235 matches found
SchoolPlus 1.0 Shell Upload
============================================================================================================================================= | Title : SchoolPlus v1.0 Remote File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64...
Qiwen Netdisk 跨站脚本漏洞
Qiwen Netdisk is a simple and convenient file storage solution netdisk from Qiwen, a Chinese company. A cross-site scripting vulnerability exists in Qiwen Netdisk version 1.4.0 and earlier, which stems from a stored cross-site scripting XSS vulnerability in the file renaming feature in qiwen-file...
PT-2024-22868 · Mozilocms · Mozilocms
Name of the Vulnerable Software and Affected Versions: moziloCMS version 2.0 Description: The issue allows attackers to bypass file upload restrictions, potentially leading to unauthorized file execution or storage of malicious content. This is achieved by renaming files, which can result in the...
CVE-2024-26307
Possible race condition vulnerability in Apache Doris. Some of code using chmod method. This method run the risk of someone renaming the file out from under user and chmodding the wrong file. This could theoretically happen, but the impact would be minimal. This issue affects Apache Doris: before...
Apache Doris 竞争条件问题漏洞
Apache Doris is a modern MPP analytic database product of the U.S. Apache Apache Foundation. Can provide sub-second queries and efficient real-time data analysis. Apache Doris has a security bypass vulnerability that stems from the use of the chmod function, which can be exploited by an attacker ...
CVE-2024-23634
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. An arbitrary file renaming vulnerability exists in versions prior to 2.23.5 and 2.24.2 that enables an authenticated administrator with permissions to modify stores through the REST...
CVE-2024-23634 GeoServer arbitrary file renaming vulnerability in REST Coverage/Data Store API
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. An arbitrary file renaming vulnerability exists in versions prior to 2.23.5 and 2.24.2 that enables an authenticated administrator with permissions to modify stores through the REST...
CVE-2024-23634 GeoServer arbitrary file renaming vulnerability in REST Coverage/Data Store API
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. An arbitrary file renaming vulnerability exists in versions prior to 2.23.5 and 2.24.2 that enables an authenticated administrator with permissions to modify stores through the REST...
CVE-2024-23634
CVE-2024-23634 (GeoServer) affects GeoServer versions prior to 2.23.5 and 2.24.2. An authenticated administrator with REST Coverage/Data Store API file-store permissions can rename arbitrary files/directories to names not ending in .zip. External uploads are particularly susceptible, risking deni...
CVE-2024-23634 GeoServer arbitrary file renaming vulnerability in REST Coverage/Data Store API
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. An arbitrary file renaming vulnerability exists in versions prior to 2.23.5 and 2.24.2 that enables an authenticated administrator with permissions to modify stores through the REST...
GHSA-75M5-HH4R-Q9GX GeoServer Arbitrary file renaming vulnerability in REST Coverage/Data Store API
Summary An arbitrary file renaming vulnerability exists that enables an authenticated administrator with permissions to modify stores through the REST Coverage Store or Data Store API to rename arbitrary files and directories with a name that does not end in ".zip". Details Store file uploads...
GeoServer Arbitrary file renaming vulnerability in REST Coverage/Data Store API
Summary An arbitrary file renaming vulnerability exists that enables an authenticated administrator with permissions to modify stores through the REST Coverage Store or Data Store API to rename arbitrary files and directories with a name that does not end in ".zip". Details Store file uploads...
CVE-2024-0221
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.8.19 via the renameitem function. This makes it possible for authenticated attackers to rename arbitrary files on the server. This can lead ...
CVE-2024-0221
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.8.19 via the renameitem function. This makes it possible for authenticated attackers to rename arbitrary files on the server. This can lead ...
Directory traversal
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.8.19 via the renameitem function. This makes it possible for authenticated attackers to rename arbitrary files on the server. This can lead ...
The vulnerability of the file renaming function of the ASUSTOR Data Master operating system allows a hacker to move any files they desire.
The vulnerability of the file renaming function of the ASUSTOR Data Master operating system involves the use of files and directories accessible from external parties. Exploiting this vulnerability could allow a hacker to move arbitrary files...
The vulnerability of the umask() function in the archive_write_disk.posix.c component of the Libarchive library, which allows an attacker to delete and rename files within directories.
The vulnerability of the umask function in the archivewritedisk.posix.c component of the Libarchive library arises due to synchronization errors when using a shared resource. Exploiting this vulnerability could allow an attacker to delete and rename files within these directories...
CVE-2023-4475
An Arbitrary File Movement vulnerability was found in ASUSTOR Data Master ADM allows an attacker to exploit the file renaming feature to move files to unintended directories. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below...
CVE-2023-4475
An Arbitrary File Movement vulnerability was found in ASUSTOR Data Master ADM allows an attacker to exploit the file renaming feature to move files to unintended directories. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below...
CVE-2023-4475
ASUSTOR Data Master (ADM) is affected by an Arbitrary File Movement vulnerability via the file renaming feature. Affected: ADM 4.0.6.RIS1 and below, ADM 4.1.0 and below, ADM 4.2.2.RI61 and below. Root cause: exploitation of the file renaming mechanism to move files into unintended directories. Im...