119 matches found
PT-2022-16251 · Webcube · Webcube
Name of the Vulnerable Software and Affected Versions: WebCube affected versions not specified Description: The issue arises from insufficient verification procedures for downloaded files during the WebCube update process. This allows remote attackers to bypass the verification logic, enabling th...
CVE-2022-2139 Advantech iView
The affected product is vulnerable to directory traversal, which may allow an attacker to access unauthorized files and execute arbitrary code...
CVE-2022-30301
A path traversal vulnerability CWE-22 in FortiAP-U CLI 6.2.0 through 6.2.3, 6.0.0 through 6.0.4, 5.4.0 through 5.4.6 may allow an admin user to delete and access unauthorized files and data via specifically crafted CLI commands...
FortiAP-U - Relative path traversal vulnerability in CLI
A path traversal vulnerability CWE-22 in FortiAP-U CLI may allow an admin user to delete and access unauthorized files and data via specifically crafted CLI commands...
IBM Sterling B2B Integrator Input Validation Error Vulnerability
IBM Sterling B2B Integrator is a suite of software from IBM USA that integrates critical B2B processes, transactions and relationships. The software supports secure integration of complex B2B processes with different partner communities. IBM Sterling B2B Integrator Standard Edition prior to...
CVE-2021-29760
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authenticated user to download unauthorized files through the dashboard user interface. IBM X-Force ID: 202213...
CVE-2021-29760
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authenticated user to download unauthorized files through the dashboard user interface. IBM X-Force ID: 202213...
CVE-2021-29760
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authenticated user to download unauthorized files through the dashboard user interface. IBM X-Force ID: 202213...
CVE-2021-20791
Improper access control vulnerability in RevoWorks Browser 2.1.230 and earlier allows an attacker to bypass access restriction and to exchange unauthorized files between the local environment and the isolated environment or settings of the web browser via unspecified vectors...
Advantech WebAccess/SCADA Path Traversal Vulnerability (CNVD-2021-59235)
Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture from Advantech, Taiwan, China. A path traversal vulnerability exists in Advantech WebAccess/SCADA, which stems from the product's failure to add access rights to input data. An attacker could use the vulnerability ...
CVE-2021-32603
A server-side request forgery SSRF CWE-918 vulnerability in FortiManager and FortiAnalyser GUI 7.0.0, 6.4.5 and below, 6.2.7 and below, 6.0.11 and below, 5.6.11 and below may allow a remote and authenticated attacker to access unauthorized files and services on the system via specifically crafted...
CVE-2021-32603
A server-side request forgery SSRF CWE-918 vulnerability in FortiManager and FortiAnalyser GUI 7.0.0, 6.4.5 and below, 6.2.7 and below, 6.0.11 and below, 5.6.11 and below may allow a remote and authenticated attacker to access unauthorized files and services on the system via specifically crafted...
Vulnerability fixed in FortiManager and FortiAnalyzer
A server-side request forgery SSRF vulnerability in FortiManager and FortiAnalyser GUI could allow a remote attacker to gain access to unauthorized files and services on the system via specially designed web requests. Fortinet has released updates to fix the vulnerability. More information can be...
GO-2020-0033 Path Traversal in aahframe.work
Due to improper sanitization of user input, HTTPEngine.Handle allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read...
LY Corporation: Developer uploaded files missing authentication on LINE GAME Developers site(gdc.game.line.me)
IDOR vulnerability at gdc.game.line.me allowed unauthenticated users to perform brute-force attacks to disclose unauthorized files related to service testing and QA...
thrift: Improper Access Control grants access to files outside the webservers docroot path
A flaw was found in the Node.js static web server in Apache Thrift, where it allowed a remote user to access files outside of the set web servers' docroot path. An attacker could use this flaw to possibly access unauthorized files and sensitive information...
thrift: Improper Access Control grants access to files outside the webservers docroot path
A flaw was found in the Node.js static web server in Apache Thrift, where it allowed a remote user to access files outside of the set web servers' docroot path. An attacker could use this flaw to possibly access unauthorized files and sensitive information...
Authentication flaw
PowerAct Pro Master Agent for Windows Version 5.13 and earlier allows authenticated attackers to bypass access restriction to alter or edit unauthorized files via unspecified vectors...
CVE-2018-16207
PowerAct Pro Master Agent for Windows Version 5.13 and earlier allows authenticated attackers to bypass access restriction to alter or edit unauthorized files via unspecified vectors...
CVE-2018-16207
PowerAct Pro Master Agent for Windows Version 5.13 and earlier allows authenticated attackers to bypass access restriction to alter or edit unauthorized files via unspecified vectors...