Lucene search
K

235 matches found

Packet Storm
Packet Storm
added 2024/07/30 12:0 a.m.249 views

SchoolPlus 1.0 Shell Upload

============================================================================================================================================= | Title : SchoolPlus v1.0 Remote File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64...

7.4AI score
Exploits0
CNNVD
CNNVD
added 2024/05/23 12:0 a.m.5 views

Qiwen Netdisk 跨站脚本漏洞

Qiwen Netdisk is a simple and convenient file storage solution netdisk from Qiwen, a Chinese company. A cross-site scripting vulnerability exists in Qiwen Netdisk version 1.4.0 and earlier, which stems from a stored cross-site scripting XSS vulnerability in the file renaming feature in qiwen-file...

5.3CVSS4.5AI score0.00334EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/04/22 12:0 a.m.2 views

PT-2024-22868 · Mozilocms · Mozilocms

Name of the Vulnerable Software and Affected Versions: moziloCMS version 2.0 Description: The issue allows attackers to bypass file upload restrictions, potentially leading to unauthorized file execution or storage of malicious content. This is achieved by renaming files, which can result in the...

6.5CVSS7.9AI score0.00759EPSS
Exploits1References6
NVD
NVD
added 2024/03/21 10:15 a.m.23 views

CVE-2024-26307

Possible race condition vulnerability in Apache Doris. Some of code using chmod method. This method run the risk of someone renaming the file out from under user and chmodding the wrong file. This could theoretically happen, but the impact would be minimal. This issue affects Apache Doris: before...

5.3CVSS6.7AI score0.00221EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/03/21 12:0 a.m.4 views

Apache Doris 竞争条件问题漏洞

Apache Doris is a modern MPP analytic database product of the U.S. Apache Apache Foundation. Can provide sub-second queries and efficient real-time data analysis. Apache Doris has a security bypass vulnerability that stems from the use of the chmod function, which can be exploited by an attacker ...

5.3CVSS6.8AI score0.00221EPSS
Exploits0References3
NVD
NVD
added 2024/03/20 4:15 p.m.34 views

CVE-2024-23634

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. An arbitrary file renaming vulnerability exists in versions prior to 2.23.5 and 2.24.2 that enables an authenticated administrator with permissions to modify stores through the REST...

6CVSS6.1AI score0.00694EPSS
Exploits1References5
Cvelist
Cvelist
added 2024/03/20 3:22 p.m.35 views

CVE-2024-23634 GeoServer arbitrary file renaming vulnerability in REST Coverage/Data Store API

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. An arbitrary file renaming vulnerability exists in versions prior to 2.23.5 and 2.24.2 that enables an authenticated administrator with permissions to modify stores through the REST...

6CVSS6.3AI score0.00694EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2024/03/20 3:22 p.m.17 views

CVE-2024-23634 GeoServer arbitrary file renaming vulnerability in REST Coverage/Data Store API

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. An arbitrary file renaming vulnerability exists in versions prior to 2.23.5 and 2.24.2 that enables an authenticated administrator with permissions to modify stores through the REST...

6CVSS6.9AI score0.00694EPSS
Exploits1References5
CVE
CVE
added 2024/03/20 3:22 p.m.112 views

CVE-2024-23634

CVE-2024-23634 (GeoServer) affects GeoServer versions prior to 2.23.5 and 2.24.2. An authenticated administrator with REST Coverage/Data Store API file-store permissions can rename arbitrary files/directories to names not ending in .zip. External uploads are particularly susceptible, risking deni...

6CVSS6.8AI score0.00694EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2024/03/20 3:22 p.m.27 views

CVE-2024-23634 GeoServer arbitrary file renaming vulnerability in REST Coverage/Data Store API

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. An arbitrary file renaming vulnerability exists in versions prior to 2.23.5 and 2.24.2 that enables an authenticated administrator with permissions to modify stores through the REST...

