2184 matches found
CVE-2024-9924
The fix for CVE-2024-26261 was incomplete, and and the specific package for OAKlouds from Hgiga remains at risk. Unauthenticated remote attackers still can download arbitrary system files, which may be deleted subsequently...
CVE-2024-9924
CVE-2024-9924 describes an Arbitrary File Read and Delete vulnerability in HGiga OAKlouds. An unauthenticated remote attacker can request specific files and download arbitrary system files, with reports indicating the files may be deleted after download. The issue is connected to CVE-2024-26261, ...
CVE-2024-9923
The CVE-2024-9923 vulnerability affects Team+ by TEAMPLUS TECHNOLOGY (Team+ 13.5.x) and stems from improper validation of a specific page parameter, enabling a remote attacker with administrator privileges to move arbitrary system files to the website root and access them. This is a path-traversa...
CVE-2024-9923 TEAMPLUS TECHNOLOGY Team+ - Arbitrary File Move through Path Traversal
The Team+ from TEAMPLUS TECHNOLOGY does not properly validate a specific page parameter, allowing remote attackers with administrator privileges to move arbitrary system files to the website root directory and access them...
CVE-2024-9922
The Team+ from TEAMPLUS TECHNOLOGY does not properly validate a specific page parameter, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files...
CVE-2024-9922
The Team+ from TEAMPLUS TECHNOLOGY does not properly validate a specific page parameter, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files...
Amazon Linux 2023 : clamav, clamav-data, clamav-devel (ALAS2023-2024-737)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-737 advisory. A vulnerability in the PDF parsing module of Clam AntiVirus ClamAV versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x...
PT-2024-39937 · Teamplus Technology · Team+
Name of the Vulnerable Software and Affected Versions: Team+ versions affected versions not specified Description: The issue is related to the improper validation of a specific page parameter in Team+ by TEAMPLUS TECHNOLOGY, allowing unauthenticated remote attackers to read arbitrary system files...
CVE-2024-47769
IDURAR is open source ERP CRM accounting invoicing software. The vulnerability exists in the corePublicRouter.js file. Using the reference usage here, it is identified that the public endpoint is accessible to an unauthenticated user. The user's input is directly appended to the join statement...
CVE-2024-47769 IDURAR has a Path Traversal (unauthenticated user can read sensitive data)
IDURAR is open source ERP CRM accounting invoicing software. The vulnerability exists in the corePublicRouter.js file. Using the reference usage here, it is identified that the public endpoint is accessible to an unauthenticated user. The user's input is directly appended to the join statement...
CVE-2024-47769
Summary: CVE-2024-47769 affects IDURAR, an open-source ERP/CRM. The vulnerability is in corePublicRouter.js where a public endpoint is accessible to unauthenticated users and user input is directly appended to a join statement, enabling a URL-encoded payload to be processed. This can allow an att...
New Linux Malware ‘Perfctl’ Targets Millions by Mimicking System Files
New Linux malware 'Perfctl' is targeting millions worldwide, mimicking system files to evade detection. This sophisticated malware compromises…...
Amazon Linux 2 : clamav (ALAS-2024-2644)
The version of clamav installed on the remote host is prior to 0.103.12-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2644 advisory. A vulnerability in the PDF parsing module of Clam AntiVirus ClamAV versions 1.4.0, 1.3.2 and prior versions, all 1.2.x...
CVE-2024-47071
OSS Endpoint Manager is an endpoint manager module for FreePBX. OSS Endpoint Manager module activation can allow authenticated web users unauthorized access to read system files with the permissions of the webserver process. This vulnerability is fixed in 14.0.4...
CVE-2024-47071
OSS Endpoint Manager is an endpoint manager module for FreePBX. OSS Endpoint Manager module activation can allow authenticated web users unauthorized access to read system files with the permissions of the webserver process. This vulnerability is fixed in 14.0.4...
CVE-2024-47071 OSS Endpoint Manager allows unauthorized access to read system files
OSS Endpoint Manager is an endpoint manager module for FreePBX. OSS Endpoint Manager module activation can allow authenticated web users unauthorized access to read system files with the permissions of the webserver process. This vulnerability is fixed in 14.0.4...
CVE-2024-47071 OSS Endpoint Manager allows unauthorized access to read system files
OSS Endpoint Manager is an endpoint manager module for FreePBX. OSS Endpoint Manager module activation can allow authenticated web users unauthorized access to read system files with the permissions of the webserver process. This vulnerability is fixed in 14.0.4...
PT-2024-32389 · Unknown · Oss Endpoint Manager
Name of the Vulnerable Software and Affected Versions: OSS Endpoint Manager versions prior to 14.0.4 Description: The OSS Endpoint Manager module for FreePBX has an issue where its activation can allow authenticated web users to read system files without permission, using the permissions of the...
OSS Endpoint Manager 路径遍历漏洞
OSS Endpoint Manager is a FreePBX Contributed Modules open source module for FreePBX. A path traversal vulnerability exists in OSS Endpoint Manager version 14.0.3 and prior versions, which originates from allowing unauthorized access by an authenticated Web user to read system files with the...
MacTaggart Scott: Overwrite any file of the web server
The web server was vulnerable to file overwrite due to a vulnerable module used to generate files. An attacker could have overwritten any file on the web server, including critical system files, by sending a specially crafted request...