2184 matches found
CVE-2024-4956
Affected product: Sonatype Nexus Repository 3. Vulnerability: Path Traversal (CWE-22) allowing an unauthenticated attacker to read system files. Root cause / details: Unauthenticated path traversal in Nexus Repository 3 enables access to sensitive files; fixed in version 3.68.1. Impact (as stated...
GHSA-7GWJ-7FHM-VW4W Drupal core unrestricted file upload
Drupal 8 core's filesaveupload function does not strip the leading and trailing dot '.' from filenames, like Drupal 7 did. Users with the ability to upload files with any extension in conjunction with contributed modules may be able to use this to upload system files such as .htaccess in order to...
CVE-2024-4357
An information disclosure vulnerability exists in Progress Telerik Report Server, version 2024 Q1 10.0.24.305 or earlier, allows low-privilege attacker to read systems file via XML External Entity Processing...
CVE-2024-31475
There is an arbitrary file deletion vulnerability in the Central Communications service accessed by PAPI Aruba's access point management protocol. Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to...
CVE-2024-0100
NVIDIA Triton Inference Server for Linux contains a vulnerability in the tracing API, where a user can corrupt system files. A successful exploit of this vulnerability might lead to denial of service and data tampering...
ROS-20240507-06
A vulnerability in the xdg-desktop-portal interface of the Flatpak application and environment management tool is related to the injection or modification of arguments. Exploitation of the vulnerability could allow an attacker to to exit an isolated program environment and access files on the...
CVE-2024-28072 Arbitrary File Overwrite Vulnerability
A highly privileged account can overwrite arbitrary files on the system with log output. The log file path tags were not sanitized properly...
Zscaler Client Connector 安全漏洞
Zscaler Client Connector is an application from zscaler. An application that is installed on a device to ensure that Internet traffic and access to an organization's internal applications are secure and in compliance with the organization's policies, even when not on the corporate network. A...
CVE-2023-50915
CVE-2023-50915 affects GOG Galaxy (Beta) 2.0.67.2–2.0.71.2. The issue exists in GalaxyClientService.exe and could allow an authenticated user to overwrite and corrupt critical system files by abusing a combination of an NTFS Junction and an RPC Object Manager symbolic link, potentially leading to...
CVE-2023-50915
An issue exists in GalaxyClientService.exe in GOG Galaxy Beta 2.0.67.2 through 2.0.71.2 that could allow authenticated users to overwrite and corrupt critical system files via a combination of an NTFS Junction and an RPC Object Manager symbolic link and could result in a denial of service...
CVE-2024-4297
The system configuration interface of HGiga iSherlock including MailSherlock, SpamSherlock, AuditSherlock fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability to download arbitrary system files...
CVE-2024-4296
The account management interface of HGiga iSherlock including MailSherlock, SpamSherlock, AuditSherlock fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability to download arbitrary system files...
CVE-2024-4296 HGiga iSherlock - Arbitrary File Download
The account management interface of HGiga iSherlock including MailSherlock, SpamSherlock, AuditSherlock fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability to download arbitrary system files...
CVE-2024-4296
The CVE-2024-4296 entry concerns HGiga iSherlock (including MailSherlock, SpamSherlock, AuditSherlock). The vulnerability arises from inadequate filtering of special characters in certain function parameters in the account management interface, enabling remote attackers with administrative privil...
HGiga iSherlock 路径遍历漏洞
HGiga iSherlock is a series of software products from China's Henderson Technology HGiga. A path traversal vulnerability exists in HGiga iSherlock, which stems from the presence of a path traversal vulnerability. An attacker can exploit this vulnerability to download arbitrary system files...
Privilege Escalation
github.com/kubevirt/kubevirt/ is vulnerable to Privilege Escalation. This vulnerability arises due to insufficient access controls, enabling an attacker to assume the privileges of the VM process on the host system. Consequently, attackers could potentially read and modify any file on the system...
Dell Repository Manager 输入验证错误漏洞
Dell Repository Manager is a suite of Dell USA's Dell Repository Manager ensures that Dell PowerEdge servers have the latest BIOS, drivers, firmware, and software. A directory traversal vulnerability exists in the Dell Repository Manager logger module, which can be exploited by a local attacker t...
The vulnerability of the cross-platform FTP server CrushFTP’s web interface allows a hacker to gain access to the virtual file system and system files.
The vulnerability of the cross-platform FTP server CrushFTP lies in errors related to privilege management. Exploiting this vulnerability allows a malicious actor to gain access to the system files by exiting the virtual file system remotely...
Navigating the EU NIS2 Directive
How Qualys Cybersecurity Solutions Ensure Compliance The European Union’s revised Network and Information Security NIS2 Directive is a comprehensive cybersecurity regulation aimed at bolstering the resilience of critical entities and essential services across the EU. As organizations grapple with...
Server-Side Request Forgery (SSRF)
mautic/core is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to a flaw in the Asset section, an authenticated user could read system files and access the internal addresses of the application...