2184 matches found
Uniong WebITR 安全漏洞
Uniong WebITR is an online time and attendance system from China Kaifa Uniong. A security vulnerability exists in Uniong WebITR that stems from vulnerability to absolute path traversal attacks, which could lead to a remote attacker downloading arbitrary system files...
WebITR 安全漏洞
WebITR is a poor attendance system from WebITR Corporation of Taiwan, China. A security vulnerability exists in WebITR that stems from vulnerability to absolute path traversal attacks, which could lead to a remote attacker downloading arbitrary system files...
Uniong WebITR 安全漏洞
Uniong WebITR is an online time and attendance system from China Kaifa Uniong. A security vulnerability exists in Uniong WebITR that stems from vulnerability to absolute path traversal attacks, which could lead to a remote attacker downloading arbitrary system files...
WebITR 安全漏洞
WebITR is a poor attendance system from WebITR Corporation of Taiwan, China. A security vulnerability exists in WebITR that stems from vulnerability to absolute path traversal attacks, which could lead to a remote attacker downloading arbitrary system files...
PT-2025-34346 · Uniong · Webitr
Name of the Vulnerable Software and Affected Versions: WebITR affected versions not specified Description: WebITR developed by Uniong has an Arbitrary File Reading vulnerability. This allows remote attackers with regular privileges to exploit Absolute Path Traversal and download arbitrary system...
CVE-2025-20251
A vulnerability in the Remote Access SSL VPN service for Cisco Secure Firewall Adaptive Security Appliance ASA Software and Cisco Secure Firewall Threat Defense FTD Software could allow an authenticated, remote attacker to create or delete arbitrary files on the underlying operating system. If...
CVE-2025-20251
CVE-2025-20251 affects Cisco Secure Firewall ASA/FTD VPN Web Server: authenticated remote attacker can use crafted HTTP requests to create or delete arbitrary files on the OS due to insufficient input validation, potentially dropping VPN sessions and causing DoS; device reboot may be required. Ex...
CVE-2025-20148 Cisco Secure Firewall Management Center HTML Injection Vulnerability
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software could allow an authenticated, remote attacker to inject arbitrary HTML content into a device-generated document. This vulnerability is due to improper validation of user-supplied data. An...
CVE-2025-42946
Due to directory traversal vulnerability in SAP S/4HANA Bank Communication Management, an attacker with high privileges and access to a specific transaction and method in Bank Communication Management could gain unauthorized access to sensitive operating system files. This could allow the attacke...
CVE-2025-34154 UnForm Server Manager < 10.1.12 Unauthenticated Arbitrary File Read
UnForm Server Manager versions prior to 10.1.12 expose an unauthenticated file read vulnerability via its log file analysis interface. The flaw resides in the arc endpoint, which accepts a fl parameter to specify the log file to be opened. Due to insufficient input validation and lack of path...
CVE-2025-8912 WellChoose|Organization Portal System - Arbitrary File Reading through Path Traversal
Organization Portal System developed by WellChoose has an Arbitrary File Reading vulnerability, allowing unauthenticated remote attackers to exploit Absolute Path Traversal to download arbitrary system files...
CVE-2025-8909 WellChoose|Organization Portal System - Arbitrary File Reading through Path Traversal
Organization Portal System developed by WellChoose has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files...
CVE-2025-42946
Due to directory traversal vulnerability in SAP S/4HANA Bank Communication Management, an attacker with high privileges and access to a specific transaction and method in Bank Communication Management could gain unauthorized access to sensitive operating system files. This could allow the attacke...
CVE-2025-42946
CVE-2025-42946 is a directory traversal vulnerability in SAP S/4HANA Bank Communication Management. An attacker with high privileges and access to a specific transaction/method could read or delete sensitive operating-system files, causing high confidentiality impact and low integrity impact; ava...
CVE-2025-42946 Directory Traversal vulnerability in SAP S/4HANA (Bank Communication Management)
Due to directory traversal vulnerability in SAP S/4HANA Bank Communication Management, an attacker with high privileges and access to a specific transaction and method in Bank Communication Management could gain unauthorized access to sensitive operating system files. This could allow the attacke...
CVE-2025-42946 Directory Traversal vulnerability in SAP S/4HANA (Bank Communication Management)
Due to directory traversal vulnerability in SAP S/4HANA Bank Communication Management, an attacker with high privileges and access to a specific transaction and method in Bank Communication Management could gain unauthorized access to sensitive operating system files. This could allow the attacke...
PT-2025-32607 · Sap · Sap S/4Hana
Name of the Vulnerable Software and Affected Versions: SAP S/4HANA Bank Communication Management affected versions not specified Description: A directory traversal issue exists in SAP S/4HANA Bank Communication Management. An attacker with elevated privileges and access to a specific transaction...
Directory Traversal
Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Directory Traversal via the addcrypted endpoint when processing the package parameter. An attacker can achieve arbitrary file write and execute malicious co...
CVE-2025-43247
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. A malicious app with root privileges may be able to modify the contents of system files...
Unspecified Vulnerability in Apple macOS (CNVD-2025-18457)
Apple macOS is a specialized operating system developed by Apple for Mac computers. Apple macOS has a security vulnerability that can be exploited by attackers to modify the contents of system files...