PT-2024-6797 · Microsoft · Openssh For Windows +1

Name of the Vulnerable Software and Affected Versions: Microsoft OpenSSH for Windows affected versions not specified Description: The issue is related to incorrect external management of a file name or path in the cryptographic protection tool of OpenSSH for Windows. This allows a remote attacker...

Exploit for Files or Directories Accessible to External Parties in Apache Struts

CVE-2023-50164 PoC This repository is a proof of concept PoC...

CVE-2024-9279

A vulnerability, which was classified as problematic, was found in funnyzpc Mee-Admin up to 1.6. This affects an unknown part of the file /mee/index of the component User Center. The manipulation of the argument User Nickname leads to cross site scripting. It is possible to initiate the attack...

CVE-2024-8671

The WooEvents - Calendar and Event Booking plugin for WordPress is vulnerable to arbitrary file overwrite due to insufficient file path validation in the inc/barcode.php file in all versions up to, and including, 4.1.2. This makes it possible for unauthenticated attackers to overwrite arbitrary...

CVE-2024-8671

The CVE-2024-8671 entry concerns WordPress plugin WooEvents – Calendar and Event Booking. Affected versions (up to 4.1.2) are vulnerable to arbitrary file overwrite due to insufficient file path validation in inc/barcode.php, enabling unauthenticated attackers to overwrite server files and potent...

PT-2024-39453

Name of the Vulnerable Software and Affected Versions Olgu Computer Systems e-Belediye versions prior to 2.0.642 Description The issue allows external control of file name or path due to incorrect permission assignment for critical resources, enabling manipulation of web input to file system call...

PT-2024-39412 · Unknown · Code-Projects Student Record System

Name of the Vulnerable Software and Affected Versions: code-projects Student Record System version 1.0 Description: A critical issue has been found in the code-projects Student Record System, affecting unknown code in the file /course.php. The manipulation of the coursename argument leads to SQL...

Relative Path Traversal

@backstage/plugin-techdocs-backend is vulnerable to Relative Path Traversal. The vulnerability is caused due to improper validation of file paths, allowing unauthorized access to files in the AWS S3 or GCS storage provider...

Chicheng JFLow 访问控制错误漏洞

Chicheng JFLow is a workflow engine form from China Chicheng Chicheng. An access control error vulnerability exists in Chicheng JFLow version 2.0.0, which stems from a parameter oid in file /WF/Ath/EntityMutliFileLoad.do that can lead to improper access control...

The vulnerability of Windows operating systems arises from improper external management of file names or file paths, allowing attackers to gain unauthorized access and modify the contents of compressed folders.

Vulnerabilities of Windows operating systems are related to incorrect external management of file names or file paths. Exploiting these vulnerabilities can allow an attacker, operating remotely, to gain unauthorized access and modify the contents of compressed folders...

CVE-2024-7626

The WP Delicious – Recipe Plugin for Food Bloggers formerly Delicious Recipes plugin for WordPress is vulnerable to arbitrary file movement and reading due to insufficient file path validation in the saveeditprofiledetails function in all versions up to, and including, 1.6.9. This makes it possib...

CVE-2024-7626

CVE-2024-7626 affects WP Delicious – Recipe Plugin for WordPress (formerly Delicious Recipes), versions ≤ 1.6.9. The vulnerability stems from insufficient file path validation in the save_edit_profile_details() function, allowing authenticated users with subscriber-level access and above to move ...

WordPress plugin WP Delicious 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

Exploit for Improper Privilege Management in Enlightenment

CVE-2022-37706 The CVE-2022-37706 vulnerability is relate...

PT-2024-39119 · Sourcecodester · Sourcecodester Online Dj Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Bank Management System version 1.0 Description: A vulnerability was found in the component Feedback Handler, affecting an unknown part of the file /mfeedback.php. The manipulation leads to cross-site scripting. It is...

SourceCodester Clinics Patient Management System 安全漏洞

SourceCodester Clinics Patient Management System is a clinic patient management system from SourceCodester, Inc. A security vulnerability exists in SourceCodester Clinics Patient Management System version 2.0, which stems from the parameter message in the file /users.php that can lead to cross-si...

Hoverfly allows an arbitrary file read in the `/api/v2/simulation` endpoint (`GHSL-2023-274`)

Details The /api/v2/simulation POST handler allows users to create new simulation views from the contents of a user-specified file. This feature can be abused by an attacker to read arbitrary files from the Hoverfly server. go...

Zen Load Balancer Directory Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Zen Load Balancer Directory Traversal', 'Description' = %q This module exploits a authenticated directory traversal vulnerability in Zen Load...

CVE-2024-8366

A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /index.php?id=userProfileEdit of the component Update My Profile Page. The manipulation of the argument fname/lname/email with the input alert...

Cambium CnPilot R200/r201 File Path Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cambium cnPilot r200/r201 File Path Traversal', 'Description' = %q This module exploits a File Path Traversal vulnerability in Cambium cnPilot...