CVE-2024-0691

The FileBird plugin for WordPress is vulnerable to Stored Cross-Site Scripting via imported folder titles in all versions up to, and including, 5.5.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator access, to...

CVE-2024-0691 FileBird <= 5.6.0 - Authenticated(Administrator+) Stored Cross-Site Scripting via Folder Import

The FileBird plugin for WordPress is vulnerable to Stored Cross-Site Scripting via imported folder titles in all versions up to, and including, 5.5.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator access, to...

Exploit for CVE-2023-47400

CVE-2023-47400 Proof of Concept for the CVE-2023-47400 Aut...

CVE-2023-3181

The C:\Program Files x86\Splashtop\Splashtop Software Updater\uninst.exe process creates a folder at C:\Windows\Tempnsu.tmp and copies itself to it as Au.exe. The C:\Windows\Tempnsu.tmp\Au.exe file is automatically launched as SYSTEM when the system reboots or when a standard user runs an MSI...

CVE-2023-52094

An updater link following vulnerability in the Trend Micro Apex One agent could allow a local attacker to abuse the updater to delete an arbitrary folder, leading for a local privilege escalation on affected installations. Please note: an attacker must first obtain the ability to execute...

Design/Logic Flaw

An updater link following vulnerability in the Trend Micro Apex One agent could allow a local attacker to abuse the updater to delete an arbitrary folder, leading for a local privilege escalation on affected installations. Please note: an attacker must first obtain the ability to execute...

CVE-2023-52094

An updater link following vulnerability in the Trend Micro Apex One agent could allow a local attacker to abuse the updater to delete an arbitrary folder, leading for a local privilege escalation on affected installations. Please note: an attacker must first obtain the ability to execute...

CVE-2024-23768

Dremio before 24.3.1 allows path traversal. An authenticated user who has no privileges on certain folders and the files and datasets in these folders can access these folders, files, and datasets. To be successful, the user must have access to the source and at least one folder in the source...

PT-2024-20071 · Dremio · Dremio

Name of the Vulnerable Software and Affected Versions: Dremio versions 22.0.0 through 22.2.2 Dremio versions 23.0.0 through 23.2.3 Dremio versions 24.0.0 through 24.3.0 Description: The issue allows an authenticated user with no privileges on certain folders to access these folders, files, and...

PT-2024-15775 · Unknown · Miczflor Rpi-Jukebox-Rfid

Name of the Vulnerable Software and Affected Versions: MiczFlor RPi-Jukebox-RFID versions up to 2.5.0 Description: A critical issue affects some unknown functionality of the file userScripts.php of the component HTTP Request Handler. The manipulation of the argument folder with the input ;nc...

Nextcloud Security Breach

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud files Zip 1.2.0 and later, which originates from an attacker being able to download view-only files by...

CVE-2023-6554

When access to the "admin" folder is not protected by some external authorization mechanisms e.g. Apache Basic Auth, it is possible for any user to download protected information like exam answers...

CVE-2023-6554

When access to the "admin" folder is not protected by some external authorization mechanisms e.g. Apache Basic Auth, it is possible for any user to download protected information like exam answers...

CVE-2023-6554 Missing authorisation in TCExam

When access to the "admin" folder is not protected by some external authorization mechanisms e.g. Apache Basic Auth, it is possible for any user to download protected information like exam answers...

CVE-2023-6554

CVE-2023-6554 affects Tecnick TCExam (admin folder). The root cause is insufficient external authorization protection in the admin directory, allowing any user to download protected information such as exam answers when access is not gated by mechanisms like Apache Basic Auth. Impact is confident...

CVE-2023-5504

Summary (CVE-2023-5504) The BackWPup WordPress backup plugin is affected by a directory traversal vulnerability in versions up to and including 4.0.1, exploitable via the Log File Folder. The underlying issue allows an authenticated attacker with plugin access to store backups in arbitrary server...

Tecnick TCExam Security Breach

Tecnick TCExam is a Web-based open source e-exam system from Tecnick UK. The system is mainly used for online exams, etc. A security vulnerability exists in Tecnick TCExam versions prior to 15.1.0, which stems from an insufficiently protected external authorization mechanism in the admin folder...

WordPress Plugin BackWPup Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

PT-2024-15003 · Tecnick.Com +3 · Tcexam

Name of the Vulnerable Software and Affected Versions: Software affected versions not specified Description: The issue arises when access to the "admin" folder is not protected by external authorization mechanisms, such as Apache Basic Auth. This allows any user to download protected information,...

CVE-2023-48249

The vulnerability allows an authenticated remote attacker to list arbitrary folders in all paths of the system under the context of the application OS user “root” via a crafted HTTP request. By abusing this vulnerability, it is possible to steal session cookies of other active users...