54 matches found
CVE-2023-37244
The affected AutomationManager.AgentService.exe application contains a TOCTOU race condition vulnerability that allows standard users to create a pseudo-symlink at C:\ProgramData\N-Able Technologies\AutomationManager\Temp, which could be leveraged by an attacker to manipulate the process into...
CVE-2023-37244 Privilege escalation in N-Able's AutomationManagerAgent
The affected AutomationManager.AgentService.exe application contains a TOCTOU race condition vulnerability that allows standard users to create a pseudo-symlink at C:\ProgramData\N-Able Technologies\AutomationManager\Temp, which could be leveraged by an attacker to manipulate the process into...
CVE-2023-37244
The CVE-2023-37244 entry concerns AutomationManager.AgentService.exe and describes a TOCTOU race condition that lets standard users create a pseudo-symlink at C:\ProgramData\N-Able Technologies\AutomationManager\Temp. This could enable an attacker to manipulate the process into performing arbitra...
CVE-2023-37244 Privilege escalation in N-Able's AutomationManagerAgent
The affected AutomationManager.AgentService.exe application contains a TOCTOU race condition vulnerability that allows standard users to create a pseudo-symlink at C:\ProgramData\N-Able Technologies\AutomationManager\Temp, which could be leveraged by an attacker to manipulate the process into...
PT-2024-24118 · Mintplex +1 · Anything-Llm +1
Name of the Vulnerable Software and Affected Versions: mintplex-labs/anything-llm affected versions not specified Description: A Server-Side Request Forgery SSRF vulnerability exists in the upload link feature of mintplex-labs/anything-llm. This feature, intended for users with manager or admin...
Elementor < 3.19.1 - Authenticated(Contributor+) Arbitrary File Deletion and PHAR Deserialization
Description The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to arbitrary file deletions and PHAR deserialization in version up to, and including 3.19.0. This is due to the plugin not providing sufficient path validation on the 'tmpname' parameter...
CVE-2024-23756
The HTTP PUT and DELETE methods are enabled in the Plone official Docker version 5.2.13 5221, allowing unauthenticated attackers to execute dangerous actions such as uploading files to the server or deleting them...
CVE-2023-0862
The CVE-2023-0862 entry describes a path-traversal vulnerability in NetModule NSRW web administration interface. Affected NSRW versions: 4.3.0.0 before 4.3.0.119, 4.4.0.0 before 4.4.0.118, 4.6.0.0 before 4.6.0.105, and 4.7.0.0 before 4.7.0.103. Attackers could upload malicious files to the web ro...
SUSE CVE-2018-16587
In Open Ticket Request System OTRS 4.0.x before 4.0.32, 5.0.x before 5.0.30, and 6.0.x before 6.0.11, an attacker could send a malicious email to an OTRS system. If a user with admin permissions opens it, it causes deletions of arbitrary files that the OTRS web server user has write access to...
CVE-2021-33354
Directory Traversal vulnerability in htmly before 2.8.1 allows remote attackers to perform arbitrary file deletions via modified file parameter...
CVE-2021-33354
Directory Traversal vulnerability in htmly before 2.8.1 allows remote attackers to perform arbitrary file deletions via modified file parameter...
Directory traversal
Directory Traversal vulnerability in htmly before 2.8.1 allows remote attackers to perform arbitrary file deletions via modified file parameter...
CVE-2021-33354
Directory Traversal vulnerability in htmly before 2.8.1 allows remote attackers to perform arbitrary file deletions via modified file parameter...
CVE-2021-33354
The CVE-2021-33354 issue affects htmly prior to 2.8.1 and is a Directory Traversal vulnerability that allows remote attackers to delete arbitrary files via a modified file parameter. The root cause is improper validation of the file parameter, enabling access to files outside the intended directo...
CVE-2022-1777
The Filr WordPress plugin before 1.2.2.1 does not have authorisation check in two of its AJAX actions, allowing them to be called by any authenticated users, such as subscriber. They are are protected with a nonce, however the nonce is leaked on the dashboard. This could allow them to upload...
CVE-2022-1777
The Filr WordPress plugin before 1.2.2.1 does not have authorisation check in two of its AJAX actions, allowing them to be called by any authenticated users, such as subscriber. They are are protected with a nonce, however the nonce is leaked on the dashboard. This could allow them to upload...
GHSA-67MX-JC2F-JGJM OS Command Injection in file editor in Gogs
Impact The malicious user is able to update a crafted config file into repository's .git directory in combination with crafted file deletion to gain SSH access to the server. All installations with repository upload enabled default are affected. Patches File deletions are prohibited to repository...
OS Command Injection in file editor in Gogs
Impact The malicious user is able to update a crafted config file into repository's .git directory in combination with crafted file deletion to gain SSH access to the server. All installations with repository upload enabled default are affected. Patches File deletions are prohibited to repository...
Path traversal leads to arbitrary file deletions and file writes
Description Deploy and run gogs in Windows. Proof of Concept 1.Create a repository in Gogs, upload a file named test to the repository on the web page, The content of the file is as follows: xml 1111 2.The attacker can remove any files. http request: POST...
ZOOM Rooms 安全漏洞
ZOOM Rooms is a software-based conferencing system from ZOOM USA. system that allows web conferencing on fixed endpoints, similar to traditional video conferencing systems. Zoom Rooms suffers from a security vulnerability that stems from being susceptible to local privilege escalation issues duri...