CVE-2022-2441

The ImageMagick Engine plugin for WordPress is vulnerable to remote code execution via the 'clipath' parameter in versions up to, and including 1.7.5. This makes it possible for unauthenticated users to run arbitrary commands leading to remote command execution, granted they can trick a site...

Remote code execution

The ImageMagick Engine plugin for WordPress is vulnerable to remote code execution via the 'clipath' parameter in versions up to, and including 1.7.5. This makes it possible for unauthenticated users to run arbitrary commands leading to remote command execution, granted they can trick a site...

CVE-2023-45727

Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and earlier, and Proself Mail Sanitize Edition Ver1.08 and earlier allow a remote unauthenticated attacker to conduct XML External Entity XXE attacks. By processing a specially crafted request containing...

CVE-2023-45727

Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and earlier, and Proself Mail Sanitize Edition Ver1.08 and earlier allow a remote unauthenticated attacker to conduct XML External Entity XXE attacks. By processing a specially crafted request containing...

CVE-2023-42475

The Statutory Reporting application has a vulnerable file storage location, potentially enabling low privileged attacker to read server files with minimal impact on confidentiality...

CVE-2023-42475

The Statutory Reporting application has a vulnerable file storage location, potentially enabling low privileged attacker to read server files with minimal impact on confidentiality...

CVE-2023-42475 Information Disclosure Vulnerability in Statutory Reporting

The Statutory Reporting application has a vulnerable file storage location, potentially enabling low privileged attacker to read server files with minimal impact on confidentiality...

CVE-2023-42475 Information Disclosure Vulnerability in Statutory Reporting

The Statutory Reporting application has a vulnerable file storage location, potentially enabling low privileged attacker to read server files with minimal impact on confidentiality...

CVE-2023-42475

The CVE-2023-42475 entry concerns a vulnerable file storage location in the Statutory Reporting application that could allow a low-privileged attacker to read server files, leading to information disclosure with low confidentiality impact. The available sources identify the affected software as t...

SAP S/4HANA Information Disclosure Vulnerability

SAP S/4HANA is an enterprise resource management software based on the SAP HANA in-memory database system from SAP, Germany. An information disclosure vulnerability exists in SAP S/4HANA that stems from a vulnerable file storage location that could allow a low-privileged attacker to read server...

PT-2023-6223 · Sap · Sap S/4Hana

Name of the Vulnerable Software and Affected Versions: Statutory Reporting application affected versions not specified SAP S/4HANA affected versions not specified Description: The issue concerns a vulnerable file storage location in the Statutory Reporting application, potentially allowing a...

Path traversal

Path Traversal in OpenCart versions 4.0.0.0 to 4.0.2.2 allows an authenticated user with access/modify privilege on the Log component to empty out arbitrary files on the server...

Dell NetWorker Authorization Issues Vulnerability

Dell NetWorker is an application from Dell USA Inc. It provides forum discussion capabilities for Dell Inc. An authorization issue vulnerability exists in Dell NetWorker version 19.7, which originated from a vulnerability that allows an unauthenticated attacker to manipulate commands to gain full...

OpenCart 路径遍历漏洞

OpenCart is a powerful open source e-commerce platform that helps users to quickly build and manage their own online stores. It provides rich functionality and flexible customization options to meet different users' needs. With OpenCart, users can easily add products, process orders, manage...

CVE-2023-2315 Path Traversal in OpenCart versions 4.0.0.0 to 4.0.2.2

Path Traversal in OpenCart versions 4.0.0.0 to 4.0.2.2 allows an authenticated user with access/modify privilege on the Log component to empty out arbitrary files on the server...

CVE-2023-2315 Path Traversal in OpenCart versions 4.0.0.0 to 4.0.2.2

Path Traversal in OpenCart versions 4.0.0.0 to 4.0.2.2 allows an authenticated user with access/modify privilege on the Log component to empty out arbitrary files on the server...

PT-2023-27500 · Unknown · Welcart E-Commerce

Name of the Vulnerable Software and Affected Versions: Welcart e-Commerce versions 2.7 to 2.8.21 Description: The issue allows a user with author or higher privilege to obtain partial information of the files on the web server due to a path traversal vulnerability. Recommendations: For Welcart...

PT-2023-18859 · Opencart · Opencart

Name of the Vulnerable Software and Affected Versions: OpenCart versions 4.0.0.0 through 4.0.2.2 Description: The issue allows an authenticated user with access/modify privilege on the Log component to empty out arbitrary files on the server. This is due to a Path Traversal vulnerability...

Arbitrary File Read

OpenRefine is vulnerable to Arbitrary File Read. The vulnerability due to improper jdbc url sanitization, which allows an attacker to set the allowLoadLocalInfile value to true by passing it through the databaseName parameter. This can be exploited to read sensitive internal server files...

CVE-2023-3814

The Advanced File Manager WordPress plugin before 5.1.1 does not adequately authorize its usage on multisite installations, allowing site admin users to list and read arbitrary files and folders on the server...