Lucene search
K

126 matches found

Prion
Prion
added 2022/05/16 3:15 p.m.16 views

Privilege escalation

Trend Micro Password Manager Consumer version 5.0.0.1266 and below is vulnerable to a Link Following Privilege Escalation Vulnerability that could allow a low privileged local attacker to delete the contents of an arbitrary folder as SYSTEM which can then be used for privilege escalation on the...

7.2CVSS7.7AI score0.00422EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2022/04/26 9:15 p.m.22 views

CVE-2022-28527

dhcms v20170919 was discovered to contain an arbitrary folder deletion vulnerability via /admin.php?r=admin/AdminBackup/del...

8.1CVSS0.01029EPSS
Exploits1References1
OSV
OSV
added 2022/04/26 9:15 p.m.3 views

CVE-2022-28527

dhcms v20170919 was discovered to contain an arbitrary folder deletion vulnerability via /admin.php?r=admin/AdminBackup/del...

8.1CVSS7.4AI score0.01029EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2022/04/26 9:15 p.m.3 views

CVE-2022-28527

dhcms v20170919 was discovered to contain an arbitrary folder deletion vulnerability via /admin.php?r=admin/AdminBackup/del...

8.1CVSS7.2AI score0.01029EPSS
Exploits1References2
Cvelist
Cvelist
added 2022/04/26 8:29 p.m.26 views

CVE-2022-28527

dhcms v20170919 was discovered to contain an arbitrary folder deletion vulnerability via /admin.php?r=admin/AdminBackup/del...

8.4AI score0.01029EPSS
Exploits1References1
CVE
CVE
added 2022/04/26 8:29 p.m.85 views

CVE-2022-28527

CVE-2022-28527 affects the DhCms release v20170919, where an arbitrary folder deletion vulnerability exists via the admin endpoint /admin.php?r=admin/AdminBackup/del. The connected records confirm the vulnerable component and the attack vector, but do not specify concrete patch versions or remedi...

8.1CVSS8.1AI score0.01029EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2022/04/26 12:0 a.m.3 views

DhCms 路径遍历漏洞

DhCms Dinghua Cloud CMS is a content management system based on PHP and MySQL. A security vulnerability exists in DhCms version 20170919, which originated from an arbitrary folder deletion vulnerability found via /admin.php?r=admin/AdminBackup/del...

8.1CVSS7.9AI score0.01029EPSS
Exploits1References3
NVD
NVD
added 2022/04/11 8:15 p.m.24 views

CVE-2022-28778

Improper access control vulnerability in Samsung Security Supporter prior to version 1.2.40.0 allows attacker to set the arbitrary folder as Secret Folder without Samsung Security Supporter permission...

4.4CVSS0.00239EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/04/11 7:37 p.m.25 views

CVE-2022-28778

Improper access control vulnerability in Samsung Security Supporter prior to version 1.2.40.0 allows attacker to set the arbitrary folder as Secret Folder without Samsung Security Supporter permission...

4.4CVSS5.1AI score0.00239EPSS
Exploits0References1
NVD
NVD
added 2022/02/24 3:15 a.m.26 views

CVE-2022-24680

A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow a local attacker to create a mount point and...

7.8CVSS0.00469EPSS
Exploits0References3
Prion
Prion
added 2022/02/24 3:15 a.m.18 views

Privilege escalation

A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow a local attacker to create a mount point and...

7.2CVSS7.9AI score0.00469EPSS
Exploits0References3Affected Software2
Cvelist
Cvelist
added 2022/01/03 12:49 p.m.14 views

CVE-2021-25021 OMGF < 4.5.12 - Admin+ Arbitrary Folder Deletion via Path Traversal

The OMGF | Host Google Fonts Locally WordPress plugin before 4.5.12 does not validate the cache directory setting, allowing high privilege users to use a path traversal vector and delete arbitrary folders when uninstalling the plugin...

5.4AI score0.01021EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/12/01 12:0 a.m.48 views

OMGF < 4.5.12 - Admin+ Arbitrary Folder Deletion via Path Traversal

The plugin does not validate the cache directory setting, allowing high privilege users to use a path traversal vector and delete arbitrary folders when uninstalling the plugin As admin, put the following payload in the "Fonts Cache Directory" setting of the plugin: ../wp-includes, tick the "Remo...

4.9CVSS1.7AI score0.01021EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2021/12/01 12:0 a.m.18 views

OMGF < 4.5.12 - Admin+ Arbitrary Folder Deletion via Path Traversal

The plugin does not validate the cache directory setting, allowing high privilege users to use a path traversal vector and delete arbitrary folders when uninstalling the plugin PoC As admin, put the following payload in the "Fonts Cache Directory" setting of the plugin: ../wp-includes, tick the...

4.9CVSS4.2AI score0.01021EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2021/12/01 12:0 a.m.49 views

CAOS < 4.1.9 - Admin+ Arbitrary Folder Deletion via Path Traversal

The plugin does not validate the cache directory setting, allowing high privilege users to use a path traversal vector and delete arbitrary folders when uninstalling the plugin As admin, put the following payload in the "Cache directory for analytics.js" setting of the plugin: ../wp-includes, tic...

4.9CVSS1.6AI score0.01021EPSS
Exploits2
Patchstack
Patchstack
added 2021/12/01 12:0 a.m.27 views

WordPress OMGF | Host Google Fonts Locally plugin <= 4.5.11 - Arbitrary Folder Deletion via Path Traversal vulnerability

Arbitrary Folder Deletion via Path Traversal vulnerability discovered by José Aguilera in WordPress OMGF | Host Google Fonts Locally plugin versions = 4.5.11. Solution Update the WordPress OMGF | Host Google Fonts Locally plugin to the latest available version at least 4.5.12...

4.9CVSS3AI score0.01021EPSS
Exploits2References3Affected Software1
WPVulnDB
WPVulnDB
added 2021/08/23 12:0 a.m.18 views

OMGF < 4.5.4 - Subscriber+ Arbitrary File/Folder Deletion

The plugin does not enforce path validation, authorisation and CSRF checks in the omgfajaxemptydir AJAX action, which allows any authenticated users to delete arbitrary files or folders on the server. PoC As an authenticated user, with a role as low as subscriber, viewing the admin the dashboard...

8.1CVSS3.2AI score0.00883EPSS
Exploits2Affected Software1
Cvelist
Cvelist
added 2020/02/12 8:0 p.m.26 views

CVE-2020-8950

The AUEPLauncher service in Radeon AMD User Experience Program Launcher through 1.0.0.1 on Windows allows elevation of privilege by placing a crafted file in %PROGRAMDATA%\AMD\PPC\upload and then creating a symbolic link in %PROGRAMDATA%\AMD\PPC\temp that points to an arbitrary folder with an...

7.7AI score0.00994EPSS
Exploits1References2
Veracode
Veracode
added 2019/10/21 9:38 a.m.13 views

ZipperDown Vulnerability

react-native-code-push is susceptible to zipperdown vulnerability. The vulnerability exists because it does not validate the folder of the zip file before performing the extraction of files and directly writing the content to arbitrary folder...

1.6AI score
Exploits0
CNVD
CNVD
added 2019/09/03 12:0 a.m.3 views

Directory Traversal, Arbitrary File Deletion Vulnerability in UsualToolCMS v8.0 Backend

UsualToolCMS UTCMS is an enterprise web content management system CMS based on PHP and MySQL. UsualToolCMS v8.0 backend has a directory traversal and arbitrary folder deletion vulnerability, an attacker can traverse to the root directory through the directory traversal vulnerability, and delete...

7.2AI score
Exploits0
Rows per page
Query Builder