CVE-2024-20894

Improper handling of exceptional conditions in Secure Folder prior to SMR Jul-2024 Release 1 allows physical attackers to bypass authentication under certain condition. User interaction is required for triggering this vulnerability...

CVE-2024-4679 Folder Permission Vulnerability in JP1/Extensible SNMP Agent

Incorrect Default Permissions vulnerability in Hitachi JP1/Extensible SNMP Agent for Windows, Hitachi JP1/Extensible SNMP Agent on Windows, Hitachi Job Management Partner1/Extensible SNMP Agent on Windows allows File Manipulation.This issue affects JP1/Extensible SNMP Agent for Windows: from 12-0...

CVE-2024-4679 Folder Permission Vulnerability in JP1/Extensible SNMP Agent

Incorrect Default Permissions vulnerability in Hitachi JP1/Extensible SNMP Agent for Windows, Hitachi JP1/Extensible SNMP Agent on Windows, Hitachi Job Management Partner1/Extensible SNMP Agent on Windows allows File Manipulation.This issue affects JP1/Extensible SNMP Agent for Windows: from 12-0...

SAMSUNG Mobile devices security vulnerability

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc. from Samsung South Korea. A security vulnerability exists in SAMSUNG Mobile devices prior to SMR Jul-2024 Release 1, which stems from an exception mishandling issue in Secure Folder. A physical...

PT-2024-18807 · Samsung · Secure Folder

Name of the Vulnerable Software and Affected Versions: Secure Folder versions prior to SMR Jul-2024 Release 1 Description: The issue arises from improper handling of exceptional conditions, allowing physical attackers to bypass authentication under certain conditions. User interaction is required...

The vulnerability of the Nextcloud Notes note-taking application, which allows a hacker to access confidential information

The vulnerability of the Nextcloud Notes note-taking application lies in the ability to share the Notes folder with a new user before he enters the system. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to confidential information...

CVE-2024-5598

The Advanced File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.2.4 via the 'fmalocalfilesystem' function. This makes it possible for unauthenticated attackers to extract sensitive data including backups or other sensitive...

CVE-2024-5598

The Advanced File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.2.4 via the 'fmalocalfilesystem' function. This makes it possible for unauthenticated attackers to extract sensitive data including backups or other sensitive...

CVE-2024-5598

The Advanced File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.2.4 via the 'fmalocalfilesystem' function. This makes it possible for unauthenticated attackers to extract sensitive data including backups or other sensitive...

CVE-2024-5598

CVE-2024-5598 affects the Advanced File Manager WordPress plugin (all versions up to 5.2.4). The root cause is a Sensitive Information Exposure via the fma_local_file_system pathway, enabling unauthenticated attackers to extract backups or other sensitive data if files were moved to Trash. The Wo...

PT-2024-36632 · WordPress · Advanced File Manager

Name of the Vulnerable Software and Affected Versions: Advanced File Manager plugin for WordPress versions up to, and including, 5.2.4 Description: The issue allows unauthenticated attackers to extract sensitive data, including backups or other sensitive information, if the files have been moved ...

CVE-2024-5735

Full Path Disclosure vulnerability in AdmirorFrames Joomla! extension in afHelper.php script allows an unauthorised attacker to retrieve location of web root folder. This issue affects AdmirorFrames: before 5.0...

CVE-2024-5735 Full Path Disclosure in AdmirorFrames Joomla! Extension

Full Path Disclosure vulnerability in AdmirorFrames Joomla! extension in afHelper.php script allows an unauthorised attacker to retrieve location of web root folder. This issue affects AdmirorFrames: before 5.0...

CVE-2024-5735 Full Path Disclosure in AdmirorFrames Joomla! Extension

Full Path Disclosure vulnerability in AdmirorFrames Joomla! extension in afHelper.php script allows an unauthorised attacker to retrieve location of web root folder. This issue affects AdmirorFrames: before 5.0...

GHSA-9CHM-M6X2-6FVC lollms vulnerable to path traversal due to unauthenticated root folder settings change

A path traversal vulnerability exists in the XTTS server included in the lollms package, version v9.6. This vulnerability arises from the ability to perform an unauthenticated root folder settings change. Although the read file endpoint is protected against path traversals, this protection can be...

lollms vulnerable to path traversal due to unauthenticated root folder settings change

A path traversal vulnerability exists in the XTTS server included in the lollms package, version v9.6. This vulnerability arises from the ability to perform an unauthenticated root folder settings change. Although the read file endpoint is protected against path traversals, this protection can be...

CVE-2024-6085

A path traversal vulnerability exists in the XTTS server included in the lollms package, version v9.6. This vulnerability arises from the ability to perform an unauthenticated root folder settings change. Although the read file endpoint is protected against path traversals, this protection can be...

CVE-2024-39459

In rare cases Jenkins Plain Credentials Plugin 182.v468b97b9dcb8 and earlier stores secret file credentials unencrypted only Base64 encoded on the Jenkins controller file system, where they can be viewed by users with access to the Jenkins controller file system global credentials or with...

Jenkins Plugin Plain Credentials Security Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application software ... A security vulnerabili...

PT-2024-9955 · Rockwell Automation · Rockwell Automation Factorytalk System Service

Name of the Vulnerable Software and Affected Versions: Rockwell Automation FactoryTalk System Service affected versions not specified Description: The issue is related to the exposure of sensitive information due to the lack of explicit permissions set on the backup folder. A malicious user could...