231 matches found
CVE-2023-25734
After downloading a Windows .url shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system. This also had the potential to leak NTLM credentials to the resource.This bug only affects Firefox on Windows. Othe...
CVE-2023-30509 Authenticated Remote Path Traversal in Aruba EdgeConnect Enterprise Command Line Interface
Multiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface. Successful exploitation of these vulnerabilities result in the ability to read arbitrary files on the underlying operating system, including sensitive system files...
CVE-2023-30508 Authenticated Remote Path Traversal in Aruba EdgeConnect Enterprise Command Line Interface
Multiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface. Successful exploitation of these vulnerabilities result in the ability to read arbitrary files on the underlying operating system, including sensitive system files...
CVE-2023-30508 Authenticated Remote Path Traversal in Aruba EdgeConnect Enterprise Command Line Interface
Multiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface. Successful exploitation of these vulnerabilities result in the ability to read arbitrary files on the underlying operating system, including sensitive system files...
CVE-2023-30507 Authenticated Remote Path Traversal in Aruba EdgeConnect Enterprise Command Line Interface
Multiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface. Successful exploitation of these vulnerabilities result in the ability to read arbitrary files on the underlying operating system, including sensitive system files...
CVE-2023-1163
UNSUPPORTED WHEN ASSIGNED A vulnerability has been found in DrayTek Vigor 2960 1.5.1.4/1.5.1.5 and classified as critical. Affected by this vulnerability is the function getSyslogFile of the file mainfunction.cgi of the component Web Management Interface. The manipulation of the argument option...
CVE-2023-1112
A vulnerability was found in Drag and Drop Multiple File Upload Contact Form 7 5.0.6.1 on WordPress. It has been classified as critical. Affected is an unknown function of the file admin-ajax.php. The manipulation of the argument uploadname leads to relative path traversal. It is possible to laun...
CVE-2023-22776 Authenticated Remote Path Traversal in ArubaOS Command Line Interface Allows for Arbitrary File Read
An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files on the underlying operating system, including sensitive system files...
PT-2023-20009 · Docmosis · Docmosis Tornado
Name of the Vulnerable Software and Affected Versions: Docmosis Tornado versions prior to 2.9.5 Description: An issue allows an authenticated attacker to change the Office directory setting to point to an arbitrary remote network path, triggering the execution of the soffice binary under the...
Path traversal
A vulnerability was found in MuYuCMS 2.2. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin.php/accessory/filesdel.html. The manipulation of the argument filedelur leads to relative path traversal. The attack may be launched remotely. The...
CVE-2023-1044
Summary: CVE-2023-1044 affects MuYuCMS 2.2 via the file_path parameter in the file "/editor/index.php", enabling a relative path traversal vulnerability. The issue is triggered by manipulating the affected argument, and the attack is remote with the exploit reportedly disclosed publicly. Multiple...
CVE-2023-1009
DrayTek Vigor 2960 Web Management Interface contains a path traversal vulnerability in the function sub_1DF14 of /cgi-bin/mainfunction.cgi. Exploitation arises by manipulating the option argument with the input /../etc/passwd-, enabling remote access to sensitive files. Affected versions are 1.5....
Upload_Bypass_Carnage - File Upload Restrictions Bypass, By Using Different Bug Bounty Techniques!
File Upload Restrictions Bypass, By Using Different Bug Bounty Techniques! POC video: File upload restrictions bypass by using different bug bounty techniques! Tool must be running with all its assets! Installation: pip3 install -r requirements.txt Usage: uploadbypass.py options Options: -h, --he...
CVE-2023-25740
The Mozilla Foundation Security Advisory: After downloading a Windows .scf script from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system. This also had the potential to leak NTLM credentials to the resource. This...
Mozilla Thunderbird < 102.8
The version of Thunderbird installed on the remote Windows host is prior to 102.8. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-07 advisory. - Mozilla developers Philipp and Gabriele Svelto reported memory safety bugs present in Thunderbird 102.7. Some of...
Mozilla Firefox < 110.0
The version of Firefox installed on the remote Windows host is prior to 110.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-05 advisory. - Mozilla developers Timothy Nikkel, Gabriele Svelto, Jeff Muizelaar and the Mozilla Fuzzing Team reported memory safety...
CVE-2022-36314
When opening a Windows shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system.This bug only affects Firefox for Windows. Other operating systems are unaffected.. This vulnerability affects Firefox ESR...
CVE-2022-36314
When opening a Windows shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system.This bug only affects Firefox for Windows. Other operating systems are unaffected.. This vulnerability affects Firefox ESR...
CVE-2022-36314
When opening a Windows shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system.This bug only affects Firefox for Windows. Other operating systems are unaffected.. This vulnerability affects Firefox ESR...
CVE-2022-36314
When opening a Windows shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system.This bug only affects Firefox for Windows. Other operating systems are unaffected.. This vulnerability affects Firefox ESR...