5046 matches found
GHSA-WF7X-FH6W-34R6 Path Traversal in Ghost
Ghost before 5.42.1 allows remote attackers to read arbitrary files within the active theme's folder via /assets/built%2F..%2F..%2F/ directory traversal. This occurs in frontend/web/middleware/static-theme.js...
CVE-2023-32235
Ghost before 5.42.1 allows remote attackers to read arbitrary files within the active theme's folder via /assets/built%2F..%2F..%2F/ directory traversal. This occurs in frontend/web/middleware/static-theme.js...
Directory traversal
Ghost before 5.42.1 allows remote attackers to read arbitrary files within the active theme's folder via /assets/built%2F..%2F..%2F/ directory traversal. This occurs in frontend/web/middleware/static-theme.js...
Dell Command | Monitor 访问控制错误漏洞
Dell Command | Monitor is a software application from Dell, Inc. Dell Command | Monitor is a software application from Dell Inc. that enables IT administrators to easily manage fleet resource inventories, monitor system performance, modify BIOS settings, and remotely collect information about...
PT-2023-21529 · Dell · Dell Command | Monitor
Name of the Vulnerable Software and Affected Versions: Dell Command Monitor versions 10.9 and prior Description: The issue is related to improper folder permissions, allowing a local authenticated malicious user to potentially exploit this vulnerability, leading to privilege escalation by writing...
CVE-2023-32235
Ghost before 5.42.1 allows remote attackers to read arbitrary files within the active theme's folder via /assets/built%2F..%2F..%2F/ directory traversal. This occurs in frontend/web/middleware/static-theme.js...
Moodle 4.1.x < 4.1.3 Arbitrary Folder Creation Vulnerability (MSA-23-0014)
Moodle is prone to an arbitrary folder creation vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:moodle:moodle";...
CVE-2023-30943
The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system...
Path traversal
The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system...
CVE-2023-2445
Improper access control in Subscriptions Folder path filter in Devolutions Server 2023.1.1 and earlier allows attackers with administrator privileges to retrieve usage information on folders in user vaults via a specific folder name...
CVE-2023-2445
Improper access control in Subscriptions Folder path filter in Devolutions Server 2023.1.1 and earlier allows attackers with administrator privileges to retrieve usage information on folders in user vaults via a specific folder name...
Improper access control
Improper access control in Subscriptions Folder path filter in Devolutions Server 2023.1.1 and earlier allows attackers with administrator privileges to retrieve usage information on folders in user vaults via a specific folder name...
CVE-2023-2445
Summary of CVE-2023-2445 (Devolutions Server) Affected software: Devolutions Server, versions 2023.1.1 and earlier. Vulnerability: Improper access control in the Subscriptions Folder path filter. This allows attackers with administrator privileges to retrieve usage information about folders in a ...
CVE-2023-2445
Improper access control in Subscriptions Folder path filter in Devolutions Server 2023.1.1 and earlier allows attackers with administrator privileges to retrieve usage information on folders in user vaults via a specific folder name...
CVE-2023-2445
Improper access control in Subscriptions Folder path filter in Devolutions Server 2023.1.1 and earlier allows attackers with administrator privileges to retrieve usage information on folders in user vaults via a specific folder name...
PT-2023-19610 · Devolutions · Devolutions Server
Name of the Vulnerable Software and Affected Versions: Devolutions Server versions 2023.1.1 and earlier Description: The issue is related to improper access control in the Subscriptions Folder path filter, allowing attackers with administrator privileges to retrieve usage information on folders i...
CVE-2023-30943
CVE-2023-30943 (Moodle): Moodle 4.1.x before 4.1.3 and 4.2.x before 4.2.0 are vulnerable to unauthenticated arbitrary folder creation via TinyMCE loader path handling, which can be leveraged to perform Stored XSS and, when an admin visits the panel, arbitrary code execution on the server. Affecte...
CVE-2023-30943 Moodle: tinymce loaders susceptible to arbitrary folder creation
The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system...
Devolutions Server 安全漏洞
Devolutions Server is an application from Devolutions Canada. provides a full-featured shared account and password management solution. A security vulnerability exists in Devolutions Server version 2023.1.1 and prior versions that stems from improper access control. An attacker could exploit the...
GHSA-474F-MCJV-PGRM Concrete CMS (previously concrete5) is vulnerable to stored XSS in uploaded file and folder names
Concrete CMS previously concrete5 before 9.1 is vulnerable to Stored XSS in uploaded file and folder names...