Lucene search
+L

119 matches found

Positive Technologies
Positive Technologies
added 2022/08/17 12:0 a.m.6 views

PT-2022-16251 · Webcube · Webcube

Name of the Vulnerable Software and Affected Versions: WebCube affected versions not specified Description: The issue arises from insufficient verification procedures for downloaded files during the WebCube update process. This allows remote attackers to bypass the verification logic, enabling th...

9.8CVSS9.7AI score0.00548EPSS
Exploits0References3
Cvelist
Cvelist
added 2022/07/22 2:58 p.m.19 views

CVE-2022-2139 Advantech iView

The affected product is vulnerable to directory traversal, which may allow an attacker to access unauthorized files and execute arbitrary code...

6.5CVSS9.8AI score0.14828EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/07/18 4:35 p.m.25 views

CVE-2022-30301

A path traversal vulnerability CWE-22 in FortiAP-U CLI 6.2.0 through 6.2.3, 6.0.0 through 6.0.4, 5.4.0 through 5.4.6 may allow an admin user to delete and access unauthorized files and data via specifically crafted CLI commands...

7.8CVSS7.7AI score0.00232EPSS
Exploits0References1
Fortinet
Fortinet
added 2022/06/07 12:0 a.m.51 views

FortiAP-U - Relative path traversal vulnerability in CLI

A path traversal vulnerability CWE-22 in FortiAP-U CLI may allow an admin user to delete and access unauthorized files and data via specifically crafted CLI commands...

4CVSS6.5AI score0.00232EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2021/10/10 12:0 a.m.34 views

IBM Sterling B2B Integrator Input Validation Error Vulnerability

IBM Sterling B2B Integrator is a suite of software from IBM USA that integrates critical B2B processes, transactions and relationships. The software supports secure integration of complex B2B processes with different partner communities. IBM Sterling B2B Integrator Standard Edition prior to...

5.4CVSS2.7AI score0.00557EPSS
Exploits0References1
OSV
OSV
added 2021/10/06 5:15 p.m.3 views

CVE-2021-29760

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authenticated user to download unauthorized files through the dashboard user interface. IBM X-Force ID: 202213...

4.3CVSS6.1AI score0.00557EPSS
Exploits0References2
NVD
NVD
added 2021/10/06 5:15 p.m.25 views

CVE-2021-29760

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authenticated user to download unauthorized files through the dashboard user interface. IBM X-Force ID: 202213...

5.4CVSS0.00557EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/10/06 5:10 p.m.23 views

CVE-2021-29760

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authenticated user to download unauthorized files through the dashboard user interface. IBM X-Force ID: 202213...

5.4CVSS4.5AI score0.00557EPSS
Exploits0References2
NVD
NVD
added 2021/09/17 2:15 a.m.12 views

CVE-2021-20791

Improper access control vulnerability in RevoWorks Browser 2.1.230 and earlier allows an attacker to bypass access restriction and to exchange unauthorized files between the local environment and the isolated environment or settings of the web browser via unspecified vectors...

9.3CVSS0.00842EPSS
Exploits0References2
CNVD
CNVD
added 2021/08/06 12:0 a.m.17 views

Advantech WebAccess/SCADA Path Traversal Vulnerability (CNVD-2021-59235)

Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture from Advantech, Taiwan, China. A path traversal vulnerability exists in Advantech WebAccess/SCADA, which stems from the product's failure to add access rights to input data. An attacker could use the vulnerability ...

6.5CVSS6.3AI score0.01089EPSS
Exploits0References1
OSV
OSV
added 2021/08/05 11:15 a.m.3 views

CVE-2021-32603

A server-side request forgery SSRF CWE-918 vulnerability in FortiManager and FortiAnalyser GUI 7.0.0, 6.4.5 and below, 6.2.7 and below, 6.0.11 and below, 5.6.11 and below may allow a remote and authenticated attacker to access unauthorized files and services on the system via specifically crafted...

6.5CVSS5.8AI score0.00668EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2021/08/05 11:15 a.m.2 views

CVE-2021-32603

A server-side request forgery SSRF CWE-918 vulnerability in FortiManager and FortiAnalyser GUI 7.0.0, 6.4.5 and below, 6.2.7 and below, 6.0.11 and below, 5.6.11 and below may allow a remote and authenticated attacker to access unauthorized files and services on the system via specifically crafted...

8.8CVSS6.8AI score0.00668EPSS
Exploits0References2
NCSC
NCSC
added 2021/08/04 12:0 a.m.6 views

Vulnerability fixed in FortiManager and FortiAnalyzer

A server-side request forgery SSRF vulnerability in FortiManager and FortiAnalyser GUI could allow a remote attacker to gain access to unauthorized files and services on the system via specially designed web requests. Fortinet has released updates to fix the vulnerability. More information can be...

8.8CVSS6.7AI score0.00668EPSS
Exploits0
OSV
OSV
added 2021/04/14 8:4 p.m.49 views

GO-2020-0033 Path Traversal in aahframe.work

Due to improper sanitization of user input, HTTPEngine.Handle allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read...

7.5CVSS7.3AI score0.01143EPSS
Exploits0References3
Hacker One
Hacker One
added 2020/08/28 11:38 a.m.12 views

LY Corporation: Developer uploaded files missing authentication on LINE GAME Developers site(gdc.game.line.me)

IDOR vulnerability at gdc.game.line.me allowed unauthenticated users to perform brute-force attacks to disclose unauthorized files related to service testing and QA...

6.9AI score
Exploits0
RedHat Linux
RedHat Linux
added 2019/10/17 2:54 p.m.3 views

thrift: Improper Access Control grants access to files outside the webservers docroot path

A flaw was found in the Node.js static web server in Apache Thrift, where it allowed a remote user to access files outside of the set web servers' docroot path. An attacker could use this flaw to possibly access unauthorized files and sensitive information...

6.5CVSS7.4AI score0.04875EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2019/06/18 7:52 p.m.5 views

thrift: Improper Access Control grants access to files outside the webservers docroot path

A flaw was found in the Node.js static web server in Apache Thrift, where it allowed a remote user to access files outside of the set web servers' docroot path. An attacker could use this flaw to possibly access unauthorized files and sensitive information...

6.5CVSS7.4AI score0.04875EPSS
Exploits0References4
Prion
Prion
added 2019/03/27 2:29 p.m.12 views

Authentication flaw

PowerAct Pro Master Agent for Windows Version 5.13 and earlier allows authenticated attackers to bypass access restriction to alter or edit unauthorized files via unspecified vectors...

4CVSS6.2AI score0.01336EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2019/03/27 2:29 p.m.19 views

CVE-2018-16207

PowerAct Pro Master Agent for Windows Version 5.13 and earlier allows authenticated attackers to bypass access restriction to alter or edit unauthorized files via unspecified vectors...

6.5CVSS6.3AI score0.01336EPSS
Exploits0References3
Cvelist
Cvelist
added 2019/03/27 1:17 p.m.19 views

CVE-2018-16207

PowerAct Pro Master Agent for Windows Version 5.13 and earlier allows authenticated attackers to bypass access restriction to alter or edit unauthorized files via unspecified vectors...

6.3AI score0.01336EPSS
Exploits0References3
Rows per page
Query Builder