128 matches found
dhtmlxFileExplorer 8.4.6 Directory Traversal Vulnerability
Exploit Title: dhtmlxFileExplorer 8.4.6 - Access Sensitive Floder via Directory Traversal in DHX File Exlploer Exploit Author: Nutchaya Augkanavitayakul, Nattachai Wanmak, Pongtorn Angsuchotmetee Vendor Homepage: https://dhtmlx.com Software Link: https://dhtmlx.com Version: 8.4.6 Tested on: macOS...
dhtmlxFileExplorer 8.4.6 Directory Traversal
dhtmlxFileExplorer version 8.4.6 is susceptible to a path traversal attack, enabling unauthorized access to system files. Exploit Title: dhtmlxFileExplorer 8.4.6 - Access Sensitive Floder via Directory Traversal in DHX File Exlploer Date: Feb 6, 2025 Exploit Author: Nutchaya Augkanavitayakul,...
CVE-2024-57968
CVE-2024-57968 affects Advantive VeraCore (pre-2024.4.2.1). It is an unrestricted file upload vulnerability that allows a remote authenticated user to upload files to unintended folders (upload.aspx). VeraCore was patched in version 2024.4.2.1. In practice, multiple sources flag active exploitati...
CVE-2024-43765
In multiple locations, there is a possible way to obtain access to a folder due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation...
CVE-2024-43765
In multiple locations, there is a possible way to obtain access to a folder due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation...
CVE-2024-43765
In multiple locations, there is a possible way to obtain access to a folder due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation...
Google Android 安全漏洞
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that originates from multiple locations containing an eavesdropping hijacking/overwriting attack that can be exploited by an attacker to gain access to a...
PT-2025-1798 · WordPress · Appointment Booking Calendar Plugin
Name of the Vulnerable Software and Affected Versions: Appointment Booking Calendar Plugin and Scheduling Plugin versions prior to 1.1.23 Description: The export settings functionality in the Appointment Booking Calendar Plugin and Scheduling Plugin exports data to a public folder with an easily...
Improper Access Control
nilsteampassnet/teampass is vulnerable to Improper access control. The vulnerability is due to the application failing to properly validate whether a folder belongs to the user's allowed folders list defined by an admin, allowing an attacker to bypass access restrictions and access unauthorized...
PT-2025-2831 · Acronis · Acronis True Image
Name of the Vulnerable Software and Affected Versions: Acronis True Image Windows before build 41736 Description: Sensitive information disclosure is possible due to insecure folder permissions. This issue affects Acronis True Image on Windows. Recommendations: For Acronis True Image Windows befo...
ASB-A-233605527
In multiple locations, there is a possible way to obtain access to a folder due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation...
Improper Authorization
Overview nilsteampassnet/teampass is a password manager. Affected versions of this package are vulnerable to Improper Authorization due to improper validation of user permissions in the items.queries.php component. An attacker can gain unauthorized access to folders by exploiting the lack of prop...
TeamPass does not properly check whether a folder is in a user's allowed folders list
TeamPass before 3.1.3.1, when retrieving information about access rights for a folder, does not properly check whether a folder is in a user's allowed folders list that has been defined by an admin...
TeamPass 安全漏洞
TeamPass is an open source password manager from the individual developer Nils Laumaillé. A security vulnerability exists in versions prior to TeamPass 3.1.3.1, which stems from the inability to properly check whether a folder is located in an administrator-defined list of user-allowed folders wh...
CVE-2024-50701
TeamPass before 3.1.3.1, when retrieving information about access rights for a folder, does not properly check whether a folder is in a user's allowed folders list that has been defined by an admin...
Astro's server source code is exposed to the public if sourcemaps are enabled
Summary A bug in the build process allows any unauthenticated user to read parts of the server source code. Details During build, along with client assets such as css and font files, the sourcemap files for the server code are moved to a publicly-accessible folder...
Siemens COMOS XXE Injection Vulnerability
COMOS is a unified data platform for collaborative plant design, operations and management that supports the collection, processing, preservation and distribution of information throughout the plant lifecycle. Siemens COMOS suffers from an XXE injection vulnerability that can be exploited by an...
PRIMX ORIZON 安全漏洞
PRIMX ORIZON is a multi-platform software from PRIMX Corporation that encrypts files and folders stored at a cloud service provider. A security vulnerability exists in PRIMX ORIZON version 2024.3 and earlier, which stems from the fact that by default dedicated folders can be accessed by other use...
ZONEPOINT 安全漏洞
PRIMX ZONEPOINT is a secure encrypted messaging program from PRIMX Corporation. A security vulnerability exists in ZONEPOINT 2024.1 and earlier versions, which stems from the fact that a dedicated folder can be accessed by other users by default, allowing them to misuse technical files and perfor...
CVE-2024-46463
CVE-2024-46463 concerns PRIMX ORIZON for Windows (up to version 2024.3). By default, dedicated folders can be accessed by other users, enabling misuse of technical files and higher-privilege task execution. The underlying issue is access control on ORIZON folders; remediation is to modify the con...