6CVSS6.7AI score0.00694EPSS
Exploits1References7
OSV
OSV
added 2024/03/20 3:1 p.m.22 views

GHSA-75M5-HH4R-Q9GX GeoServer Arbitrary file renaming vulnerability in REST Coverage/Data Store API

Summary An arbitrary file renaming vulnerability exists that enables an authenticated administrator with permissions to modify stores through the REST Coverage Store or Data Store API to rename arbitrary files and directories with a name that does not end in ".zip". Details Store file uploads...

6CVSS6AI score0.00694EPSS
Exploits1References7
Github Security Blog
Github Security Blog
added 2024/03/20 3:1 p.m.21 views

GeoServer Arbitrary file renaming vulnerability in REST Coverage/Data Store API

Summary An arbitrary file renaming vulnerability exists that enables an authenticated administrator with permissions to modify stores through the REST Coverage Store or Data Store API to rename arbitrary files and directories with a name that does not end in ".zip". Details Store file uploads...

6CVSS7.2AI score0.00694EPSS
Exploits1References7Affected Software1
NVD
NVD
added 2024/02/05 10:15 p.m.24 views

CVE-2024-0221

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.8.19 via the renameitem function. This makes it possible for authenticated attackers to rename arbitrary files on the server. This can lead ...

9.1CVSS9AI score0.01312EPSS
Exploits0References4
OSV
OSV
added 2024/02/05 10:15 p.m.5 views

CVE-2024-0221

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.8.19 via the renameitem function. This makes it possible for authenticated attackers to rename arbitrary files on the server. This can lead ...

7.2CVSS7.2AI score0.01312EPSS
Exploits0References4
Prion
Prion
added 2024/02/05 10:15 p.m.29 views

Directory traversal

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.8.19 via the renameitem function. This makes it possible for authenticated attackers to rename arbitrary files on the server. This can lead ...

5.8CVSS6.8AI score0.01312EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/12/08 12:0 a.m.8 views

The vulnerability of the file renaming function of the ASUSTOR Data Master operating system allows a hacker to move any files they desire.

The vulnerability of the file renaming function of the ASUSTOR Data Master operating system involves the use of files and directories accessible from external parties. Exploiting this vulnerability could allow a hacker to move arbitrary files...

7.5CVSS6AI score0.00159EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/08/31 12:0 a.m.7 views

The vulnerability of the umask() function in the archive_write_disk.posix.c component of the Libarchive library, which allows an attacker to delete and rename files within directories.

The vulnerability of the umask function in the archivewritedisk.posix.c component of the Libarchive library arises due to synchronization errors when using a shared resource. Exploiting this vulnerability could allow an attacker to delete and rename files within these directories...

5.3CVSS5.8AI score0.00192EPSS
Exploits0References5Affected Software2
NVD
NVD
added 2023/08/22 7:16 p.m.23 views

CVE-2023-4475

An Arbitrary File Movement vulnerability was found in ASUSTOR Data Master ADM allows an attacker to exploit the file renaming feature to move files to unintended directories. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below...

7.5CVSS7.5AI score0.00159EPSS
Exploits0References1
OSV
OSV
added 2023/08/22 7:16 p.m.4 views

CVE-2023-4475

An Arbitrary File Movement vulnerability was found in ASUSTOR Data Master ADM allows an attacker to exploit the file renaming feature to move files to unintended directories. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below...

5.5CVSS5.7AI score0.00159EPSS
Exploits0References1
CVE
CVE
added 2023/08/22 9:2 a.m.43 views

CVE-2023-4475

ASUSTOR Data Master (ADM) is affected by an Arbitrary File Movement vulnerability via the file renaming feature. Affected: ADM 4.0.6.RIS1 and below, ADM 4.1.0 and below, ADM 4.2.2.RI61 and below. Root cause: exploitation of the file renaming mechanism to move files into unintended directories. Im...

7.5CVSS6.1AI score0.00159EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder