Lucene search
K

300 matches found

Prion
Prion
added 2023/04/19 3:15 p.m.16 views

Design/Logic Flaw

Code Sector TeraCopy 3.9.7 does not perform proper access validation on the source folder during a copy operation. This leads to Arbitrary File Read by allowing any user to copy any directory in the system to a directory they control...

4CVSS6.5AI score0.00317EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/04/19 12:0 a.m.6 views

PT-2023-22325 · Codesector · Teracopy

Name of the Vulnerable Software and Affected Versions: Code Sector TeraCopy version 3.9.7 Description: The issue arises from improper access validation on the source folder during a copy operation, leading to Arbitrary File Read. This allows any user to copy any directory in the system to a...

5.5CVSS6.8AI score0.00317EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2023/04/19 12:0 a.m.8 views

CVE-2023-29586

Code Sector TeraCopy 3.9.7 does not perform proper access validation on the source folder during a copy operation. This leads to Arbitrary File Read by allowing any user to copy any directory in the system to a directory they control. NOTE: the Supplier disputes this because only admin users can...

5.7AI score0.00317EPSS
Exploits0References4
Cvelist
Cvelist
added 2023/04/19 12:0 a.m.37 views

CVE-2023-29586

Code Sector TeraCopy 3.9.7 does not perform proper access validation on the source folder during a copy operation. This leads to Arbitrary File Read by allowing any user to copy any directory in the system to a directory they control. NOTE: the Supplier disputes this because only admin users can...

6.7AI score0.00317EPSS
Exploits0References4
CVE
CVE
added 2023/04/19 12:0 a.m.44 views

CVE-2023-29586

Code Sector TeraCopy 3.9.7 is affected by an improper access validation on the source folder during copy, causing Arbitrary File Read. The vulnerability allows a user to copy any directory in the system to a directory they control, with a Local attack vector and Medium severity (CVSS base 5.5) as...

5.5CVSS5.9AI score0.00317EPSS
Exploits0References4Affected Software1
Packet Storm
Packet Storm
added 2023/04/06 12:0 a.m.283 views

Mitel MiCollab AWV 8.1.2.4 / 9.1.3 Directory Traversal / LFI

Exploit Title: Mitel MiCollab AWV 8.1.2.4 and 9.1.3 - Directory Traversal and LFI Date: 2022-10-14 Fix Date: 2020-05 Exploit Author: Kahvi-0 Github: https://github.com/Kahvi-0 Vendor Homepage: https://www.mitel.com/ Vendor Security Advisory:...

5.3CVSS5.6AI score0.45241EPSS
Exploits3
Exploit DB
Exploit DB
added 2023/04/06 12:0 a.m.244 views

Mitel MiCollab AWV 8.1.2.4 and 9.1.3 - Directory Traversal and LFI

Exploit Title: Mitel MiCollab AWV 8.1.2.4 and 9.1.3 - Directory Traversal and LFI Date: 2022-10-14 Fix Date: 2020-05 Exploit Author: Kahvi-0 Github: https://github.com/Kahvi-0 Vendor Homepage: https://www.mitel.com/ Vendor Security Advisory:...

5.3CVSS5.3AI score0.45241EPSS
Exploits3
Github Security Blog
Github Security Blog
added 2023/02/02 7:26 p.m.31 views

wallabag contains Improper Authorization via export feature

Description The export feature lets a user export a single entry or a set of entries in a given format e.g. PDF, MOBI, TXT. For example, https://yourinstance.wallabag.org/export/45.pdf will export the entry with id 45 in PDF format. Since wallabag 2.0.0-alpha.1, this feature is vulnerable to an...

6.5CVSS4.7AI score0.00637EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2022/12/23 3:15 p.m.29 views

CVE-2022-44565

An improper access validation vulnerability exists in airMAX AC 8.7.11, airFiber 60/LR 2.6.2, airFiber 60 XG/HD v1.0.0 and airFiber GBE 1.4.1 that allows a malicious actor to retrieve status and usage data from the UISP device...

