CVE-2022-41417

BlogEngine.NET v3.3.8.0 allows an attacker to create any folder with "files" prefix under /AppData/...

Design/Logic Flaw

BlogEngine.NET v3.3.8.0 allows an attacker to create any folder with "files" prefix under /AppData/...

CVE-2022-34457

Dell command configuration, version 4.8 and prior, contains improper folder permission when installed not to default path but to non-secured path which leads to privilege escalation. This is critical severity vulnerability as it allows non-admin to modify the files inside installed directory and...

CVE-2022-34457

Dell command configuration, version 4.8 and prior, contains improper folder permission when installed not to default path but to non-secured path which leads to privilege escalation. This is critical severity vulnerability as it allows non-admin to modify the files inside installed directory and...

Input validation

Dell command configuration, version 4.8 and prior, contains improper folder permission when installed not to default path but to non-secured path which leads to privilege escalation. This is critical severity vulnerability as it allows non-admin to modify the files inside installed directory and...

CVE-2022-34457

Dell command configuration, version 4.8 and prior, contains improper folder permission when installed not to default path but to non-secured path which leads to privilege escalation. This is critical severity vulnerability as it allows non-admin to modify the files inside installed directory and...

CVE-2022-34457

Dell command configuration, version 4.8 and prior, contains improper folder permission when installed not to default path but to non-secured path which leads to privilege escalation. This is critical severity vulnerability as it allows non-admin to modify the files inside installed directory and...

CVE-2022-34457

Dell Command Configure (Dell Command Configure, version 4.8 and prior) is affected by an elevation of privilege vulnerability due to improper folder permissions when installed to a non-default, non-secured path. A non-admin user can modify files inside the installed directory, potentially making ...

CVE-2022-41417

BlogEngine.NET v3.3.8.0 allows an attacker to create any folder with "files" prefix under /AppData/...

CVE-2022-41417

BlogEngine.NET v3.3.8.0 allows an attacker to create any folder with "files" prefix under /AppData/...

Microsoft Windows Installer Service Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Windows...

BlogEngine 输入验证错误漏洞

BlogEngine is an open source ASP.NET blog system . The system supports Ajax comments, custom themes and so on. BlogEngine.NET v3.3.8.0 version of a security vulnerability , the vulnerability stems from the ability to create any folder with the prefix "files" under /AppData/...

Dell Command Configure 安全漏洞

Dell Command Configure is a Dell application that provides configuration capabilities for business client platforms. Dell Command Configure version 4.8 and prior versions contain an elevation of privilege vulnerability that stems from incorrect folder permissions, which could be exploited to modi...

PT-2023-13982 · Unknown · Blogengine.Net

Name of the Vulnerable Software and Affected Versions: BlogEngine.NET version 3.3.8.0 Description: The issue allows an attacker to create any folder with a files prefix under the /App Data/ directory. Recommendations: For BlogEngine.NET version 3.3.8.0, consider restricting access to the /App Dat...

CVE-2022-41417

BlogEngine.NET v3.3.8.0 contains a vulnerability that lets an attacker create any folder with a prefix of “files” under ~/App_Data/. The issue stems from improper validation/permissions around folder creation in BlogEngine.NET, enabling unauthorized directory creation. CVSS metrics in the primary...

PT-2023-14418 · Ge Grid Solutions · Fc46-Webbridge

Name of the Vulnerable Software and Affected Versions: FC46-WebBridge on GE Grid Solutions MS3000 devices versions prior to 3.7.6.25p0 3.2.2.17p0 4.7p0 Description: An issue was discovered that allows direct access to the API on TCP port 8888 via programs located in the cgi-bin folder without any...

GHSA-5V8V-GWMW-QW97 org.neo4j.procedure:apoc Path Traversal Vulnerability

Impact A Path Traversal Vulnerability found in the apoc.export. procedures of apoc plugins in Neo4j Graph database. The issue allows a malicious actor to potentially break out of the expected directory. The vulnerability is such that files could only be created but not overwritten. For the...

CVE-2023-0293

The Mediamatic – Media Library Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.8.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to chan...

Authorization

The Mediamatic – Media Library Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.8.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to chan...

CVE-2023-0293 Mediamatic – Media Library Folders <= 2.8.1 - Missing Authorization

The Mediamatic – Media Library Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.8.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to chan...