Lucene search
K

128 matches found

0day.today
0day.today
added 2025/02/09 12:0 a.m.189 views

dhtmlxFileExplorer 8.4.6 Directory Traversal Vulnerability

Exploit Title: dhtmlxFileExplorer 8.4.6 - Access Sensitive Floder via Directory Traversal in DHX File Exlploer Exploit Author: Nutchaya Augkanavitayakul, Nattachai Wanmak, Pongtorn Angsuchotmetee Vendor Homepage: https://dhtmlx.com Software Link: https://dhtmlx.com Version: 8.4.6 Tested on: macOS...

6.5CVSS6.8AI score0.00739EPSS
Exploits3
Packet Storm
Packet Storm
added 2025/02/06 12:0 a.m.351 views

dhtmlxFileExplorer 8.4.6 Directory Traversal

dhtmlxFileExplorer version 8.4.6 is susceptible to a path traversal attack, enabling unauthorized access to system files. Exploit Title: dhtmlxFileExplorer 8.4.6 - Access Sensitive Floder via Directory Traversal in DHX File Exlploer Date: Feb 6, 2025 Exploit Author: Nutchaya Augkanavitayakul,...

7.3AI score0.00739EPSS
Exploits3
CVE
CVE
added 2025/02/03 12:0 a.m.235 views

CVE-2024-57968

CVE-2024-57968 affects Advantive VeraCore (pre-2024.4.2.1). It is an unrestricted file upload vulnerability that allows a remote authenticated user to upload files to unintended folders (upload.aspx). VeraCore was patched in version 2024.4.2.1. In practice, multiple sources flag active exploitati...

9.9CVSS6.8AI score0.30477EPSS
In wildExploits1References4Affected Software1
OSV
OSV
added 2025/01/21 11:15 p.m.5 views

CVE-2024-43765

In multiple locations, there is a possible way to obtain access to a folder due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation...

7.8CVSS5.9AI score0.00074EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2025/01/21 11:15 p.m.6 views

CVE-2024-43765

In multiple locations, there is a possible way to obtain access to a folder due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation...

7.8CVSS5.9AI score0.00074EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/01/21 11:4 p.m.11 views

CVE-2024-43765

In multiple locations, there is a possible way to obtain access to a folder due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation...

0.00074EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/01/21 12:0 a.m.7 views

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that originates from multiple locations containing an eavesdropping hijacking/overwriting attack that can be exploited by an attacker to gain access to a...

7.8CVSS7.2AI score0.00074EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/01/13 12:0 a.m.11 views

PT-2025-1798 · WordPress · Appointment Booking Calendar Plugin

Name of the Vulnerable Software and Affected Versions: Appointment Booking Calendar Plugin and Scheduling Plugin versions prior to 1.1.23 Description: The export settings functionality in the Appointment Booking Calendar Plugin and Scheduling Plugin exports data to a public folder with an easily...

7.5CVSS9.2AI score0.00616EPSS
Exploits1References10
Veracode
Veracode
added 2025/01/09 4:32 a.m.8 views

Improper Access Control

nilsteampassnet/teampass is vulnerable to Improper access control. The vulnerability is due to the application failing to properly validate whether a folder belongs to the user's allowed folders list defined by an admin, allowing an attacker to bypass access restrictions and access unauthorized...

4.3CVSS6.6AI score0.00328EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2025/01/02 12:0 a.m.6 views

PT-2025-2831 · Acronis · Acronis True Image

Name of the Vulnerable Software and Affected Versions: Acronis True Image Windows before build 41736 Description: Sensitive information disclosure is possible due to insecure folder permissions. This issue affects Acronis True Image on Windows. Recommendations: For Acronis True Image Windows befo...

5.5CVSS6.7AI score0.00148EPSS
Exploits0References6
OSV
OSV
added 2025/01/01 12:0 a.m.11 views

ASB-A-233605527

In multiple locations, there is a possible way to obtain access to a folder due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation...

7.8CVSS7.3AI score0.00074EPSS
Exploits0References2
Snyk
Snyk
added 2024/12/30 3:31 p.m.4 views

Improper Authorization

Overview nilsteampassnet/teampass is a password manager. Affected versions of this package are vulnerable to Improper Authorization due to improper validation of user permissions in the items.queries.php component. An attacker can gain unauthorized access to folders by exploiting the lack of prop...

5.4CVSS7AI score0.00328EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2024/12/30 3:31 p.m.15 views

TeamPass does not properly check whether a folder is in a user's allowed folders list

TeamPass before 3.1.3.1, when retrieving information about access rights for a folder, does not properly check whether a folder is in a user's allowed folders list that has been defined by an admin...

4.3CVSS6.5AI score0.00328EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2024/12/30 12:0 a.m.5 views

TeamPass 安全漏洞

TeamPass is an open source password manager from the individual developer Nils Laumaillé. A security vulnerability exists in versions prior to TeamPass 3.1.3.1, which stems from the inability to properly check whether a folder is located in an administrator-defined list of user-allowed folders wh...

4.3CVSS6.3AI score0.00328EPSS
Exploits0References4
OSV
OSV
added 2024/12/30 12:0 a.m.7 views

CVE-2024-50701

TeamPass before 3.1.3.1, when retrieving information about access rights for a folder, does not properly check whether a folder is in a user's allowed folders list that has been defined by an admin...

4.3CVSS6.5AI score0.00328EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2024/12/19 3:12 p.m.20 views

Astro's server source code is exposed to the public if sourcemaps are enabled

Summary A bug in the build process allows any unauthenticated user to read parts of the server source code. Details During build, along with client assets such as css and font files, the sourcemap files for the server code are moved to a publicly-accessible folder...

7.8CVSS7.3AI score0.01465EPSS
Exploits1References8Affected Software1
CNVD
CNVD
added 2024/12/12 12:0 a.m.8 views

Siemens COMOS XXE Injection Vulnerability

COMOS is a unified data platform for collaborative plant design, operations and management that supports the collection, processing, preservation and distribution of information throughout the plant lifecycle. Siemens COMOS suffers from an XXE injection vulnerability that can be exploited by an...

5.7CVSS6.8AI score0.00186EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/11/15 12:0 a.m.3 views

PRIMX ORIZON 安全漏洞

PRIMX ORIZON is a multi-platform software from PRIMX Corporation that encrypts files and folders stored at a cloud service provider. A security vulnerability exists in PRIMX ORIZON version 2024.3 and earlier, which stems from the fact that by default dedicated folders can be accessed by other use...

7.8CVSS6.6AI score0.00159EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/11/15 12:0 a.m.4 views

ZONEPOINT 安全漏洞

PRIMX ZONEPOINT is a secure encrypted messaging program from PRIMX Corporation. A security vulnerability exists in ZONEPOINT 2024.1 and earlier versions, which stems from the fact that a dedicated folder can be accessed by other users by default, allowing them to misuse technical files and perfor...

7.8CVSS6.7AI score0.00159EPSS
Exploits0References1
CVE
CVE
added 2024/11/15 12:0 a.m.49 views

CVE-2024-46463

CVE-2024-46463 concerns PRIMX ORIZON for Windows (up to version 2024.3). By default, dedicated folders can be accessed by other users, enabling misuse of technical files and higher-privilege task execution. The underlying issue is access control on ORIZON folders; remediation is to modify the con...

7.8CVSS6.9AI score0.00159EPSS
Exploits0References1
Rows per page
Query Builder