Lucene search
K

27 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 4:1 a.m.7 views

CVE-2023-36634

An incomplete filtering of one or more instances of special elements vulnerability CWE-792 in the command line interpreter of FortiAP-U 7.0.0, 6.2.0 through 6.2.5, 6.0 all versions, 5.4 all versions may allow an authenticated attacker to list and delete arbitrary files and directory via specially...

8.8CVSS7.1AI score0.00519EPSS
Exploits0
CNNVD
CNNVD
added 2025/02/03 12:0 a.m.2 views

Jellystat 路径遍历漏洞

Jellystat is a free open source statistics application from the individual developer Thegan Govender. A path traversal vulnerability exists in versions of Jellystat prior to 1.1.2, which stems from the direct use of user input in routing, resulting in a path traversal vulnerability that allows th...

8.7CVSS6.8AI score0.00504EPSS
Exploits0References3
NVD
NVD
added 2024/10/18 8:15 a.m.19 views

CVE-2024-10079

The WP Easy Post Types plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.4.4 via deserialization of untrusted input from the 'text' parameter in the 'ajaximportcontent' function. This allows authenticated attackers, with subscriber-level permissions an...

8.8CVSS0.00779EPSS
Exploits0References2
NVD
NVD
added 2024/05/14 11:15 p.m.24 views

CVE-2024-31474

There is an arbitrary file deletion vulnerability in the CLI service accessed by PAPI Aruba's Access Point management protocol. Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to...

8.2CVSS8.2AI score0.00448EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/03/23 1:57 a.m.31 views

CVE-2024-2025 BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages <= 3.4.20 - Authenticated (Subscriber+) PHP Object Injection in get_simple_request

The "BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages" plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.4.20 via deserialization of untrusted input in the getsimplerequest function. This makes it possible for...

8.8CVSS8.9AI score0.00821EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/02/05 9:21 p.m.41 views

CVE-2023-6933 Better Search Replace <= 1.4.4 - Unauthenticated PHP Object Injection

The Better Search Replace plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.4 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. I...

8.8CVSS9.9AI score0.68047EPSS
Exploits2References3
Prion
Prion
added 2023/11/22 8:15 p.m.16 views

Directory traversal

UNSUPPORTED WHEN ASSIGNED Draytek Vigor2960 v1.5.1.4 and v1.5.1.5 are vulnerable to directory traversal via the mainfunction.cgi dumpSyslog 'option' parameter allowing an authenticated attacker with access to the web management interface to delete arbitrary files. Vigor2960 is no longer supported...

5.5CVSS7.1AI score0.018EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/10/27 7:32 p.m.19 views

CVE-2022-3700

A Time of Check Time of Use TOCTOU vulnerability was reported in the Lenovo Vantage SystemUpdate Plugin version 2.0.0.212 and earlier that could allow a local attacker to delete arbitrary files...

6.1CVSS6.8AI score0.00105EPSS
Exploits0References1
Prion
Prion
added 2023/10/20 8:15 a.m.22 views

Deserialization of untrusted data

The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the getposts function. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. ...

5.1CVSS9.2AI score0.00768EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2023/10/20 6:35 a.m.53 views

CVE-2023-4402 Essential Blocks <= 4.2.0 - Unauthenticated PHP Object Injection via products

The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the getproducts function. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugi...

8.1CVSS9.9AI score0.0134EPSS
Exploits3References2
Prion
Prion
added 2023/05/25 12:15 a.m.13 views

Deserialization of untrusted data

The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 3.3.19 via deserialization of untrusted input from the 'gopricing' shortcode 'data' parameter. This allows authenticated attackers, with subscriber-lev...

6.5CVSS8.8AI score0.00884EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/02/01 6:36 p.m.17 views

CVE-2022-24218

An issue in /admin/deleteimage.php of eliteCMS v1.0 allows attackers to delete arbitrary files...

9.4AI score0.1695EPSS
Exploits1References1
NVD
NVD
added 2021/09/30 11:15 a.m.15 views

CVE-2021-41294

ECOA BAS controller suffers from a path traversal vulnerability, causing arbitrary files deletion. Using the specific GET parameter, unauthenticated attackers can remotely delete arbitrary files on the affected device and cause denial of service scenario...

9.1CVSS0.01147EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2021/06/10 12:0 a.m.41 views

SUSE SLES11 Security Update : clamav (SUSE-SU-2021:14592-1)

The remote SUSE Linux SLES11 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:14592-1 advisory. - A vulnerability in the Data-Loss-Prevention DLP module in Clam AntiVirus ClamAV Software versions 0.102.1 and 0.102.0 could allow an...

7.5CVSS7.6AI score0.05063EPSS
Exploits0References15
Cvelist
Cvelist
added 2018/01/23 1:0 a.m.18 views

CVE-2017-16599

This vulnerability allows remote attackers to delete arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...

6.8AI score0.03027EPSS
Exploits0References1
Veracode
Veracode
added 2017/11/17 10:32 a.m.20 views

Object Injection

October CMS is vulnerable to object injection. The library does not properly handle the serialization of the selectedList variable in the modules/cms/widgets/AssetList.php file, allowing a malicious user to inject PHP objects that can lead to the ability to delete arbitrary files on the server...

7.5CVSS7.8AI score0.01525EPSS
Exploits0References2Affected Software1
seebug.org
seebug.org
added 2017/04/12 12:0 a.m.43 views

Trend Micro Threat Discovery Appliance arbitrary files deletion (CVE-2016-7552)

A file delete in the logoff.cgi interface that allows for an authentication bypass CVE-2016-7552. A command injection in the adminsystime.cgi interface that allows for an attacker to gain remote code execution CVE-2016-7547. Trend Micro are not patching this vulnerability since this product is no...

10CVSS10.3AI score0.93249EPSS
Exploits19
Prion
Prion
added 2016/04/30 5:59 p.m.16 views

Privilege escalation

The Mozilla Maintenance Service updater in Mozilla Firefox before 46.0 on Windows allows user-assisted remote attackers to delete arbitrary files by leveraging certain local file execution...

5.8CVSS7.2AI score0.01656EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2015/07/10 3:59 p.m.10 views

Code injection

index.php in LEMON-S PHP Simple Oekaki BBS before 1.21 allows remote attackers to delete arbitrary files via the oekakis parameter...

6.4CVSS7.4AI score0.01643EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2014/05/22 11:55 p.m.19 views

Session fixation

debian/guest-account in Light Display Manager lightdm 1.0.x before 1.0.6 and 1.1.x before 1.1.7, as used in Ubuntu Linux 11.10, allows local users to delete arbitrary files via a space in the name of a file in /tmp. NOTE: this identifier was SPLIT per ADT1/ADT2 due to different codebases and...

2.1CVSS6.4AI score0.00762EPSS
Exploits0References3Affected Software2
Rows per page
Query Builder