CVE-2023-28819

Concrete CMS previously concrete5 versions 8.5.12 and below, 9.0.0 through 9.0.2 is vulnerable to Stored XSS in uploaded file and folder names...

CVE-2023-28819

Concrete CMS previously concrete5 versions 8.5.12 and below, 9.0.0 through 9.0.2 is vulnerable to Stored XSS in uploaded file and folder names...

Code injection

On versions of Sage 300 2017 - 2022 6.4.x - 6.9.x which are setup in a "Windows Peer-to-Peer Network" or "Client Server Network" configuration, a low-privileged Sage 300 workstation user could abuse their access to the "SharedData" folder on the connected Sage 300 server to view and/or modify the...

Sage Group Sage 300 安全漏洞

Sage Group Sage 300 is a well-established closed-source Enterprise Resource Planning ERP solution from Sage Group UK designed to facilitate business management. A security vulnerability exists in Sage Group Sage 300 versions 2017 through 2022 6.4.x - 6.9.x that stems from a low-privileged Sage 30...

PT-2023-21987 · Unknown · Concrete Cms

Name of the Vulnerable Software and Affected Versions: Concrete CMS previously concrete5 versions 8.5.12 and below Concrete CMS previously concrete5 versions 9.0.0 through 9.0.2 Description: The issue is related to Stored XSS in uploaded file and folder names. Recommendations: For Concrete CMS...

PT-2023-2595 · Docker · Docker Desktop

Name of the Vulnerable Software and Affected Versions: Docker Desktop versions prior to 4.6.0 Description: The issue is related to errors in handling symbolic links within the settings.DataFolder variable in the Docker Desktop for Windows platform. This can allow a remote attacker to gain read,...

CVE-2023-23838

Directory traversal and file enumeration vulnerability which allowed users to enumerate to different folders of the server...

SolarWinds Database Performance Analyzer 路径遍历漏洞

SolarWinds Database Performance Analyzer is a set of database performance analyzers from SolarWinds Inc. in the United States. The product is used for SQL query performance monitoring, analysis and tuning, etc. A security vulnerability exists in SolarWinds Database Performance Analyzer version...

Stored XSS on items in Folder

Description first create two user accounts and grant them permission to access a same folder. In one of the accounts, generate a new item within the folder. Paste the payload XSS into this field, then save the item. Once saved, click on the item to activate an XSS alert. To confirm the success of...

CVE-2023-28047

Dell Display Manager, versions 2.1.0 and prior, contains an arbitrary file or folder creation vulnerability during installation. A local low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code on the operating system with high privileges...

CVE-2023-29586

Code Sector TeraCopy 3.9.7 does not perform proper access validation on the source folder during a copy operation. This leads to Arbitrary File Read by allowing any user to copy any directory in the system to a directory they control. NOTE: the Supplier disputes this because only admin users can...

Code Sector TeraCopy 安全漏洞

Code Sector TeraCopy is Code Sector's free file transfer program designed to replace the built-in Windows Explorer file transfer feature. A security vulnerability exists in Code Sector TeraCopy version 3.9.7, which originates from the fact that proper access validation is not performed on the...

PT-2023-22325 · Codesector · Teracopy

Name of the Vulnerable Software and Affected Versions: Code Sector TeraCopy version 3.9.7 Description: The issue arises from improper access validation on the source folder during a copy operation, leading to Arbitrary File Read. This allows any user to copy any directory in the system to a...

PT-2023-4763 · Moodle +1 · Moodle +1

Name of the Vulnerable Software and Affected Versions: Moodle versions 4.1.x through 4.1.2 Moodle versions 4.2.x through 4.1.9 is not correct, the correct is: Moodle versions 4.2.x before 4.2.0 Description: The issue exists because the application allows a user to control the path of the folder t...

App Layering "The permissions on [foldername] are incorrectly ordered.."

When attempting to adjust permissions on a folder in a compiled layered image - the following message is seen "The permissions on foldername are incorrectly ordered, which may cause some entries to be ineffective"...

PT-2023-16975 · 10Web · The Photo Gallery

Name of the Vulnerable Software and Affected Versions: The Photo Gallery by 10Web WordPress plugin versions prior to 1.8.15 Description: The issue allows high privilege users to upload files outside of the intended uploads folder due to a path traversal vector, potentially enabling them to place...

InnovaStudio WYSIWYG Editor 5.4 - Unrestricted File Upload / Directory Traversal

Exploit Title: InnovaStudio WYSIWYG Editor 5.4 - Unrestricted File Upload / Directory Traversal Date: 11/04/2023 Exploit Author: Zer0FauLT [email protected] Vendor Homepage: innovastudio.com Product: Asset Manager Version: = Asset Manager ASP Version 5.4 Tested on: Windows 10 and Windows...

GHSA-4H2Q-84W7-4MHX nilsteampassnet/teampass vulnerable to stored cross-site scripting (XSS)

nilsteampassnet/teampass prior to 3.0.3 is vulnerable to stored cross-site scripting XSS in the description parameter of a folder...

PT-2023-17414 · Teampass · Teampass

Name of the Vulnerable Software and Affected Versions: teampass versions prior to 3.0.3 Description: The issue is related to stored Cross-site Scripting XSS in the GitHub repository nilsteampassnet/teampass. Specifically, the description parameter of a folder is vulnerable. This allows an attacke...

OPENSUSE-SU-2023:0090-1 Security update for nextcloud-desktop

This update for nextcloud-desktop fixes the following issues: nextcloud-desktop was updated to 3.8.0: - Resize WebView widget once the loginpage rendered - Feature/secure file drop - Check German translation for wrong wording - L10n: Correct word - Fix displaying of file details button for local...