GHSA-QFHW-FV3G-V836 Plone has stored XSS in folder contents

In Plone 5.0 through 5.2.4, Editors are vulnerable to XSS in the folder contents view, if a Contributor has created a folder with a SCRIPT tag in the description field...

Plone has stored XSS in folder contents

In Plone 5.0 through 5.2.4, Editors are vulnerable to XSS in the folder contents view, if a Contributor has created a folder with a SCRIPT tag in the description field...

GHSA-G2X4-256V-5PVX Codiad Cross-site Scripting Vulnerability

A Cross Site Scripting XSS vulnerability was found in Codiad v1.7.8 and later. The vulnerability occurs because of improper sanitization of the folder's name $path variable in components/filemanager/class.filemanager.php. NOTE: the vendor states "Codiad is no longer under active maintenance by co...

GHSA-592M-4533-RXQ9 SilverStripe Folders migrated from 3.x may be unsafe to upload to

In SilverStripe through 4.5, files uploaded via Forms to folders migrated from Silverstripe CMS 3.x may be put to the default "/Uploads" folder instead. This affects installations which allowed upload folder protection via the optional silverstripe/secureassets module under 3.x. This module is...

SilverStripe Folders migrated from 3.x may be unsafe to upload to

In SilverStripe through 4.5, files uploaded via Forms to folders migrated from Silverstripe CMS 3.x may be put to the default "/Uploads" folder instead. This affects installations which allowed upload folder protection via the optional silverstripe/secureassets module under 3.x. This module is...

Clamscan vulnerable to command injection

clamscan through 1.2.0 is vulnerable to Command Injection. It is possible to inject arbitrary commands as part of the isclamavbinary function located within Index.js. It should be noted that this vulnerability requires a pre-requisite that a folder should be created with the same command that wil...

GHSA-PQX8-Q35P-PGCV TeamPass Stored Cross-site Scripting

TeamPass 2.1.27.36 allows Stored XSS at the Search page by setting a crafted password for an item in any folder...

TeamPass Stored Cross-site Scripting

TeamPass 2.1.27.36 allows Stored XSS at the Search page by setting a crafted password for an item in any folder...

Change Uploaded File Permissions <= 4.0.0 - File Permission Update via CSRF

Due to missing checks the plugin is vulnerable to CSRF attacks. This can be used to change the file and folder permissions of any folder. This could be problematic when specific files like ini files are made readable for everyone due to this. PoC...

CVE-2022-29163 Bypass of password requirements when sharing a folder via the Circles app in Nextcloud Server

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 22.2.6 and 23.0.3, a user can create a link that is not password protected even if the administrator requires links to be password protected. Versions 22.2.6 and 23.0.3 contain a pat...

CVE-2022-30990

Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 15 Linux before build 29240, Acronis Agent Linux before build 28037...

CVE-2022-30990

CVE-2022-30990 involves an information-disclosure vulnerability caused by insecure folder permissions in Acronis Cyber Protect 15 (Linux) before build 29240 and Acronis Agent (Linux) before build 28037. The issue’s root cause is improper access control on directories leading to exposure of sensit...

CVE-2022-30990 Sensitive information disclosure due to insecure folder permissions

Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 15 Linux before build 29240, Acronis Agent Linux before build 28037...

CVE-2022-28955

An access control issue in D-Link DIR816LFW206b01 allows unauthenticated attackers to access folders folderview.php and categoryview.php...

CVE-2022-28955

An access control issue in D-Link DIR816LFW206b01 allows unauthenticated attackers to access folders folderview.php and categoryview.php...

CVE-2022-30990

Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 15 Linux before build 29240, Acronis Agent Linux before build 28037...

D-Link DIR816 授权问题漏洞

The D-Link DIR816 is a wireless router from AUO D-Link of Taiwan, China. The D-Link DIR816L suffers from an Access Control Error vulnerability that stems from improper access control. An unauthenticated attacker could use this vulnerability to gain access to the folders folderview.php and...

PT-2022-20438 · Acronis · Acronis Agent +2

Name of the Vulnerable Software and Affected Versions: Acronis Cyber Protect 15 Linux versions before build 29240 Acronis Agent Linux versions before build 28037 Description: The issue is related to sensitive information disclosure due to insecure folder permissions. Recommendations: For Acronis...

Mayan EDMS multiple cross-site scripting (XSS) vulnerabilities

Multiple cross-site scripting XSS vulnerabilities in apps/common/templates/calculateformtitle.html in Mayan EDMS 0.13 allow remote authenticated users to inject arbitrary web script or HTML via a 1 tag or the 2 title of a source in a Staging folder, 3 Name field in a bootstrap setup, or Title fie...

CVE-2022-30697

Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Snap Deploy Windows before build 3640...