Lucene search
K

110 matches found

Cvelist
Cvelist
added 2022/10/13 12:0 a.m.27 views

CVE-2021-20030

SonicWall GMS is vulnerable to file path manipulation resulting that an unauthenticated attacker can gain access to web directory containing application's binaries and configuration files...

7.9AI score0.00785EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2022/09/19 12:0 a.m.15 views

Download Monitor < 4.5.98 - Admin+ Arbitrary File Download

The plugin does not ensure that files to be downloaded are inside the blog folders, and not sensitive, allowing high privilege users such as admin to download the wp-config.php or /etc/passwd even in an hardened environment or multisite setup. PoC Create a new download on:...

4.9CVSS1AI score0.00859EPSS
Exploits2Affected Software1
OSV
OSV
added 2022/08/01 2:15 p.m.3 views

CVE-2022-36302

File path manipulation vulnerability in BF-OS version 3.00 up to and including 3.83 allows an attacker to modify the file path to access different resources, which may contain sensitive information...

5.4CVSS6AI score0.0051EPSS
Exploits0References1
NVD
NVD
added 2022/08/01 2:15 p.m.30 views

CVE-2022-36302

File path manipulation vulnerability in BF-OS version 3.00 up to and including 3.83 allows an attacker to modify the file path to access different resources, which may contain sensitive information...

8.8CVSS0.0051EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/08/01 2:15 p.m.2 views

CVE-2022-36302

File path manipulation vulnerability in BF-OS version 3.00 up to and including 3.83 allows an attacker to modify the file path to access different resources, which may contain sensitive information...

8.8CVSS5.9AI score0.0051EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/08/01 2:3 p.m.55 views

CVE-2022-36302

The CVE-2022-36302 entry concerns a file path traversal-like vulnerability in BF-OS versions 3.00–3.83 . The issue allows an attacker to manipulate the file path to access other resources that may contain sensitive information. Affected component is the BF-OS path handling; the root cause is impr...

8.8CVSS5.4AI score0.0051EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/08/01 2:3 p.m.31 views

CVE-2022-36302

File path manipulation vulnerability in BF-OS version 3.00 up to and including 3.83 allows an attacker to modify the file path to access different resources, which may contain sensitive information...

8.8CVSS8.8AI score0.0051EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/08/01 12:0 a.m.4 views

Bosch BF-OS 注入漏洞

Bosch BF-OS is an operating system from Bosch, Germany that runs in 100% BF. An injection vulnerability exists in BF-OS versions 3.00 through 3.83, which stems from a file path manipulation vulnerability that allows an attacker to modify a file path to access different resources that may contain...

8.8CVSS5.8AI score0.0051EPSS
Exploits0References2
OSV
OSV
added 2021/01/26 6:15 p.m.5 views

CVE-2020-23161

Local file inclusion in Pyrescom Termod4 time management devices before 10.04k allows authenticated remote attackers to traverse directories and read sensitive files via the Maintenance Logs menu and manipulating the file-path in the URL...

6.5CVSS5.8AI score0.02385EPSS
Exploits2References3
NVD
NVD
added 2020/11/02 10:15 p.m.23 views

CVE-2020-7758

This affects versions of package browserless-chrome before 1.40.2-chrome-stable. User input flowing from the workspace endpoint gets used to create a file path filePath and this is fetched and then sent back to a user. This can be escaped to fetch arbitrary files from a server...

7.5CVSS7.5AI score0.02151EPSS
Exploits1References4
OSV
OSV
added 2020/11/02 10:15 p.m.14 views

CVE-2020-7758

This affects versions of package browserless-chrome before 1.40.2-chrome-stable. User input flowing from the workspace endpoint gets used to create a file path filePath and this is fetched and then sent back to a user. This can be escaped to fetch arbitrary files from a server...

7.5CVSS6.8AI score
Exploits0References4
NVD
NVD
added 2020/06/23 7:38 p.m.20 views

CVE-2020-7664

In all versions of the package github.com/unknwon/cae/zip, the ExtractTo function doesn't securely escape file paths in zip archives which include leading or non-leading "..". This allows an attacker to add or replace files system-wide...

