CVE-2024-27311 Arbitrary file writing

Zohocorp ManageEngine DDI Central versions 4001 and prior were vulnerable to directory traversal vulnerability which allows the user to upload new files to the server folder...

CVE-2024-6326

An exposure of sensitive information vulnerability exists in the Rockwell Automation FactoryTalk® System Service. A malicious user could exploit this vulnerability by starting a back-up or restore process, which temporarily exposes private keys, passwords, pre-shared keys, and database folders wh...

How to Publish the Printers Folder

This article contains the steps to publish Printers folder. Publishing the Printers folder provides users with a way of changing the printing preferences of their printers, such as paper size, paper type, duplexing options, and so on. Unlike adjusting such preferences within the print dialog of a...

CVE-2024-6037

A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240410 allows an attacker to create arbitrary folders at any location on the server, including the root directory C: dir. This can lead to uncontrolled resource consumption, resulting in resource exhaustion, denial of service DoS, server...

CVE-2024-6037 Arbitrary Folder Creation in gaizhenbiao/chuanhuchatgpt

A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240410 allows an attacker to create arbitrary folders at any location on the server, including the root directory C: dir. This can lead to uncontrolled resource consumption, resulting in resource exhaustion, denial of service DoS, server...

CVE-2024-6037

The CVE-2024-6037 entry concerns gaizhenbiao/chuanhuchatgpt version 20240410. The connected documents provide concrete details: an attacker can create arbitrary folders anywhere on the server, including the root directory (for example, C: dir). This action leads to resource exhaustion and potenti...

CVE-2024-6037 Arbitrary Folder Creation in gaizhenbiao/chuanhuchatgpt

A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240410 allows an attacker to create arbitrary folders at any location on the server, including the root directory C: dir. This can lead to uncontrolled resource consumption, resulting in resource exhaustion, denial of service DoS, server...

PT-2024-37335 · Unknown · Gaizhenbiao/Chuanhuchatgpt

Name of the Vulnerable Software and Affected Versions: gaizhenbiao/chuanhuchatgpt version 20240410 Description: A vulnerability allows an attacker to create arbitrary folders at any location on the server, including the root directory. This can lead to uncontrolled resource consumption, resulting...

CVE-2024-39165

QR/demoapp/qrimage.php in Asial JpGraph Professional through 4.2.6-pro allows remote attackers to execute arbitrary code via a PHP payload in the data parameter in conjunction with a .php file name in the filename parameter. This occurs because an unnecessary QR/demoapp folder.is shipped with the...

CVE-2024-39165

QR/demoapp/qrimage.php in Asial JpGraph Professional through 4.2.6-pro allows remote attackers to execute arbitrary code via a PHP payload in the data parameter in conjunction with a .php file name in the filename parameter. This occurs because an unnecessary QR/demoapp folder.is shipped with the...

Mitsubishi Electric MC Works64 Code Issue Vulnerability

Mitsubishi Electric MC Works64 is a data acquisition and monitoring system SCADA from Mitsubishi Electric Japan. A code issue vulnerability exists in Mitsubishi Electric MC Works64, which stems from an uncontrolled search path element vulnerability that allows a local attacker to execute maliciou...

CVE-2024-39165

Summary: CVE-2024-39165 affects Asial JpGraph Professional up to version 4.2.6-pro. The vulnerability arises from the presence of an unnecessary QR/demoapp folder, enabling a remote attacker to execute arbitrary PHP code via a payload placed in the data parameter and a .php filename in the filena...

PT-2024-17274

Name of the Vulnerable Software and Affected Versions ICONICS GENESIS64 all versions Mitsubishi Electric GENESIS64 all versions Mitsubishi Electric MC Works64 all versions Description The issue allows a local attacker to execute malicious code by storing a specially crafted DLL in a specific fold...

The vulnerability of the ApexOne Security Agent for antivirus software from Trend Micro’s Apex One and Apex One as a Service allows attackers to execute arbitrary code and gain elevated privileges.

The vulnerability of the ApexOne Security Agent in antivirus software products Trend Micro Apex One and Apex One as a Service is related to deficiencies in access control for the Suspect folder. Exploiting this vulnerability can allow attackers to execute arbitrary code and increase their...

PT-2024-28374

Name of the Vulnerable Software and Affected Versions: Asial JpGraph Professional versions 4.2.6-pro and earlier Description: The issue allows remote attackers to execute arbitrary code via a PHP payload in the data parameter in conjunction with a .php file name in the filename parameter. This...

CVE-2024-38519 yt-dlp and youtube-dl vulnerable to file system modification and RCE through improper file-extension sanitization

yt-dlp and youtube-dl are command-line audio/video downloaders. Prior to the fixed versions, yt-dlp and youtube-dl do not limit the extensions of downloaded files, which could lead to arbitrary filenames being created in the download folder and path traversal on Windows. Since yt-dlp and youtube-...

CVE-2024-20894

Improper handling of exceptional conditions in Secure Folder prior to SMR Jul-2024 Release 1 allows physical attackers to bypass authentication under certain condition. User interaction is required for triggering this vulnerability...

CVE-2024-20894

Improper handling of exceptional conditions in Secure Folder prior to SMR Jul-2024 Release 1 allows physical attackers to bypass authentication under certain condition. User interaction is required for triggering this vulnerability...

CVE-2024-20894

Improper handling of exceptional conditions in Secure Folder prior to SMR Jul-2024 Release 1 allows physical attackers to bypass authentication under certain condition. User interaction is required for triggering this vulnerability...

CVE-2024-20894

Improper handling of exceptional conditions in Secure Folder prior to SMR Jul-2024 Release 1 allows physical attackers to bypass authentication under certain condition. User interaction is required for triggering this vulnerability...