CVE-2023-48249

The vulnerability allows an authenticated remote attacker to list arbitrary folders in all paths of the system under the context of the application OS user “root” via a crafted HTTP request. By abusing this vulnerability, it is possible to steal session cookies of other active users...

PT-2024-14393 · Trend Micro · Trend Micro Apex One

Name of the Vulnerable Software and Affected Versions: Trend Micro Apex One affected versions not specified Description: The issue allows a local attacker to abuse the updater to delete an arbitrary folder, leading to a local privilege escalation on affected installations. An attacker must first...

Bosch Nexo Cordless nutrunner Security Vulnerability

Bosch Nexo Cordless nutrunner is a series of cordless tightening wrenches with integrated controls from Bosch Germany. A security vulnerability exists in Bosch Nexo cordless nutrunner. The vulnerability allows an authenticated, remote attacker to list arbitrary folders in all paths of the system...

CVE-2023-52202

Deserialization of Untrusted Data vulnerability in SVNLabs Softwares HTML5 MP3 Player with Folder Feedburner Playlist Free.This issue affects HTML5 MP3 Player with Folder Feedburner Playlist Free: from n/a through 2.8.0...

CVE-2023-52202

Deserialization of Untrusted Data vulnerability in SVNLabs Softwares HTML5 MP3 Player with Folder Feedburner Playlist Free.This issue affects HTML5 MP3 Player with Folder Feedburner Playlist Free: from n/a through 2.8.0...

CVE-2023-52202 WordPress HTML5 MP3 Player with Folder Feedburner Plugin <= 2.8.0 is vulnerable to PHP Object Injection

Deserialization of Untrusted Data vulnerability in SVNLabs Softwares HTML5 MP3 Player with Folder Feedburner Playlist Free.This issue affects HTML5 MP3 Player with Folder Feedburner Playlist Free: from n/a through 2.8.0...

PT-2024-14468 · Unknown · Html5 Mp3 Player With Folder Feedburner Playlist

Name of the Vulnerable Software and Affected Versions: HTML5 MP3 Player with Folder Feedburner Playlist Free versions through 2.8.0 Description: The issue is related to the deserialization of untrusted data, which can lead to potential security risks. There is no information provided about the...

CVE-2024-22050

Path traversal in the static file service in Iodine less than 0.7.33 allows an unauthenticated, remote attacker to read files outside the public folder via malicious URLs...

iodine Path Traversal Vulnerability

Iodine is a fast and concurrent web application server for real-time Ruby applications from Bo Individual Developers. A path traversal vulnerability exists in Iodine versions prior to 0.7.33, which stems from a path traversal in the static file service, and can be exploited by a remote attacker t...

WordPress HTML5 MP3 Player with Folder Feedburner Plugin <= 2.8.0 is vulnerable to PHP Object Injection

Software HTML5 MP3 Player with Folder Feedburner Type Plugin Vulnerable versions = 2.8.0 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2023-52202 Patch priority High CVSS severity High 9.1 Developer Claim ownership PSID 379c769eaf42 Credits Rafie Muhammad...

New Variant of DLL Search Order Hijacking Bypasses Windows 10 and 11 Protections

Security researchers have detailed a new variant of a dynamic link library DLL search order hijacking technique that could be used by threat actors to bypass security mechanisms and achieve execution of malicious code on systems running Microsoft Windows 10 and Windows 11. The approach "leverages...

CVE-2023-40204 WordPress Folders Plugin <= 2.9.2 is vulnerable to Arbitrary File Upload

Unrestricted Upload of File with Dangerous Type vulnerability in Premio Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager.This issue affects Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager: from n/a through 2.9.2...

CVE-2023-40204

CVE-2023-40204 (WordPress Folders plugin) : Unrestricted Upload of File with Dangerous Type in Premio Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager. Affected versions: plugin 2.9.2, specifically 2.9.3 or later, as cited by Patchstack. Additional context...

Cisco Secure Endpoint for Windows Scanning Evasion (cisco-sa-secure-endpoint-dos-RzOgFKnd)

A vulnerability in the endpoint software of Cisco Secure Endpoint for Windows could allow an authenticated, local attacker to evade endpoint protection within a limited time window. This vulnerability is due to a timing issue that occurs between various software components. An attacker could...

Nextcloud: Can reshare read&share only folder with more permissions

The vulnerability allowed a user with read-only access to a folder to reshare that folder with additional permissions, such as read and write access. This could potentially allow the user to gain more permissions than they were originally granted...

CVE-2023-25648

There is a weak folder permission vulnerability in ZTE's ZXCLOUD iRAI product. Due to weak folder permission, an attacker with ordinary user privileges could construct a fake DLL to execute command to escalate local privileges...

CVE-2023-25648

There is a weak folder permission vulnerability in ZTE's ZXCLOUD iRAI product. Due to weak folder permission, an attacker with ordinary user privileges could construct a fake DLL to execute command to escalate local privileges...

Command injection

There is a weak folder permission vulnerability in ZTE's ZXCLOUD iRAI product. Due to weak folder permission, an attacker with ordinary user privileges could construct a fake DLL to execute command to escalate local privileges...

CVE-2023-25648 Weak Folder Permission Vulnerability in ZTE ZXCLOUD iRAI

There is a weak folder permission vulnerability in ZTE's ZXCLOUD iRAI product. Due to weak folder permission, an attacker with ordinary user privileges could construct a fake DLL to execute command to escalate local privileges...

CVE-2023-25648

CVE-2023-25648 affects ZTE ZXCLOUD iRAI. The vulnerability is a weak folder permission issue that could let an ordinary-user attacker craft a fake DLL to run commands and escalate local privileges. The reports consistently describe local impact with high confidentiality/integrity/availability con...