29 matches found
CVE-2025-61941
A path traversal issue exists in WXR9300BE6P series firmware versions prior to Ver.1.10. Arbitrary file may be altered by an administrative user who logs in to the affected product. Moreover, arbitrary OS command may be executed via some file alteration...
EUVD-2025-34529
A path traversal issue exists in WXR9300BE6P series firmware versions prior to Ver.1.10. Arbitrary file may be altered by an administrative user who logs in to the affected product. Moreover, arbitrary OS command may be executed via some file alteration...
EUVD-2008-0595
Malware in sbrugna...
EUVD-2022-52438
Malicious code in bioql PyPI...
EUVD-2025-8557
Malicious code in bioql PyPI...
CVE-2023-32608
Directory traversal vulnerability in Pleasanter Community Edition and Enterprise Edition 1.3.39.2 and earlier versions allows a remote authenticated attacker to alter an arbitrary file on the server...
CVE-2022-30602
Operation restriction bypass in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to alter the file information and/or delete the files...
CVE-2024-37387
Ricoh Streamline NX PC Client contains a use of potentially dangerous function (CWE-676) vulnerability tracked as CVE-2024-37387. Affected versions include 3.2.1.19, 3.3.1.3, 3.3.2.201, 3.4.3.1, 3.5.1.201, 3.6.100.53, and 3.6.2.1. If exploited, files on the host PC may be altered. Vendor advisori...
Path Traversal
pimcore/pimcore is vulnerable to Path Traversal. A path traversal flaw exists in AssetController::importServerFilesAction, which allows an attacker to alter the pimcorelog argument, possibly overwriting or modifying sensitive files. This might also lead to illegal access, privilege escalation, or...
Directory traversal
Directory traversal vulnerability in Pleasanter Community Edition and Enterprise Edition 1.3.39.2 and earlier versions allows a remote authenticated attacker to alter an arbitrary file on the server...
CVE-2023-32608
Directory traversal vulnerability in Pleasanter Community Edition and Enterprise Edition 1.3.39.2 and earlier versions allows a remote authenticated attacker to alter an arbitrary file on the server...
PT-2023-23908 · Unknown · Pleasanter
Name of the Vulnerable Software and Affected Versions: Pleasanter versions 1.3.39.2 and earlier Description: A directory traversal issue allows a remote authenticated attacker to alter an arbitrary file on the server. Recommendations: For versions 1.3.39.2 and earlier, update to a version later...
CVE-2022-46660
GE Digital Proficy Historian CVE-2022-46660 is a path/unsafe file write vulnerability affecting Proficy Historian (v7.0 and up per ICS advisory context). Connected sources describe exploitation via unrestricted upload of files and MSO protocol handling that allows an unauthorized user to alter or...
CVE-2022-42458
Authentication bypass using an alternate path or channel vulnerability in bingo!CMS version1.7.4.1 and earlier allows a remote unauthenticated attacker to upload an arbitrary file. As a result, an arbitrary script may be executed and/or a file may be altered...
CVE-2022-30602
Operation restriction bypass in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to alter the file information and/or delete the files...
Design/Logic Flaw
Operation restriction bypass in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to alter the file information and/or delete the files...
CVE-2022-30602
The CVE-2022-30602 issue affects Cybozu Garoon 4.0.0–5.9.1. Description and connected sources confirm an authorization/privilege-management flaw (operation restriction bypass) that lets an authenticated remote user alter file information and/or delete files. The root cause is an improper privileg...
CVE-2022-30602
Operation restriction bypass in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to alter the file information and/or delete the files...
Code injection
Triggering an error page of the import process in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user has to alternate the files of a vaild file backup. This leads of leaking the database credentials in the environment variables...
CVE-2021-39458
The CVE-2021-39458 issue affects Yakamara Media Redaxo CMS 5.12.1, where an authenticated CMS user can trigger an error in the import process to swap files from a valid backup. This leads to leakage of database credentials stored in environment variables. The available connected documents confirm...