CVE-2023-25396

Privilege escalation in the MSI repair functionality in Caphyon Advanced Installer 20.0 and below allows attackers to access and manipulate system files...

Directory Traversal

serve-lite is vulnerable to Directory Traversal. The vulnerability is due to a a lack of input sanitization in the req.url parameter which is passed as-is to the path.join function, allowing a remote attacker to access system files and retrieve confidential information via malicious input...

CVE-2022-39059

ChangingTech MegaServiSignAdapter component has a path traversal vulnerability within its file reading function. An unauthenticated remote attacker can exploit this vulnerability to access arbitrary system files...

CVE-2022-39059

ChangingTech MegaServiSignAdapter component has a path traversal vulnerability within its file reading function. An unauthenticated remote attacker can exploit this vulnerability to access arbitrary system files...

Path traversal

ChangingTech MegaServiSignAdapter component has a path traversal vulnerability within its file reading function. An unauthenticated remote attacker can exploit this vulnerability to access arbitrary system files...

CVE-2022-39059

CVE-2022-39059 affects ChangingTech MegaServiSignAdapter. The file-reading function has a path traversal vulnerability that can be exploited by an unauthenticated remote attacker to read arbitrary system files. CVSSv3.1 base score 7.5 (HIGH); attack vector NETWORK, complexity LOW, privileges NONE...

Changingtec ServiSign 路径遍历漏洞

Changingtec ServiSign is a system from Changingtec Taiwan, China. The system provides a cross-platform solution for digital signatures and authentication. A path traversal vulnerability exists in the ChangingTech MegaServiSignAdapter, which stems from its file reading feature that allows an...

CVE-2022-39059 ChangingTec MegaServiSignAdapter - Path Traversal

ChangingTech MegaServiSignAdapter component has a path traversal vulnerability within its file reading function. An unauthenticated remote attacker can exploit this vulnerability to access arbitrary system files...

CVE-2022-46331

An unauthorized user could possibly delete any file on the system...

CVE-2022-46309

Vitals ESP upload function has a path traversal vulnerability. A remote attacker with general user privilege can exploit this vulnerability to access arbitrary system files...

CVE-2022-46305

ChangingTec ServiSign component has a path traversal vulnerability. An unauthenticated LAN attacker can exploit this vulnerability to bypass authentication and access arbitrary system files...

CVE-2022-46309

Vitals ESP upload function has a path traversal vulnerability. A remote attacker with general user privilege can exploit this vulnerability to access arbitrary system files...

CVE-2022-39040

aEnrich a+HRD log read function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files...

Path traversal

ChangingTec ServiSign component has a path traversal vulnerability. An unauthenticated LAN attacker can exploit this vulnerability to bypass authentication and access arbitrary system files...

CVE-2022-39040 aEnrich a+HRD - Path Traversal

aEnrich a+HRD log read function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files...

ServiSign 路径遍历漏洞

Changingtec ServiSign is a system from Changingtec Taiwan, China. The system provides a cross-platform solution for digital signatures and verification. A security vulnerability exists in ServiSign. An attacker could exploit the vulnerability to bypass authentication and access arbitrary system...

Galaxy Software Services Vitals ESP 路径遍历漏洞

Galaxy Software Services Vitals ESP is a Knowledge Management System KMS for office use from Galaxy Software Services, a company based in China. A security vulnerability exists in Galaxy Software Services Vitals ESP due to a path traversal vulnerability in the upload function. The vulnerability c...

CVE-2022-46309 Galaxy Software Services Corporation. Vitals ESP - Arbitrary Path File Reading

Vitals ESP upload function has a path traversal vulnerability. A remote attacker with general user privilege can exploit this vulnerability to access arbitrary system files...

PT-2023-14906 · Unknown · Vitals Esp

Name of the Vulnerable Software and Affected Versions: Vitals ESP affected versions not specified Description: The Vitals ESP upload function has a path traversal issue. A remote attacker with general user privileges can exploit this to access arbitrary system files. Recommendations: At the momen...

CVE-2022-46309

CVE-2022-46309 stems from a path traversal vulnerability in the Vitals ESP upload function of Galaxy Software Services’ Vitals ESP (a Knowledge Management System). The vulnerability can be exploited by a remote attacker with general user privileges to read arbitrary system files, as described in ...