5.3CVSS0.00427EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/12/23 12:0 a.m.15 views

CVE-2022-44565

An improper access validation vulnerability exists in airMAX AC 8.7.11, airFiber 60/LR 2.6.2, airFiber 60 XG/HD v1.0.0 and airFiber GBE 1.4.1 that allows a malicious actor to retrieve status and usage data from the UISP device...

7AI score0.00427EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/12/23 12:0 a.m.29 views

CVE-2022-44565

An improper access validation vulnerability exists in airMAX AC 8.7.11, airFiber 60/LR 2.6.2, airFiber 60 XG/HD v1.0.0 and airFiber GBE 1.4.1 that allows a malicious actor to retrieve status and usage data from the UISP device...

5.5AI score0.00427EPSS
Exploits0References1
CVE
CVE
added 2022/12/23 12:0 a.m.64 views

CVE-2022-44565

The CVE-2022-44565 issue is an improper access validation vulnerability affecting Ubiquiti airMAX AC <8.7.11, airFiber 60/LR <2.6.2, airFiber 60 XG/HD <1.0.0, and airFiber GBE

5.3CVSS5.2AI score0.00427EPSS
Exploits0References1Affected Software1
Veracode
Veracode
added 2022/11/10 12:28 a.m.18 views

Denial Of Service (DoS)

rh-mysql80-mysql is vulnerable to Denial of Service. The vulnerability exists because of missing validate network access via multiple protocols which allows an attacker to cause an application crash via malicious input...

4.9CVSS5.9AI score0.0136EPSS
Exploits0References7Affected Software1
Prion
Prion
added 2022/09/13 5:15 p.m.12 views

Input validation

Talos Linux is a Linux distribution built for Kubernetes deployments. Talos worker nodes use a join token to get accepted into the Talos cluster. Due to improper validation of the request while signing a worker node CSR certificate signing request Talos control plane node might issue Talos API...

6.5CVSS8.4AI score0.00533EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2022/06/23 5:15 p.m.12 views

CVE-2022-32536

The user access rights validation in the web server of the Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 was insufficient. This would allow a non-administrator user to obtain administrator user access rights...

9CVSS0.0097EPSS
Exploits0References1
Prion
Prion
added 2022/06/23 5:15 p.m.11 views

Design/Logic Flaw

The user access rights validation in the web server of the Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 was insufficient. This would allow a non-administrator user to obtain administrator user access rights...

9CVSS8.4AI score0.0097EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2022/04/12 12:0 a.m.40 views

Samsung Members Access Control Error Vulnerability

Samsung Members is a community platform app from Samsung South Korea, Inc. An access control error vulnerability exists in versions prior to Samsung Members 13.6.08.5, which stems from a lack of proper access validation logic. A local attacker could exploit the vulnerability to execute the call...

4.3CVSS5.3AI score0.00238EPSS
Exploits0References1
Veracode
Veracode
added 2022/03/12 8:24 a.m.17 views

Information Disclosure

spip is vulnerable to information disclosure. The vulnerability exists due to a lack of validation of access allowing an attacker to access information about editorial objects...

5.3CVSS3AI score0.01331EPSS
Exploits0References5Affected Software2
Veracode
Veracode
added 2022/03/10 4:23 a.m.46 views

Remote Code Execution (RCE)

firefox is vulnerable to remote code execution. The vulnerability exists due to a lack of validation of access allowing and attacker to control the contents of an iframe sandboxed with allow-popups but not allow-scripts...

9.6CVSS4.7AI score0.00931EPSS
Exploits1References6Affected Software6
Veracode
Veracode
added 2022/03/10 12:42 a.m.29 views

Privilege Escalation

mysql-connector-java is vulnerable to privilege escalation. The vulnerability exists due to a lack of validation of access allowing an attacker to compromise MySQL Connectors...

5.9CVSS6.6AI score0.07318EPSS
Exploits1References8Affected Software1
Rows per page
Query Builder