13 matches found
CVE-2025-15035
Improper Input Validation vulnerability in TP-Link Archer AXE75 v1.6 vpn modules allows an authenticated adjacent attacker to delete arbitrary server file, leading to possible loss of critical system files and service interruption or degraded functionality.This issue affects Archer AXE75 v1.6: ≤...
PT-2026-1562
Name of the Vulnerable Software and Affected Versions Frontend File Manager Plugin versions prior to 23.5 Description The Frontend File Manager Plugin for WordPress did not properly check a file path and who owned the file. This allowed any logged-in user, even those with limited permissions like...
Incorrect Permission Assignment for Critical Resource
Overview Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource via the DELETE /api/org/users/ endpoint. An attacker can permanently delete Server administrator accounts by exploiting the role privileges of an Organization administrator. Note: Th...
CVE-2025-3580
An access control vulnerability was discovered in Grafana OSS where an Organization administrator could permanently delete the Server administrator account. This vulnerability exists in the DELETE /api/org/users/ endpoint. The vulnerability can be exploited when: 1. An Organization administrator...
CVE-2024-48071
E-cology has a directory traversal vulnerability. An attacker can exploit this vulnerability to delete the server directory, causing the server to permanently deny service...
CVE-2023-48652
Concrete CMS 9 before 9.2.3 is vulnerable to Cross Site Request Forgery CSRF via /ccm/system/dialogs/logs/deleteall/submit. An attacker can force an admin user to delete server report logs on a web application to which they are currently authenticated...
CVE-2023-4274
The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 0.9.89. This allows authenticated attackers with administrative privileges to delete the contents of arbitrary directories on the server, which can be a critical...
Arbitrary File Deletion Vulnerability in Yunye CMS
Yunye CMS is an enterprise website building system developed by Luoyang Yunye Information Technology Co. Yunye CMS has an arbitrary file deletion vulnerability that can be exploited by an attacker to delete any file on the server...
PHP Server Monitor 3.3.1 - Cross-Site Request Forgery
PHP Server Monitor 3.3.1 - Cross-Site Request Forgery Exploit Title: PHP Server Monitor 3.3.1 - Cross-Site Request Forgery Exploit Author: Javier Olmedo Website: https://www.sidertia.com Date: 2018-11-28 Google Dork: N/A Vendor: https://www.phpservermonitor.org/ Software Link:...
PHP Server Monitor 3.3.1 - Cross-Site Request Forgery
Exploit Title: PHP Server Monitor 3.3.1 - Cross-Site Request Forgery Exploit Author: Javier Olmedo Website: https://www.sidertia.com Date: 2018-11-28 Google Dork: N/A Vendor: https://www.phpservermonitor.org/ Software Link: https://github.com/phpservermon/phpservermon/releases/tag/v3.3.1 Affected...
CVE-2018-12999
Incorrect Access Control in AgentTrayIconServlet in Zoho ManageEngine Desktop Central 10.0.255 allows attackers to delete certain files on the web server without login by sending a specially crafted request to the server with a computerName=../ substring to the /agenttrayicon URI...
To delete two headers in HTTP Response
In certain cases, we do not want to parse the HTTP headers to the end Client. NetScaler can do this job by deleting the HTTP header received from the Server. We can use Rewrite feature of NetScaler to achieve this. Configuration AppExperts Rewrite. Step 1 : To remove HTTP header named "Server" CL...
New Relic: CSRF- delete all empty server policy
A CSRF vulnerability is found in the application, using which an attacker can delete all empty server policy. Steps to reproduce Create a html file using following code: send it to victim. Note : Make sure you change the account id to the victims id...