Lucene search
K

126 matches found

Cvelist
Cvelist
added 2024/05/09 8:3 p.m.22 views

CVE-2024-1693 SP Project & Document Manager <= 4.70 - Authenticated (Subscriber+) Arbitrary Folder Name Update

The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cdmsavecategory AJAX action in all versions up to, and including, 4.70. This makes it possible for authenticated attackers, with subscriber-level acce...

4.3CVSS5.7AI score0.0042EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.8 views

SP Project & Document Manager <= 4.70 - Authenticated (Subscriber+) Arbitrary Folder Name Update

Description The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cdmsavecategory AJAX action in all versions up to, and including, 4.70. This makes it possible for authenticated attackers, with...

4.3CVSS6.8AI score0.0042EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/04/26 5:30 p.m.13 views

CVE-2024-32880 pyLoad allows upload to arbitrary folder lead to RCE

pyload is an open-source Download Manager written in pure Python. An authenticated user can change the download folder and upload a crafted template to the specified folder lead to remote code execution. There is no fix available at the time of publication...

9.1CVSS7.5AI score0.01354EPSS
Exploits1References1
OSV
OSV
added 2024/04/26 5:30 p.m.5 views

CVE-2024-32880 pyLoad allows upload to arbitrary folder lead to RCE

pyload is an open-source Download Manager written in pure Python. An authenticated user can change the download folder and upload a crafted template to the specified folder lead to remote code execution. There is no fix available at the time of publication...

9.1CVSS8AI score0.01354EPSS
Exploits1References3
Cvelist
Cvelist
added 2024/04/26 5:30 p.m.27 views

CVE-2024-32880 pyLoad allows upload to arbitrary folder lead to RCE

pyload is an open-source Download Manager written in pure Python. An authenticated user can change the download folder and upload a crafted template to the specified folder lead to remote code execution. There is no fix available at the time of publication...

9.1CVSS9.6AI score0.01354EPSS
Exploits1References1
CVE
CVE
added 2024/02/06 6:43 a.m.34 views

CVE-2023-28049

Dell Command | Monitor (Dell) affected product: Dell Command | Monitor versions prior to 10.9. The vulnerability is an arbitrary folder deletion bug exploitable by a locally authenticated user to perform a privileged arbitrary file delete, with impact on integrity and availability as described in...

7.1CVSS6.8AI score0.00134EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/02/06 6:43 a.m.20 views

CVE-2023-28049

Dell Command | Monitor, versions prior to 10.9, contain an arbitrary folder deletion vulnerability. A locally authenticated malicious user may exploit this vulnerability in order to perform a privileged arbitrary file delete...

4.7CVSS6.8AI score0.00134EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/02/06 6:43 a.m.25 views

CVE-2023-28049

Dell Command | Monitor, versions prior to 10.9, contain an arbitrary folder deletion vulnerability. A locally authenticated malicious user may exploit this vulnerability in order to perform a privileged arbitrary file delete...

4.7CVSS7AI score0.00134EPSS
Exploits0References1
Prion
Prion
added 2024/01/23 9:15 p.m.15 views

Design/Logic Flaw

An updater link following vulnerability in the Trend Micro Apex One agent could allow a local attacker to abuse the updater to delete an arbitrary folder, leading for a local privilege escalation on affected installations. Please note: an attacker must first obtain the ability to execute...

4.3CVSS7.6AI score0.00311EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/01/23 8:40 p.m.13 views

CVE-2023-52094

An updater link following vulnerability in the Trend Micro Apex One agent could allow a local attacker to abuse the updater to delete an arbitrary folder, leading for a local privilege escalation on affected installations. Please note: an attacker must first obtain the ability to execute...

8AI score0.00311EPSS
Exploits0References2
OSV
OSV
added 2023/11/21 10:19 p.m.14 views

GHSA-H73M-PCFW-25H2 Download to arbitrary folder can lead to RCE

Summary A web UI user can store files anywhere on the pyLoad server and gain command execution by abusing scripts. Details When a user creates a new package, a subdirectory is created within the /downloads folder to store files. This new directory name is derived from the package name, except a...

7.6CVSS9.1AI score0.01088EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2023/11/21 10:19 p.m.28 views

Download to arbitrary folder can lead to RCE

Summary A web UI user can store files anywhere on the pyLoad server and gain command execution by abusing scripts. Details When a user creates a new package, a subdirectory is created within the /downloads folder to store files. This new directory name is derived from the package name, except a...

8.8CVSS8AI score0.01088EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2023/11/16 9:15 a.m.17 views

CVE-2023-39246

Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server version prior to 11.8.1 contain an Insecure Operation on Windows Junction Vulnerability during installation. A local malicious user could potentially exploit this vulnerability to create an arbitrary...

7.3CVSS0.00152EPSS
Exploits0References1
Prion
Prion
added 2023/11/16 9:15 a.m.23 views

Design/Logic Flaw

Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server version prior to 11.8.1 contain an Insecure Operation on Windows Junction Vulnerability during installation. A local malicious user could potentially exploit this vulnerability to create an arbitrary...

4.1CVSS7AI score0.00152EPSS
Exploits0References1Affected Software3
Cvelist
Cvelist
added 2023/11/16 8:41 a.m.25 views

CVE-2023-39246

Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server version prior to 11.8.1 contain an Insecure Operation on Windows Junction Vulnerability during installation. A local malicious user could potentially exploit this vulnerability to create an arbitrary...

4.6CVSS7.3AI score0.00152EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/09/08 5:4 a.m.5 views

CVE-2023-32470

Dell Digital Delivery versions prior to 5.0.82.0 contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability to create arbitrary folder leading to permanent Denial of Service DOS...

5CVSS6.8AI score0.00154EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2023/08/31 8:18 a.m.571 views

Exploit for External Control of File Name or Path in Moodle

🇮🇱 BringThemHome NeverAgainIsNow 🇮🇱 We demand the...

6.5CVSS6.4AI score0.06583EPSS
Exploits3
OSV
OSV
added 2023/06/23 11:15 a.m.3 views

CVE-2023-28071

Dell Command | Update, Dell Update, and Alienware Update versions 4.9.0, A01 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability to create arbitrary folder leading to permanent Denial of Servi...

7.1CVSS5.9AI score0.00179EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/06/23 10:37 a.m.35 views

CVE-2023-28071

Dell Command | Update, Dell Update, and Alienware Update versions 4.9.0, A01 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability to create arbitrary folder leading to permanent Denial of Servi...

6.3CVSS7.1AI score0.00179EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/06/23 12:0 a.m.6 views

Dell Command Update 后置链接漏洞

Dell Command Update is a tool from Dell USA used to automatically update drivers, BIOS and firmware in Dell products. A security vulnerability exists in Dell Command Update, Dell Update, Alienware Update version 4.9.0 and prior versions. An attacker could exploit the vulnerability to create...

7.1CVSS7.3AI score0.00179EPSS
Exploits0References2
Rows per page
Query Builder