322 matches found
CVE-2023-51648 Allegra getFileContentAsString Directory Traversal Information Disclosure Vulnerability
Allegra getFileContentAsString Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Allegra. Although authentication is required to exploit this vulnerability, the product implements a...
CVE-2023-51648
CVE-2023-51648 affects Allegra, via the getFileContentAsString method which is vulnerable to directory traversal information disclosure. The root cause is improper validation of a user-supplied path used in file operations, enabling disclosure of sensitive data including stored credentials. Some ...
CVE-2023-51648 Allegra getFileContentAsString Directory Traversal Information Disclosure Vulnerability
Allegra getFileContentAsString Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Allegra. Although authentication is required to exploit this vulnerability, the product implements a...
CVE-2023-51642 Allegra loadFieldMatch Deserialization of Untrusted Data Remote Code Execution Vulnerability
Allegra loadFieldMatch Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, product implements a...
CVE-2023-51642 Allegra loadFieldMatch Deserialization of Untrusted Data Remote Code Execution Vulnerability
Allegra loadFieldMatch Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, product implements a...
CVE-2023-51642
CVE-2023-51642 involves Allegra’s loadFieldMatch deserialization, where untrusted data is deserialized due to improper input validation. This leads to remote code execution in the LOCAL SERVICE context. Attack requires authentication, but Allegra’s registration mechanism can create a user with su...
CVE-2023-51641 Allegra renderFieldMatch Deserialization of Unstrusted Data Remote Code Execution Vulnerability
Allegra renderFieldMatch Deserialization of Unstrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, product implements a...
CVE-2023-51641 Allegra renderFieldMatch Deserialization of Unstrusted Data Remote Code Execution Vulnerability
Allegra renderFieldMatch Deserialization of Unstrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, product implements a...
CVE-2023-51641
CVE-2023-51641 affects Allegra’s renderFieldMatch, where deserialization of untrusted data can allow remote code execution. The flaw arises from insufficient validation of user-supplied data, enabling code execution in the context of LOCAL SERVICE. Authentication is required, but Allegra’s regist...
CVE-2022-20655
A vulnerability in the implementation of the CLI on a device that is running ConfD could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient validation of a process argument on an affected device. An attacker could exploit this...
CVE-2022-20655
A vulnerability in the implementation of the CLI on a device that is running ConfD could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient validation of a process argument on an affected device. An attacker could exploit this...
Missing access control on endpoint to list all evaluations in lunary-ai/lunary
Description The /v1/evaluators/ route allows users to fetch all evaluators of a project by sending a GET request. However, the route lacks proper access control, such as middleware to ensure that only users with appropriate roles can access evaluator data. The current implementation: Does not...
CVE-2024-45429
Cross-site scripting vulnerability exists in Advanced Custom Fields versions 6.3.5 and earlier and Advanced Custom Fields Pro versions 6.3.5 and earlier. If an attacker with the 'capability' setting privilege which is set in the product settings stores an arbitrary script in the field label, the...
ScadaBR Credentials Dumper
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ScadaBR Credentials Dumper', 'Description' = %q This module retrieves credentials from ScadaBR, including service credentials and unsalted SHA1...
Dell PowerEdge Platform 安全漏洞
Dell PowerEdge Platform is a server platform from Dell USA. A security vulnerability exists in Dell PowerEdge Platform that originates from a contained end-of-buffer access to memory location vulnerability, which could be exploited by a low-privileged attacker with local access rights to cause an...
mysql: Server: DML unspecified vulnerability (CPU Jan 2024)
Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL Server...
CVE-2024-32764
A missing authentication for critical function vulnerability has been reported to affect myQNAPcloud Link. If exploited, the vulnerability could allow users with the privilege level of some functionality via a network. We have already fixed the vulnerability in the following version: myQNAPcloud...
CVE-2024-32764
Summary: CVE-2024-32764 affects QNAP’s myQNAPcloud Link. The issue is a missing authentication for a critical function accessible over the network, potentially allowing a user with existing functional privileges to exploit it. Affected product/version: myQNAPcloud Link prior to 2.4.51 (vulnerable...
CVE-2024-32764 myQNAPcloud Link
A missing authentication for critical function vulnerability has been reported to affect myQNAPcloud Link. If exploited, the vulnerability could allow users with the privilege level of some functionality via a network. We have already fixed the vulnerability in the following version: myQNAPcloud...
CVE-2024-20352
A vulnerability in Cisco Emergency Responder could allow an authenticated, remote attacker to conduct a directory traversal attack, which could allow the attacker to perform arbitrary actions on an affected device. This vulnerability is due to insufficient protections for the web UI of an affecte...