126 matches found
Privilege escalation
Trend Micro Password Manager Consumer version 5.0.0.1266 and below is vulnerable to a Link Following Privilege Escalation Vulnerability that could allow a low privileged local attacker to delete the contents of an arbitrary folder as SYSTEM which can then be used for privilege escalation on the...
CVE-2022-28527
dhcms v20170919 was discovered to contain an arbitrary folder deletion vulnerability via /admin.php?r=admin/AdminBackup/del...
CVE-2022-28527
dhcms v20170919 was discovered to contain an arbitrary folder deletion vulnerability via /admin.php?r=admin/AdminBackup/del...
CVE-2022-28527
dhcms v20170919 was discovered to contain an arbitrary folder deletion vulnerability via /admin.php?r=admin/AdminBackup/del...
CVE-2022-28527
dhcms v20170919 was discovered to contain an arbitrary folder deletion vulnerability via /admin.php?r=admin/AdminBackup/del...
CVE-2022-28527
CVE-2022-28527 affects the DhCms release v20170919, where an arbitrary folder deletion vulnerability exists via the admin endpoint /admin.php?r=admin/AdminBackup/del. The connected records confirm the vulnerable component and the attack vector, but do not specify concrete patch versions or remedi...
DhCms 路径遍历漏洞
DhCms Dinghua Cloud CMS is a content management system based on PHP and MySQL. A security vulnerability exists in DhCms version 20170919, which originated from an arbitrary folder deletion vulnerability found via /admin.php?r=admin/AdminBackup/del...
CVE-2022-28778
Improper access control vulnerability in Samsung Security Supporter prior to version 1.2.40.0 allows attacker to set the arbitrary folder as Secret Folder without Samsung Security Supporter permission...
CVE-2022-28778
Improper access control vulnerability in Samsung Security Supporter prior to version 1.2.40.0 allows attacker to set the arbitrary folder as Secret Folder without Samsung Security Supporter permission...
CVE-2022-24680
A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow a local attacker to create a mount point and...
Privilege escalation
A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow a local attacker to create a mount point and...
CVE-2021-25021 OMGF < 4.5.12 - Admin+ Arbitrary Folder Deletion via Path Traversal
The OMGF | Host Google Fonts Locally WordPress plugin before 4.5.12 does not validate the cache directory setting, allowing high privilege users to use a path traversal vector and delete arbitrary folders when uninstalling the plugin...
OMGF < 4.5.12 - Admin+ Arbitrary Folder Deletion via Path Traversal
The plugin does not validate the cache directory setting, allowing high privilege users to use a path traversal vector and delete arbitrary folders when uninstalling the plugin As admin, put the following payload in the "Fonts Cache Directory" setting of the plugin: ../wp-includes, tick the "Remo...
OMGF < 4.5.12 - Admin+ Arbitrary Folder Deletion via Path Traversal
The plugin does not validate the cache directory setting, allowing high privilege users to use a path traversal vector and delete arbitrary folders when uninstalling the plugin PoC As admin, put the following payload in the "Fonts Cache Directory" setting of the plugin: ../wp-includes, tick the...
CAOS < 4.1.9 - Admin+ Arbitrary Folder Deletion via Path Traversal
The plugin does not validate the cache directory setting, allowing high privilege users to use a path traversal vector and delete arbitrary folders when uninstalling the plugin As admin, put the following payload in the "Cache directory for analytics.js" setting of the plugin: ../wp-includes, tic...
WordPress OMGF | Host Google Fonts Locally plugin <= 4.5.11 - Arbitrary Folder Deletion via Path Traversal vulnerability
Arbitrary Folder Deletion via Path Traversal vulnerability discovered by José Aguilera in WordPress OMGF | Host Google Fonts Locally plugin versions = 4.5.11. Solution Update the WordPress OMGF | Host Google Fonts Locally plugin to the latest available version at least 4.5.12...
OMGF < 4.5.4 - Subscriber+ Arbitrary File/Folder Deletion
The plugin does not enforce path validation, authorisation and CSRF checks in the omgfajaxemptydir AJAX action, which allows any authenticated users to delete arbitrary files or folders on the server. PoC As an authenticated user, with a role as low as subscriber, viewing the admin the dashboard...
CVE-2020-8950
The AUEPLauncher service in Radeon AMD User Experience Program Launcher through 1.0.0.1 on Windows allows elevation of privilege by placing a crafted file in %PROGRAMDATA%\AMD\PPC\upload and then creating a symbolic link in %PROGRAMDATA%\AMD\PPC\temp that points to an arbitrary folder with an...
ZipperDown Vulnerability
react-native-code-push is susceptible to zipperdown vulnerability. The vulnerability exists because it does not validate the folder of the zip file before performing the extraction of files and directly writing the content to arbitrary folder...
Directory Traversal, Arbitrary File Deletion Vulnerability in UsualToolCMS v8.0 Backend
UsualToolCMS UTCMS is an enterprise web content management system CMS based on PHP and MySQL. UsualToolCMS v8.0 backend has a directory traversal and arbitrary folder deletion vulnerability, an attacker can traverse to the root directory through the directory traversal vulnerability, and delete...