12 matches found
CVE-2024-7760
CVE-2024-7760 affects aimhubio/aim (v3.22.0) where the tracking server is vulnerable to Cross‑Site Request Forgery (CSRF) due to overly permissive CORS settings that allow cross-origin requests from all origins. This vulnerability enables CSRF on all endpoints of the tracking server and can be ch...
CVE-2022-46908
A flaw was found in the SQLite package. SQLite could allow a local attacker to bypass security restrictions caused by an issue when relying on --safe for the execution of an untrusted CLI script, potentially leading to arbitrary file read/write...
CVE-2022-24830 Path Traversal in OpenClinica
OpenClinica is an open source software for Electronic Data Capture EDC and Clinical Data Management CDM. OpenClinica prior to version 3.16 is vulnerable to path traversal in multiple endpoints, leading to arbitrary file read/write, and potential remote code execution. There are no known...
Serv-U FTP Server < 15.2.2 Hotfix 1 Arbitrary File Read/Write
In SolarWinds Serv-U before 15.2.2 Hotfix 1, there is a directory containing user profile files that include users' password hashes that is world readable and writable. An unprivileged Windows user having access to the server's filesystem can add an FTP user by copying a valid profile file to thi...
Microsoft Windows - Desktop Bridge Virtual Registry NtLoadKey Arbitrary File Read/Write Privilege Es
Exploit for windows platform in category local exploits Windows: Desktop Bridge Virtual Registry NtLoadKey Arbitrary File Read/Write EoP Platform: Windows 1703 version 1709 seems to have fixed this bug Class: Elevation of Privilege Summary: The handling of the virtual registry NtLoadKey callback...
ClipBucket 2.8.3 - Multiple Vulnerabilities
Exploit for php platform in category web applications @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ .:. Exploit Title ClipBucket 2.8.3 - Multiple Vulnerabilities .:. Google Dorks .:. "Forged by ClipBucket" inurl:viewcollection.php?cid= .:. Date: August 15,...
Microsoft Remote Desktop Client For Mac 8.0.36 Remote Code Execution
Advisory ID: SGMA16-004 Title: Microsoft Remote Desktop Client for Mac Remote Code Execution Product: Microsoft Remote Desktop Client for Mac Version: 8.0.36 and probably prior Vendor: www.microsoft.com Type: Arbitrary file read/write leads to RCE Risk level: 4 / 5 Credit:...
Adobe Creative Cloud <= 3.5.1.209 Arbitrary File Read/Write Vulnerability (Mac OS X)
The version of Adobe Creative Cloud installed on the remote Mac OS X host is prior or equal to 3.5.1.209. It is, therefore, affected by a flaw in the JavaScript API for Creative Cloud Libraries due to an exposed service. An unauthenticated, remote attacker can exploit this to read or write...
Adobe Creative Cloud <= 3.5.1.209 Arbitrary File Read/Write Vulnerability
The version of Adobe Creative Cloud installed on the remote Windows host is prior or equal to 3.5.1.209. It is, therefore, affected by a flaw in the JavaScript API for Creative Cloud Libraries due to an exposed service. An unauthenticated, remote attacker can exploit this to read or write arbitra...
GLSA-201404-01 : CUPS: Arbitrary file read/write
The remote host is affected by the vulnerability described in GLSA-201404-01 CUPS: Arbitrary file read/write Members of the lpadmin group have admin access to the web interface, where they can edit the config file and set some dangerous directives like the logfilenames, which enable them to read ...
CUPS: Arbitrary file read/write
Background CUPS, the Common Unix Printing System, is a full-featured print server. Description Members of the lpadmin group have admin access to the web interface, where they can edit the config file and set some “dangerous” directives like the logfilenames, which enable them to read or write fil...
Cisco Unified Communications Manager Arbitrary File Read/Write Vulnerability
A vulnerability in a command-line utility of Cisco Unified Communications Manager Cisco Unified CM could allow an authenticated, local attacker to read or write data to arbitrary locations on the filesystem. The vulnerability is due to insufficient input validation. An attacker could exploit this...