18 matches found
Unspecified Vulnerability in TeamViewer DEX Client (CNVD-2026-16661)
TeamViewer DEX Client is a digital employee experience and endpoint management software from TeamViewer Germany. TeamViewer DEX Client has a security vulnerability that can be exploited by an attacker to cause the deletion of protected system files...
CVE-2026-23563 Privilege escalation in TeamViewer DEX via DeleteFileByPath instruction
Improper Link Resolution Before File Access invoked by 1E‑Explorer‑TachyonCore‑DeleteFileByPath instruction in TeamViewer DEX - 1E Client before version 26.1 on Windows allows a low‑privileged local attacker to delete protected system files via a crafted RPC control junction or symlink that is...
EUVD-2026-1596
The WP Cost Estimation plugin for WordPress is vulnerable to arbitrary file uploads and deletion due to missing file type validation in the lfbuploadform and lfbremoveFile AJAX actions in versions up to, and including, 9.642. This makes it possible for unauthenticated attackers to upload arbitrar...
CVE-2023-20098
A vulnerability in the CLI of Cisco SDWAN vManage Software could allow an authenticated, local attacker to delete arbitrary files. This vulnerability is due to improper filtering of directory traversal character sequences within system commands. An attacker with administrative privileges could...
CVE-2022-34432
Dell Hybrid Client below 1.8 version contains a gedit vulnerability. A guest attacker could potentially exploit this vulnerability, allowing deletion of user and some system files and folders...
Authentication flaw
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. Affected Product: Interactive Graphical SCADA System Data Collector dc.exe V15.0.0.21320...
CVE-2020-7882 anySign directory traversal vulnerability
Using the parameter of getPFXFolderList function, attackers can see the information of authorization certification and delete the files. It occurs because the parameter contains path traversal charactersie. '../../../'...
jenkins-2-plugins/config-file-provider: does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery (CSRF) vulnerability.
A cross-site request forgery CSRF vulnerability was found in the config-file-provider Jenkins plugin. The plugin does not require POST requests for an HTTP endpoint which allows attackers to delete configuration files corresponding to an attacker-specified ID...
CVE-2019-15493
openITCOCKPIT before 3.7.1 allows deletion of files, aka RVID 4-445b21...
CVE-2019-15493
openITCOCKPIT prior to 3.7.1 is affected by CVE-2019-15493, allowing deletion of files (RVID 4-445b21). The connected documents confirm the vulnerable platform and impact, but do not provide deeper root-cause details. A patched release, 3.7.1 (tag openITCOCKPIT-3.7.1), is available as remediation...
Arbitrary file deletion
In Symfony before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, it is possible to cache objects that may contain bad user input. On serialization or unserialization, this could result in the deletion of files that the current user has access to. This is related to...
Local Privilege Escalation in Management Web Interface
A vulnerability exists in the Management web interface that could allow local privilege escalation. The Management web interface does not properly validate specific request parameters, which can potentially allow deletion of files in the system. Ref. PAN-90954; CVE-2018-9242 Successful exploitati...
Vanilla: FileUpload Plugin: CSRF (delete all attached files)
Description ------------ The current version 1.9.1 of the official FileUpload plugin is vulnerable to CSRF. A successful attack allows the removal of files the attacked user has the permission to delete. Administrators for example have the permission to delete all attached files. As the request t...
File Access Vulnerability in Multiple IBM Products (CNVD-2018-13180)
IBM SAN Volume Controller SVC, built with IBM Spectrum Storage software, is a reliable system that helps improve the data value, security and ease of use of new and existing storage infrastructures.The IBM Storwize product family provides all-flash, hybrid storage solutions with common features a...
WordPress Plugin Real3D FlipBook - Multiple Vulnerabilities
POCExploit CodeCanyon Real3D FlipBook WordPress Plugin + http://codecanyon.net/item/real3d-flipbook-wordpress-plugin/6942587 + Multiple Vulnerabilities Found by: Mukarram Khalid + https://mukarramkhalid.com/wordpress-real-3d-flipbook-plugin-exploit/ + Requirements : Python 3.4.x or higher,...
Adobe Acrobat Multiple Vulnerabilities - 01 (Oct 2015) - Mac OS X
Adobe Acrobat is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:adobe:acrobat"; ifdescription...
Samsung SyncThru UpdateDriverFileServlet Directory Traversal Denial of Service Vulnerability
This vulnerability allows remote attackers to delete arbitrary files on vulnerable installations of Samsung SyncThru. By default, authentication is not required to exploit this vulnerability. The specific flaw exists within the DriverFileUploadServlet servlet exposed by upload/updateDriver. The...
Supernews <= 2.6.1 SQL Injection Exploit
Exploit for php platform in category web applications ?php Exploit Title: Supernews = 2.6.1 SQL Injection Exploit Google Dork: intext:"2003 - 2004 : SuperNews : Todos os direitos reservados" Date: 2012/ Author: WhiteCollarGroup Software Link: http://phpbrasil.com/script/vT0FaOCySSH/supernews...