Lucene search
K

254 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 6:50 a.m.7 views

CVE-2024-50420

Unrestricted Upload of File with Dangerous Type vulnerability in aDirectory aDirectory adirectory allows Upload a Web Shell to a Web Server.This issue affects aDirectory: from n/a through = 1.3...

10CVSS5.9AI score0.00501EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 5:51 a.m.7 views

CVE-2024-49669

Unrestricted Upload of File with Dangerous Type vulnerability in Alexander De Ridder INK Official ink-official allows Upload a Web Shell to a Web Server.This issue affects INK Official: from n/a through = 4.1.2...

9.9CVSS5.9AI score0.00508EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 4:27 a.m.3 views

CVE-2024-9005

CWE-502: Deserialization of Untrusted Data vulnerability exists that could allow code to be remotely executed on the server when unsafely deserialized data is posted to the web server...

7.3CVSS7AI score0.00328EPSS
Exploits0References1
NVD
NVD
added 2025/02/04 3:15 p.m.12 views

CVE-2024-9644

The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to an authentication bypass vulnerability in the administrative web server. Authentication is not enforced on some administrative functionality when using the "bapply.cgi" endpoint instead of the normal "apply.cgi" endpoint. A remote...

9.8CVSS0.00644EPSS
Exploits0References1
NVD
NVD
added 2024/12/06 2:15 p.m.18 views

CVE-2024-54214

Unrestricted Upload of File with Dangerous Type vulnerability in roninwp Revy revy allows Upload a Web Shell to a Web Server.This issue affects Revy: from n/a through = 1.18...

10CVSS0.00671EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2024/11/01 7:0 a.m.4 views

cgi.force_redirect configuration is bypassable due to the environment variable collision

...

7.5CVSS7.1AI score0.01077EPSS
Exploits1
Cvelist
Cvelist
added 2024/10/21 4:12 p.m.22 views

CVE-2024-49366 Nginx UI's json field can construct a directory traversal payload, causing arbitrary files to be written

Nginx UI is a web user interface for the Nginx web server. Nginx UI v2.0.0-beta.35 and earlier gets the value from the json field without verification, and can construct a value value in the form of ../../. Arbitrary files can be written to the server, which may result in loss of permissions...

8.7CVSS0.00579EPSS
Exploits1References2
CNVD
CNVD
added 2024/08/14 12:0 a.m.10 views

Siemens SCALANCE M-800 Series Configuration Error Vulnerability

SCALANCE M-800, MUM-800, S615, RUGGEDCOM RM1224 are all industrial routers. A misconfiguration vulnerability exists in the Siemens SCALANCE M-800 series that stems from not properly enforcing isolation between user sessions in its web server component, which can be exploited by an authenticated,...

8CVSS6.6AI score0.00417EPSS
Exploits0References1
OSV
OSV
added 2024/08/07 11:4 p.m.8 views

CVE-2024-6707 Open WebUI Arbitrary File Upload + Path Traversal

Attacker controlled files can be uploaded to arbitrary locations on the web server's filesystem by abusing a path traversal vulnerability...

7.5CVSS7.3AI score0.01003EPSS
Exploits3References6
CVE
CVE
added 2024/02/05 9:2 a.m.61 views

CVE-2021-4436

The CVE-2021-4436 entry corresponds to the WordPress plugin 3DPrint Lite, affected versions prior to 1.9.1.5. The vulnerability is an unauthenticated arbitrary file upload via the p3dlite_handle_upload AJAX action, caused by missing authorization and file validation. The presence of a .htaccess d...

9.8CVSS9.5AI score0.06646EPSS
Exploits2References1Affected Software1
RedHat Linux
RedHat Linux
added 2023/12/07 1:55 p.m.9 views

httpd: Apache Tomcat Connectors (mod_jk) Information Disclosure

A vulnerability was found in Apache Tomcat Connectors modjk. Affected versions of this package are vulnerable to information exposure in the modjk component. This flaw allows an attacker to exploit the implicit mapping functionality, resulting in the unintended exposure of the status worker and...

7.5CVSS5.8AI score0.01257EPSS
Exploits0References5
Cvelist
Cvelist
added 2023/10/26 12:0 a.m.19 views

CVE-2023-45867

ILIAS 2013-09-12 release contains a medium-criticality Directory Traversal local file inclusion vulnerability in the ScormAicc module. An attacker with a privileged account, typically holding the tutor role, can exploit this to gain unauthorized access to and potentially retrieve confidential fil...

7.3AI score0.00893EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2023/10/26 12:0 a.m.14 views

CVE-2023-45867

ILIAS 2013-09-12 release contains a medium-criticality Directory Traversal local file inclusion vulnerability in the ScormAicc module. An attacker with a privileged account, typically holding the tutor role, can exploit this to gain unauthorized access to and potentially retrieve confidential fil...

6.4AI score0.00893EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2023/04/26 12:0 a.m.9 views

CVE-2022-25277

Drupal core sanitizes filenames with dangerous extensions upon upload reference: SA-CORE-2020-012 and strips leading and trailing dots from filenames to prevent uploading server configuration files reference: SA-CORE-2019-010. However, the protections for these two vulnerabilities previously did...

7.5AI score0.01422EPSS
Exploits0References1
CNVD
CNVD
added 2023/04/16 12:0 a.m.11 views

Denial of Service Vulnerability in Multiple Siemens Products (CNVD-2023-35759)

Siemens SIMATIC IPC DiagMonitor is a suite of system monitoring and troubleshooting software from Siemens, Germany.The SIMATIC CP 1242-7 and CP 1243-7 LTE communication processors connect SIMATIC S7-1200 controllers to a wide area network WAN. They provide integrated security features such as...

7.5CVSS7AI score0.00954EPSS
Exploits0References1
Hacker One
Hacker One
added 2023/04/15 6:35 p.m.30 views

Mars: Information Exposure Through Directory Listing

The vulnerability allowed an attacker to view the directory contents of the web server, leading to information disclosure. The directory listing function was not properly configured, exposing sensitive information...

6.5AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/04/13 11:30 a.m.17 views

Anarchy in the UK? Not Quite: A look at the cyber health of the FTSE 350

The attack surface of the United Kingdom's 350 largest publicly traded companies has—drum roll, please—improved. But it could be better. Those are the high level findings of the latest in Rapid7's looks at the cybersecurity health of companies tied to some of the globe's largest stock indices. Th...

6.4AI score
Exploits0
Huntr
Huntr
added 2022/11/07 3:22 p.m.11 views

froxlor/froxlor <= 0.10.38.2 - Authenticated Unrestricted File Upload to RCE

Description Unsafe file uploads occur when the web server fails to sufficiently validate the file’s size, type, name, contents, or what restrictions are placed on the file once it has been successfully uploaded. The application fails to validate files that are uploaded, allowing an attacker to...

8.1AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/10/27 12:0 a.m.48 views

CVE-2022-0073

Improper Input Validation vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards allows Command Injection. This affects 1.7.0 versions before 1.7.16.1. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

8.8CVSS7AI score0.08663EPSS
In wildExploits1References3
Wordfence Blog
Wordfence Blog
added 2022/10/26 4:0 p.m.21 views

What Does The Fox Hack? Breaking Down the Anonymous Fox F-Automatical Script

While performing routine security research, one of our threat analysts discovered the latest version of a Command and Control C2 script, which is referred to as F-Automatical within the script’s code and was commonly known as FoxAuto in older versions. This is the seventh version of this automati...

7.8AI score
Exploits0
Rows per page
Query Builder