CVE-2023-49105

An issue was discovered in ownCloud owncloud/core before 10.13.1. An attacker can access, modify, or delete any file without authentication if the username of a victim is known, and the victim has no signing-key configured. This occurs because pre-signed URLs can be accepted even when no...

CVE-2023-49105

An issue was discovered in ownCloud owncloud/core before 10.13.1. An attacker can access, modify, or delete any file without authentication if the username of a victim is known, and the victim has no signing-key configured. This occurs because pre-signed URLs can be accepted even when no...

CVE-2023-49105

CVE-2023-49105 — ownCloud core vulnerability (pre-signed URLs) highly critical . In ownCloud core prior to 10.13.1, an attacker who knows a victim’s username and if the victim has no signing-key configured can access, modify, or delete any file without authentication because pre-signed URLs are a...

OpenHarmony 安全漏洞

OpenHarmony is China's OpenAtom Foundation OpenAtom Foundation Foundation of a kind of Hongmeng operating system of open source projects. A security vulnerability exists in OpenHarmony prior to version v3.2.2, which can be exploited by an attacker to obtain confidential information or rewrite...

The vulnerability of the Apache Airflow network software, related to incorrect authorization, allows a hacker to modify any files they desire.

The vulnerability of the Apache Airflow network software is related to improper authorization. Exploiting this vulnerability allows a malicious actor to remotely modify arbitrary files...

CVE-2023-38544

A logged in user can modify specific files that may lead to unauthorized changes in system-wide configuration settings. This vulnerability could be exploited to compromise the integrity and security of the network on the affected system...

Ivanti Secure Access Client Security Vulnerability

Ivanti Secure Access Client is a security software client from Ivanti. A security vulnerability exists in Ivanti Secure Access Client versions prior to 22.5R1 that originated from allowing logged in users to modify specific files, which could result in unauthorized changes to system-wide...

Path traversal

PrestaShop blockreassurance adds an information block aimed at offering helpful information to reassure customers that the store is trustworthy. When adding a block in blockreassurance module, a BO user can modify the http request and give the path of any file in the project instead of an image...

CVE-2023-47109 PrestaShop blockreassurance BO User can remove any file from server when adding a and deleting a block

PrestaShop blockreassurance adds an information block aimed at offering helpful information to reassure customers that the store is trustworthy. When adding a block in blockreassurance module, a BO user can modify the http request and give the path of any file in the project instead of an image...

CVE-2022-2441

The ImageMagick Engine plugin for WordPress is vulnerable to remote code execution via the 'clipath' parameter in versions up to, and including 1.7.5. This makes it possible for unauthenticated users to run arbitrary commands leading to remote command execution, granted they can trick a site...

CVE-2023-27133

TSplus Remote Work 16.0.0.0 has weak permissions for .exe, .js, and .html files under the %PROGRAMFILESX86%\TSplus-RemoteWork\Clients\www folder. This may enable privilege escalation if a different local user modifies a file. NOTE: CVE-2023-31067 and CVE-2023-31068 are only about the TSplus Remot...

The vulnerability of the software development environment for automating and managing production processes in Omron Sysmac Studio, related to access control errors, allows a perpetrator to modify arbitrary files.

The vulnerability of Omron Sysmac Studio, a software for automating and managing manufacturing processes, is related to access control errors. Exploiting this vulnerability could allow an attacker to modify arbitrary files...

CVE-2023-42819

JumpServer is an open source bastion host. Logged-in users can access and modify the contents of any file on the system. A user can use the 'Job-Template' menu and create a playbook named 'test'. Get the playbook id from the detail page, like 'e0adabef-c38f-492d-bd92-832bacc3df5f'. An attacker ca...

Jumpserver Path Traversal Vulnerability

Jumpserver is an open source bastion machine from China's Hangzhou Feizhiyun Information Technology Co. JumpServer suffers from a path traversal vulnerability that originates when a logged in user can access and modify the contents of any file on the system...

PT-2023-7007 · Unknown · Jumpserver

Name of the Vulnerable Software and Affected Versions: JumpServer versions prior to 3.6.5 Description: The issue is related to incorrect restriction of a directory path with limited access in the JumpServer security audit system. This can allow a remote attacker to gain unauthorized access to...

CVE-2022-47558

Devices ekorCCP and ekorRCI are vulnerable due to access to the FTP service using default credentials. Exploitation of this vulnerability can allow an attacker to modify critical files that could allow the creation of new users, delete or modify existing users, modify configuration files, install...

PT-2023-5880 · Omron · Omron Sysmac Studio

Name of the Vulnerable Software and Affected Versions: Omron Sysmac Studio affected versions not specified Description: The issue is related to poor permissions in a directory where executables are installed, allowing a locally-authenticated attacker to overwrite files. This can result in code...

open-vm-tools security update

11.0.5-3.0.1 - fix spaces in vmware udev rule for scsi devices Orabug: 24461968 - Fix vmware udev rule in 99-vmware-scsi-timeout.rules file. Orabug: 22815019 - Increase timeout for scsi devices on VMWare guests by adding a udev rule. - Created a new file 99-vmware-scsi-timeout.rules - Modified sp...

GHSA-CGWF-W82Q-5JRR Apache Commons Compress denial of service vulnerability

Improper Input Validation, Uncontrolled Resource Consumption vulnerability in Apache Commons Compress in TAR parsing.This issue affects Apache Commons Compress: from 1.22 before 1.24.0. Users are recommended to upgrade to version 1.24.0, which fixes the issue. A third party can create a malformed...

CVE-2023-42503 Apache Commons Compress: Denial of service via CPU consumption for malformed TAR file

Improper Input Validation, Uncontrolled Resource Consumption vulnerability in Apache Commons Compress in TAR parsing.This issue affects Apache Commons Compress: from 1.22 before 1.24.0. Users are recommended to upgrade to version 1.24.0, which fixes the issue. A third party can create a malformed...