300 matches found
Design/Logic Flaw
Code Sector TeraCopy 3.9.7 does not perform proper access validation on the source folder during a copy operation. This leads to Arbitrary File Read by allowing any user to copy any directory in the system to a directory they control...
PT-2023-22325 · Codesector · Teracopy
Name of the Vulnerable Software and Affected Versions: Code Sector TeraCopy version 3.9.7 Description: The issue arises from improper access validation on the source folder during a copy operation, leading to Arbitrary File Read. This allows any user to copy any directory in the system to a...
CVE-2023-29586
Code Sector TeraCopy 3.9.7 does not perform proper access validation on the source folder during a copy operation. This leads to Arbitrary File Read by allowing any user to copy any directory in the system to a directory they control. NOTE: the Supplier disputes this because only admin users can...
CVE-2023-29586
Code Sector TeraCopy 3.9.7 does not perform proper access validation on the source folder during a copy operation. This leads to Arbitrary File Read by allowing any user to copy any directory in the system to a directory they control. NOTE: the Supplier disputes this because only admin users can...
CVE-2023-29586
Code Sector TeraCopy 3.9.7 is affected by an improper access validation on the source folder during copy, causing Arbitrary File Read. The vulnerability allows a user to copy any directory in the system to a directory they control, with a Local attack vector and Medium severity (CVSS base 5.5) as...
Mitel MiCollab AWV 8.1.2.4 / 9.1.3 Directory Traversal / LFI
Exploit Title: Mitel MiCollab AWV 8.1.2.4 and 9.1.3 - Directory Traversal and LFI Date: 2022-10-14 Fix Date: 2020-05 Exploit Author: Kahvi-0 Github: https://github.com/Kahvi-0 Vendor Homepage: https://www.mitel.com/ Vendor Security Advisory:...
Mitel MiCollab AWV 8.1.2.4 and 9.1.3 - Directory Traversal and LFI
Exploit Title: Mitel MiCollab AWV 8.1.2.4 and 9.1.3 - Directory Traversal and LFI Date: 2022-10-14 Fix Date: 2020-05 Exploit Author: Kahvi-0 Github: https://github.com/Kahvi-0 Vendor Homepage: https://www.mitel.com/ Vendor Security Advisory:...
wallabag contains Improper Authorization via export feature
Description The export feature lets a user export a single entry or a set of entries in a given format e.g. PDF, MOBI, TXT. For example, https://yourinstance.wallabag.org/export/45.pdf will export the entry with id 45 in PDF format. Since wallabag 2.0.0-alpha.1, this feature is vulnerable to an...
CVE-2022-44565
An improper access validation vulnerability exists in airMAX AC 8.7.11, airFiber 60/LR 2.6.2, airFiber 60 XG/HD v1.0.0 and airFiber GBE 1.4.1 that allows a malicious actor to retrieve status and usage data from the UISP device...
CVE-2022-44565
An improper access validation vulnerability exists in airMAX AC 8.7.11, airFiber 60/LR 2.6.2, airFiber 60 XG/HD v1.0.0 and airFiber GBE 1.4.1 that allows a malicious actor to retrieve status and usage data from the UISP device...
CVE-2022-44565
An improper access validation vulnerability exists in airMAX AC 8.7.11, airFiber 60/LR 2.6.2, airFiber 60 XG/HD v1.0.0 and airFiber GBE 1.4.1 that allows a malicious actor to retrieve status and usage data from the UISP device...
CVE-2022-44565
The CVE-2022-44565 issue is an improper access validation vulnerability affecting Ubiquiti airMAX AC <8.7.11, airFiber 60/LR <2.6.2, airFiber 60 XG/HD <1.0.0, and airFiber GBE
Denial Of Service (DoS)
rh-mysql80-mysql is vulnerable to Denial of Service. The vulnerability exists because of missing validate network access via multiple protocols which allows an attacker to cause an application crash via malicious input...
Input validation
Talos Linux is a Linux distribution built for Kubernetes deployments. Talos worker nodes use a join token to get accepted into the Talos cluster. Due to improper validation of the request while signing a worker node CSR certificate signing request Talos control plane node might issue Talos API...
CVE-2022-32536
The user access rights validation in the web server of the Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 was insufficient. This would allow a non-administrator user to obtain administrator user access rights...
Design/Logic Flaw
The user access rights validation in the web server of the Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 was insufficient. This would allow a non-administrator user to obtain administrator user access rights...
Samsung Members Access Control Error Vulnerability
Samsung Members is a community platform app from Samsung South Korea, Inc. An access control error vulnerability exists in versions prior to Samsung Members 13.6.08.5, which stems from a lack of proper access validation logic. A local attacker could exploit the vulnerability to execute the call...
Information Disclosure
spip is vulnerable to information disclosure. The vulnerability exists due to a lack of validation of access allowing an attacker to access information about editorial objects...
Remote Code Execution (RCE)
firefox is vulnerable to remote code execution. The vulnerability exists due to a lack of validation of access allowing and attacker to control the contents of an iframe sandboxed with allow-popups but not allow-scripts...
Privilege Escalation
mysql-connector-java is vulnerable to privilege escalation. The vulnerability exists due to a lack of validation of access allowing an attacker to compromise MySQL Connectors...