CVSS7.4AI score0.01263EPSS
Exploits2References2
OSV
OSV
added 2022/06/08 10:34 p.m.25 views

GHSA-67MX-JC2F-JGJM OS Command Injection in file editor in Gogs

Impact The malicious user is able to update a crafted config file into repository's .git directory in combination with crafted file deletion to gain SSH access to the server. All installations with repository upload enabled default are affected. Patches File deletions are prohibited to repository...

9.8CVSS9.4AI score0.04483EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2022/06/08 10:34 p.m.41 views

OS Command Injection in file editor in Gogs

Impact The malicious user is able to update a crafted config file into repository's .git directory in combination with crafted file deletion to gain SSH access to the server. All installations with repository upload enabled default are affected. Patches File deletions are prohibited to repository...

10CVSS0.5AI score0.04483EPSS
Exploits1References7Affected Software1
Huntr
Huntr
added 2022/06/02 2:36 p.m.22 views

Path traversal leads to arbitrary file deletions and file writes

Description Deploy and run gogs in Windows. Proof of Concept 1.Create a repository in Gogs, upload a file named test to the repository on the web page, The content of the file is as follows: xml 1111 2.The attacker can remove any files. http request: POST...

6.4CVSS0.3AI score0.02251EPSS
Exploits1
CNNVD
CNNVD
added 2022/04/28 12:0 a.m.5 views

ZOOM Rooms 安全漏洞

ZOOM Rooms is a software-based conferencing system from ZOOM USA. system that allows web conferencing on fixed endpoints, similar to traditional video conferencing systems. Zoom Rooms suffers from a security vulnerability that stems from being susceptible to local privilege escalation issues duri...

7.9CVSS7.3AI score0.0037EPSS
Exploits0References2
Rows per page
Query Builder