126 matches found
CVE-2024-1693 SP Project & Document Manager <= 4.70 - Authenticated (Subscriber+) Arbitrary Folder Name Update
The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cdmsavecategory AJAX action in all versions up to, and including, 4.70. This makes it possible for authenticated attackers, with subscriber-level acce...
SP Project & Document Manager <= 4.70 - Authenticated (Subscriber+) Arbitrary Folder Name Update
Description The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cdmsavecategory AJAX action in all versions up to, and including, 4.70. This makes it possible for authenticated attackers, with...
CVE-2024-32880 pyLoad allows upload to arbitrary folder lead to RCE
pyload is an open-source Download Manager written in pure Python. An authenticated user can change the download folder and upload a crafted template to the specified folder lead to remote code execution. There is no fix available at the time of publication...
CVE-2024-32880 pyLoad allows upload to arbitrary folder lead to RCE
pyload is an open-source Download Manager written in pure Python. An authenticated user can change the download folder and upload a crafted template to the specified folder lead to remote code execution. There is no fix available at the time of publication...
CVE-2024-32880 pyLoad allows upload to arbitrary folder lead to RCE
pyload is an open-source Download Manager written in pure Python. An authenticated user can change the download folder and upload a crafted template to the specified folder lead to remote code execution. There is no fix available at the time of publication...
CVE-2023-28049
Dell Command | Monitor (Dell) affected product: Dell Command | Monitor versions prior to 10.9. The vulnerability is an arbitrary folder deletion bug exploitable by a locally authenticated user to perform a privileged arbitrary file delete, with impact on integrity and availability as described in...
CVE-2023-28049
Dell Command | Monitor, versions prior to 10.9, contain an arbitrary folder deletion vulnerability. A locally authenticated malicious user may exploit this vulnerability in order to perform a privileged arbitrary file delete...
CVE-2023-28049
Dell Command | Monitor, versions prior to 10.9, contain an arbitrary folder deletion vulnerability. A locally authenticated malicious user may exploit this vulnerability in order to perform a privileged arbitrary file delete...
Design/Logic Flaw
An updater link following vulnerability in the Trend Micro Apex One agent could allow a local attacker to abuse the updater to delete an arbitrary folder, leading for a local privilege escalation on affected installations. Please note: an attacker must first obtain the ability to execute...
CVE-2023-52094
An updater link following vulnerability in the Trend Micro Apex One agent could allow a local attacker to abuse the updater to delete an arbitrary folder, leading for a local privilege escalation on affected installations. Please note: an attacker must first obtain the ability to execute...
GHSA-H73M-PCFW-25H2 Download to arbitrary folder can lead to RCE
Summary A web UI user can store files anywhere on the pyLoad server and gain command execution by abusing scripts. Details When a user creates a new package, a subdirectory is created within the /downloads folder to store files. This new directory name is derived from the package name, except a...
Download to arbitrary folder can lead to RCE
Summary A web UI user can store files anywhere on the pyLoad server and gain command execution by abusing scripts. Details When a user creates a new package, a subdirectory is created within the /downloads folder to store files. This new directory name is derived from the package name, except a...
CVE-2023-39246
Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server version prior to 11.8.1 contain an Insecure Operation on Windows Junction Vulnerability during installation. A local malicious user could potentially exploit this vulnerability to create an arbitrary...
Design/Logic Flaw
Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server version prior to 11.8.1 contain an Insecure Operation on Windows Junction Vulnerability during installation. A local malicious user could potentially exploit this vulnerability to create an arbitrary...
CVE-2023-39246
Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server version prior to 11.8.1 contain an Insecure Operation on Windows Junction Vulnerability during installation. A local malicious user could potentially exploit this vulnerability to create an arbitrary...
CVE-2023-32470
Dell Digital Delivery versions prior to 5.0.82.0 contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability to create arbitrary folder leading to permanent Denial of Service DOS...
Exploit for External Control of File Name or Path in Moodle
🇮🇱 BringThemHome NeverAgainIsNow 🇮🇱 We demand the...
CVE-2023-28071
Dell Command | Update, Dell Update, and Alienware Update versions 4.9.0, A01 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability to create arbitrary folder leading to permanent Denial of Servi...
CVE-2023-28071
Dell Command | Update, Dell Update, and Alienware Update versions 4.9.0, A01 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability to create arbitrary folder leading to permanent Denial of Servi...
Dell Command Update 后置链接漏洞
Dell Command Update is a tool from Dell USA used to automatically update drivers, BIOS and firmware in Dell products. A security vulnerability exists in Dell Command Update, Dell Update, Alienware Update version 4.9.0 and prior versions. An attacker could exploit the vulnerability to create...