CVE-2022-2791

Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulnerable to CWE-434 Unrestricted Upload of File with Dangerous Type, and will upload any file written into the PLC logic folder to the connected PLC...

CVE-2022-2791

Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulnerable to CWE-434 Unrestricted Upload of File with Dangerous Type, and will upload any file written into the PLC logic folder to the connected PLC...

IBM i 代码问题漏洞

IBM i is a suite of operating systems from International Business Machines IBM running on IBM Power Systems and IBM PureSystems. A security vulnerability exists in IBM i Access Family versions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.0, which stems from a vulnerability that could allow a...

PT-2022-25506 · Ibm · Ibm I Access Family

Name of the Vulnerable Software and Affected Versions: IBM i Access Family versions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.0 Description: The issue allows a local authenticated attacker to execute arbitrary code on the system due to a DLL search order hijacking vulnerability. An attacker...

CVE-2022-42733

A vulnerability has been identified in syngo Dynamics All versions VA40G HF01. syngo Dynamics application server hosts a web service using an operation with improper read access control that could allow files to be retrieved from any folder accessible to the account assigned to the website’s...

CVE-2022-42891

A vulnerability has been identified in syngo Dynamics All versions VA40G HF01. syngo Dynamics application server hosts a web service using an operation with improper write access control that could allow to write data in any folder accessible to the account assigned to the website’s application...

Improper access control

A vulnerability has been identified in syngo Dynamics All versions VA40G HF01. syngo Dynamics application server hosts a web service using an operation with improper write access control that could allow to write data in any folder accessible to the account assigned to the website’s application...

Siemens syngo Dynamics 安全漏洞

Siemens syngo Dynamics is a cardiovascular imaging and information solution from Siemens, a German company designed to be a centralized digital hub for complete cardiovascular services. Designed to be a centralized digital hub for complete cardiovascular services, Siemens syngo Dynamics suffers...

PT-2022-27520 · Acronis · Acronis Agent +2

Name of the Vulnerable Software and Affected Versions: Acronis Agent Windows versions before build 30161 Acronis Cyber Protect 15 Windows versions before build 30984 Description: The issue is related to sensitive information disclosure due to insecure folder permissions. Recommendations: For...

PT-2022-26525 · Siemens · Syngo Dynamics

Name of the Vulnerable Software and Affected Versions: syngo Dynamics versions prior to VA40G HF01 Description: A vulnerability has been identified in the syngo Dynamics application server, which hosts a web service using an operation with improper write access control. This could allow writing...

PT-2022-6627 · Acronis · Acronis Agent +2

Name of the Vulnerable Software and Affected Versions: Acronis Agent versions before build 30430 Acronis Cyber Protect 15 versions before build 30984 Description: The issue is related to local privilege escalation due to insecure folder permissions. This can allow an attacker to elevate their...

PostmagThemes Demo < 1.0.8 - Admin+ Arbitrary File Upload

The plugin does not validate the imported file, allowing high-privilege users such as admin to upload arbitrary files such as PHP leading to RCE. 1. Go to Appearance » Import Demo Data » Manual demo files upload » Run "Choose a JSON file for customizer import" and import a PHP file. 2. Click Impo...

CVE-2022-34824

Weak File and Folder Permissions vulnerability in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attack...

CVE-2022-34824

CVE-2022-34824 affects CLUSTERPRO X (v5.0 and earlier), EXPRESSCLUSTER X (v5.0 and earlier), CLUSTERPRO X SingleServerSafe (v5.0 and earlier), and EXPRESSCLUSTER X SingleServerSafe (v5.0 and earlier). The root cause is weak file and folder permissions, enabling a remote unauthenticated attacker t...

CVE-2022-44746

Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office Windows before build 40107...

Information disclosure

Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office Windows before build 40107...

CVE-2022-44732

Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office Windows before build 39900...

CVE-2022-44733

Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office Windows before build 39900...

CVE-2022-44732

Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office Windows before build 39900...

Privilege escalation

Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office Windows before build 39900...