WordPress plugin GoogleDrive folder list 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin GoogleDrive folder list...

WordPress GoogleDrive folder list plugin <= 2.2.2 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

CSRF to Stored Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin GoogleDrive folder list versions = 2.2.2...

WordPress GoogleDrive folder list Plugin <= 2.2.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software GoogleDrive folder list Type Plugin Vulnerable versions = 2.2.2 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-49335 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 4b047cc300da Credits SOPROBRO...

CVE-2024-49389

Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Files Windows before build 9.0.0x24...

CVE-2024-49389

Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Files Windows before build 9.0.0x24...

CVE-2024-49389

Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Files Windows before build 9.0.0x24...

CVE-2024-49389

Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Files Windows before build 9.0.0x24...

CVE-2024-49389

CVE-2024-49389 affects Acronis Cyber Files (Windows) prior to build 9.0.0x24. The vulnerability stems from insecure folder permissions that enable local privilege escalation. Affected component is the file system/installation directory permissions which, when exploited, grant high integrity, conf...

PT-2024-33500 · Acronis · Acronis Cyber Files

Name of the Vulnerable Software and Affected Versions: Acronis Cyber Files Windows versions before 9.0.0x24 Description: The issue is related to local privilege escalation due to insecure folder permissions. Recommendations: For Acronis Cyber Files Windows versions before 9.0.0x24, update to a...

CVE-2024-8746

The File Manager Pro plugin for WordPress is vulnerable to arbitrary backup file downloads and uploads due to missing file type validation via the 'mkfilefoldermanagershortcode' ajax action in all versions up to, and including, 8.3.9. This makes it possible for unauthenticated attackers, if grant...

Data lost upon configuring folder redirection for existing user profiles

When Desktop folder redirection is configured for existing user profiles, User Profile Management UPM only transfers individual files from the user profile's Desktop folder to the redirected location, resulting in the deletion of all subfolders and their contents...

WordPress plugin File Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

CVE-2023-31493

RCE Remote Code Execution exists in ZoneMinder through 1.36.33 as an attacker can create a new .php log file in language folder, while executing a crafted payload and escalate privileges allowing execution of any commands on the remote system...

DEBIAN-CVE-2023-31493

RCE Remote Code Execution exists in ZoneMinder through 1.36.33 as an attacker can create a new .php log file in language folder, while executing a crafted payload and escalate privileges allowing execution of any commands on the remote system...

CVE-2023-31493

RCE Remote Code Execution exists in ZoneMinder through 1.36.33 as an attacker can create a new .php log file in language folder, while executing a crafted payload and escalate privileges allowing execution of any commands on the remote system...

UBUNTU-CVE-2023-31493

RCE Remote Code Execution exists in ZoneMinder through 1.36.33 as an attacker can create a new .php log file in language folder, while executing a crafted payload and escalate privileges allowing execution of any commands on the remote system...

CVE-2024-45731 Potential Remote Command Execution (RCE) through arbitrary file write to Windows system root directory when Splunk Enterprise for Windows is installed on a separate disk

In Splunk Enterprise for Windows versions below 9.3.1, 9.2.3, and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could write a file to the Windows system root directory, which has a default location in the Windows System32 folder, when Splunk Enterprise for...

CVE-2024-45731

Summary: CVE-2024-45731 affects Splunk Enterprise for Windows prior to 9.3.1, 9.2.3, and 9.1.6. A low-privileged user (not admin/power roles) could write a file to the Windows system root (default System32 location) when Splunk is installed on a separate drive. Root cause / impact: arbitrary file...

UBUNTU-CVE-2024-38862

Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions 2.3.0p18, 2.2.0p35, 2.1.0p48 and =2.0.0p39 EOL causes SNMP and IMPI secrets of host and folder properties to be written to audit log files accessible to administrators...

Checkmk 安全漏洞

Checkmk is an IT monitoring platform from Checkmk, Inc. A security vulnerability exists in Checkmk that stems from the insertion of sensitive information into log files, which could result in SNMP and IMPI secrets for host and folder attributes being written to administrator-accessible audit log...