CVE-2020-7918

An insecure direct object reference in webmail in totemo totemomail 7.0.0 allows an authenticated remote user to read and modify mail folder names of other users via enumeration...

EUVD-1999-0805

Malware in sbrugna...

CVE-2024-8401

CWE-79: Improper Neutralization of Input During Web Page Generation ‘Cross-site Scripting’ vulnerability exists when an authenticated attacker modifies folder names within the context of the product...

CVE-2024-8401

This CVE-2024-8401 concerns Schneider Electric EcoStruxure products (PME, EPO, PSO) with a Cross-site Scripting (XSS) flaw caused by improper input neutralization during web page generation. An authenticated attacker could modify folder names within the product context, potentially enabling malic...

Dell Rugged Control Center 安全漏洞

Dell Rugged Control Center is an application from Dell USA. It allows a range of settings to be configured on the ruggedized device, such as application settings, keyboard backlight settings, night mode settings, stealth mode settings, window settings, antenna switch settings and GPS settings. An...

Dell Rugged Control Center 安全漏洞

Dell Rugged Control Center is an application from Dell USA. It allows a range of settings to be configured on the ruggedized device, such as application settings, keyboard backlight settings, night mode settings, stealth mode settings, window settings, antenna switch settings and GPS settings. An...

CVE-2023-0720

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajaxsavefolderorder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke...

CVE-2023-0715

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajaxclonefolder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke thi...

PT-2023-16471 · WordPress · Wicked Folders

Name of the Vulnerable Software and Affected Versions: Wicked Folders plugin for WordPress versions up to, and including, 2.18.16 Description: The issue is related to a missing capability check on the ajax clone folder function, allowing authenticated attackers with subscriber-level permissions a...

CVE-2023-0712

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajaxmoveobject function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this...

PT-2023-16470 · WordPress · Wicked Folders

Name of the Vulnerable Software and Affected Versions: Wicked Folders plugin for WordPress versions up to, and including, 2.18.16 Description: The issue is related to a missing capability check on the ajax add folder function, allowing authenticated attackers with subscriber-level permissions and...

GHSA-PC22-3G76-GM6J Generator Web Application: Local Privilege Escalation Vulnerability via System Temp Directory

Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. This...

Jfrog Artifactory < 4.16 - Arbitrary File Upload / Remote Command Execution

Exploit Title: Jfrog Artifactory alert/Vulnerable/" within the file app.html : POST /artifactory/ui/artifact/upload HTTP/1.1 Host: removed User-Agent: removed Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate...

CVE-1999-0824

A Windows NT user can use SUBST to map a drive letter to a folder, which is not unmapped after the user logs off, potentially allowing that user to modify the location of folders accessed by later users...