2184 matches found
Privilege escalation
An improper privilege management vulnerability in the hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.37 and VPN series firmware versions 4.30 through 5.37 could allow an authenticated local attacker to access the system files on an affected device...
CVE-2023-37925
An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50W series firmware versions 4.16 through 5.37, USG20W-VPN series firmware versions 4.16 through 5.37,...
CVE-2023-37925
An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50W series firmware versions 4.16 through 5.37, USG20W-VPN series firmware versions 4.16 through 5.37,...
Privilege escalation
An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50W series firmware versions 4.16 through 5.37, USG20W-VPN series firmware versions 4.16 through 5.37,...
CVE-2023-5960
An improper privilege management vulnerability in the hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.37 and VPN series firmware versions 4.30 through 5.37 could allow an authenticated local attacker to access the system files on an affected device...
VulnCheck KEV: CVE-2023-28770
The sensitive information exposure vulnerability in the CGI “ExportLog” and the binary “zcmd” in Zyxel DX5401-B0 firmware versions prior to V5.17ABYO.1C0 could allow a remote unauthenticated attacker to read the system files and to retrieve the password of the supervisor from the encrypted file...
Zyxel USG FLEX Security Vulnerability
Zyxel USG FLEX is a firewall from China Hopkins Zyxel. Offering flexible VPN options IPsec, SSL or L2TP, it provides flexible and secure remote access for remote work and management. A security vulnerability exists in Zyxel USG FLEX series firmware versions 4.50 to 5.37, VPN series firmware...
CVE-2023-5885
The discontinued FFS Colibri product allows a remote user to access files on the system including files containing login credentials for other users...
CVE-2023-5885 Franklin Electric Fueling Systems Colibri Path Traversal
The discontinued FFS Colibri product allows a remote user to access files on the system including files containing login credentials for other users...
PT-2023-32394 · Unknown · Ffs Colibri
Name of the Vulnerable Software and Affected Versions: FFS Colibri affected versions not specified Description: The issue allows a remote user to access files on the system, including files that contain login credentials for other users. Recommendations: At the moment, there is no information abo...
CVE-2023-5299
A user with a standard account in Fuji Electric Tellus Lite may overwrite files in the system...
CVE-2023-21418
Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API irissetup.cgi was vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. The impact...
Path traversal
Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API irissetup.cgi was vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. The impact...
CVE-2023-21418
Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API irissetup.cgi was vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. The impact...
CVE-2023-21417
Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API manageoverlayimage.cgi was vulnerable to path traversal attacks that allows for file/folder deletion. This flaw can only be exploited after authenticating with an operator- or administrator- privileged service...
File Manager < 6.3 - Admin+ Arbitrary OS File/Folder Access + Path Traversal
Description The plugin does not restrict the file managers root directory, allowing an administrator to set a root outside of the WordPress root directory, giving access to system files and directories even in a multisite setup, where site administrators should not be allowed to modify the sites...
CVE-2023-34982
This external control vulnerability, if exploited, could allow a local OS-authenticated user with standard privileges to delete files with System privilege on the machine where these products are installed, resulting in denial of service...
AVEVA Operations Control Logger Security Vulnerability
AVEVA Operations Control Logger is a control center for the UK's Jianwei Software AVEVA. It provides access across local and cloud applications. A security vulnerability exists in AVEVA Operations Control Logger that originates from a denial of service by allowing an authenticated user to delete...
CVE-2023-46802
e-Tax software Version3.0.10 and earlier improperly restricts XML external entity references XXE due to the configuration of the embedded XML parser. By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker...
PT-2023-7252 · Zyxel · Zyxel Vpn +1
Name of the Vulnerable Software and Affected Versions: Zyxel USG FLEX series firmware versions 4.50 through 5.37 Zyxel VPN series firmware versions 4.30 through 5.37 Description: The issue is related to improper privilege management in the hotspot feature of the affected devices. This could allow...