7.5CVSS0.01419EPSS
Exploits1References1
seebug.org
seebug.org
added 2018/07/12 12:0 a.m.85 views

Remote code execution via multiple attack vectors in WAGO e!DISPLAY 7300T

VENDOR DESCRIPTION “New ideas are the driving force behind our success WAGO is a family-owned company headquartered in Minden, Germany. Independently operating for three generations, WAGO is the global leader of spring pressure electrical interconnect and automation solutions. For more than 60...

0.3014EPSS
Exploits8
seebug.org
seebug.org
added 2017/12/29 12:0 a.m.29 views

ZKTeco ZKBioSecurity 3.0 File Path Manipulation Vulnerability

Summary ZKBioSecurity3.0 is the ultimate "All in One" web based security platform developed by ZKTeco. It contains four integrated modules: access control, video linkage, elevator control and visitor management. With an optimized system architecture designed for high level biometric identificatio...

6.9AI score
Exploits0
exploitpack
exploitpack
added 2016/08/31 12:0 a.m.33 views

ZKTeco ZKBioSecurity 3.0 - Directory Traversal

ZKTeco ZKBioSecurity 3.0 - Directory Traversal ZKTeco ZKBioSecurity 3.0 File Path Manipulation Vulnerability Vendor: ZKTeco Inc. | Xiamen ZKTeco Biometric Identification Technology Co.,ltd Product web page: http://www.zkteco.com Affected version: 3.0.1.0R230 Platform: 3.0.1.0R230 Personnel:...

7.3AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2016/08/31 12:0 a.m.87 views

ZKTeco ZKBioSecurity 3.0 File Path Manipulation Vulnerability

Summary ZKBioSecurity3.0 is the ultimate "All in One" web based security platform developed by ZKTeco. It contains four integrated modules: access control, video linkage, elevator control and visitor management. With an optimized system architecture designed for high level biometric identificatio...

6.9CVSS5.8AI score0.00206EPSS
Exploits1
Packet Storm
Packet Storm
added 2016/08/31 12:0 a.m.39 views

ZKTeco ZKBioSecurity 3.0 File Path Manipulation

i? ZKTeco ZKBioSecurity 3.0 File Path Manipulation Vulnerability Vendor: ZKTeco Inc. | Xiamen ZKTeco Biometric Identification Technology Co.,ltd Product web page: http://www.zkteco.com Affected version: 3.0.1.0R230 Platform: 3.0.1.0R230 Personnel: 1.0.1.0R1916 Access: 6.0.1.0R1757 Elevator:...

0.1AI score
Exploits0
0day.today
0day.today
added 2016/08/31 12:0 a.m.44 views

ZKTeco ZKBioSecurity 3.0 - Directory Traversal

Exploit for jsp platform in category web applications ZKTeco ZKBioSecurity 3.0 File Path Manipulation Vulnerability Vendor: ZKTeco Inc. | Xiamen ZKTeco Biometric Identification Technology Co.,ltd Product web page: http://www.zkteco.com Affected version: 3.0.1.0R230 Platform: 3.0.1.0R230 Personnel...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2016/08/31 12:0 a.m.45 views

ZKTeco ZKBioSecurity 3.0 - Directory Traversal

ZKTeco ZKBioSecurity 3.0 File Path Manipulation Vulnerability Vendor: ZKTeco Inc. | Xiamen ZKTeco Biometric Identification Technology Co.,ltd Product web page: http://www.zkteco.com Affected version: 3.0.1.0R230 Platform: 3.0.1.0R230 Personnel: 1.0.1.0R1916 Access: 6.0.1.0R1757 Elevator:...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2015/12/24 12:0 a.m.37 views

F5 Big-IP 10.2.4 Build 595.0 Hotfix HF3 文件读取漏洞

Exploit Title: F5 BigIP File Path Traversal Vulnerability Discovered by: Karn Ganeshen Reported on: April 27, 2015 New version released on: September 01, 2015 Vendor Homepage: www.f5.com Version Reported: F5 BIG-IP 10.2.4 Build 595.0 Hotfix HF3 CVE-2015-4040 https://vulners.com/cve/CVE-2015-4040...

4CVSS6.4AI score0.06756EPSS
Exploits5
Rows per page
Query Builder