CVE-2022-39022 e-Excellence Inc. U-Office Force - Path Traversal

U-Office Force Download function has a path traversal vulnerability. A remote attacker with general user privilege can exploit this vulnerability to download arbitrary system file...

VulnCheck KEV: CVE-2020-3153

Cisco AnyConnect Secure Mobility Client for Windows allows for incorrect handling of directory paths. An attacker with valid credentials on Windows would be able to copy malicious files to arbitrary locations with system level privileges. This could include DLL pre-loading, DLL hijacking, and...

PT-2022-24703 · Unknown · Rava Certificate Validation System

Name of the Vulnerable Software and Affected Versions: RAVA certification validation system affected versions not specified Description: The RAVA certification validation system has a path traversal issue. This allows an unauthenticated remote attacker to bypass authentication and access arbitrar...

Microsoft Windows Win32K 安全漏洞

Microsoft Windows Win32k is a system file for Windows multi-user management from Microsoft Corporation USA.Microsoft Windows Win32K has an elevation of privilege vulnerability, which stems from improper privilege assignment in the application and can be exploited by an attacker to cause an...

CVE-2022-34429

Dell Hybrid Client below 1.8 version contains a Zip Slip Vulnerability in UI. A guest privilege attacker could potentially exploit this vulnerability, leading to system files modification...

Path traversal

Smart eVision’s file acquisition function has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication, access restricted paths to download and delete...

Input validation

Armoury Crate Service’s logging function has insufficient validation to check if the log file is a symbolic link. A physical attacker with general user privilege can modify the log file property to a symbolic link that points to arbitrary system file, causing the logging function to overwrite the...

PT-2022-24534 · Asus · Armoury Crate Service

Name of the Vulnerable Software and Affected Versions: Armoury Crate Service affected versions not specified Description: The issue concerns Armoury Crate Service's logging function, which lacks sufficient validation to check if the log file is a symbolic link. This allows a physical attacker wit...

CVE-2022-40925

Zoo Management System v1.0 has an arbitrary file upload vulnerability in the picture upload point of the "saveevent" file of the "Events" module in the background management system...

PT-2022-23536 · Unknown · Garage Management System

Name of the Vulnerable Software and Affected Versions: Garage Management System version 1.0 Description: The issue is related to a lack of filtering in the file upload function, allowing an attacker to upload a PHP Reverse Shell and gain Remote Code Execution RCE during the process of adding part...

CVE-2022-37191

The component "cuppa/api/index.php" of CuppaCMS v1.0 is Vulnerable to LFI. An authenticated user can read system files via crafted POST request using function parameter value as LFI payload...

CVE-2022-27593

An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, This could allow an attacker to modify system files. We have already fixed the vulnerability in the following versions: QTS 5.0.1: Photo Station 6.1.2 and later...

CVE-2022-30298

An improper privilege management vulnerability CWE-269 in Fortinet FortiSOAR before 7.2.1 allows a GUI user who has already found a way to modify system files via another, unrelated and hypothetical exploit to execute arbitrary Python commands as root...

Fortinet FortiADC 安全漏洞

Fortinet FortiADC is an application delivery controller from Fortinet, Inc. Fortinet FortiADC is vulnerable to an authorization issue, which stems from improper privilege management. An attacker could exploit the vulnerability to modify system files using a shell...

Vulnerabilities fixed in Nessus Agent

Tenable has fixed two vulnerabilities in Nessus Agent. A authenticated malicious person with the ability and knowledge to create custom audit files could exploit the vulnerabilities to execute code with administrator privileges, or to access gain access to arbitrary system files of the underlying...

WordPress Export All URLs plugin <= 4.3 - Authenticated Arbitrary System File Removal vulnerability

Authenticated Arbitrary System File Removal vulnerability discovered by Raad Haddad in WordPress Export All URLs plugin versions = 4.3. Solution Update the WordPress Export All URLs plugin to the latest available version at least 4.4...

CVE-2022-31062 Unauthenticated Local File Inclusion

Impact A plugin public script can be used to read content of system files. Patches Upgrade to version 1.0.2. Workarounds b/deploy/index.php file can be deleted if deploy feature is not used...

CVE-2022-33739

CA Clarity 15.8 and below and 15.9.0 contain an insecure XML parsing vulnerability that could allow a remote attacker to potentially view the contents of any file on the system...

CVE-2022-31219 Drive Composer Link Following Local Privilege Escalation Vulnerability

Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Drive Composer installer file allows a low-privileged user to run a "repair" operation o...

PT-2022-11735 · Totolink · Totolink Ex1200T

Name of the Vulnerable Software and Affected Versions: TOTOLINK EX1200T version 4.1.2cu.5215 Description: The issue concerns a remote command injection vulnerability. This vulnerability is located in the NTPSyncWithHost function of the system.so file, allowing control over hostTime to launch an...