CVE-2022-24694

In Mahara 20.10 before 20.10.4, 21.04 before 21.04.3, and 21.10 before 21.10.1, the names of folders in the Files area can be seen by a person not owning the folders. Only folder names are affected. Neither file names nor file contents are affected...

CVE-2022-24694

In Mahara 20.10 before 20.10.4, 21.04 before 21.04.3, and 21.10 before 21.10.1, the names of folders in the Files area can be seen by a person not owning the folders. Only folder names are affected. Neither file names nor file contents are affected...

CVE-2022-24694

In Mahara 20.10 before 20.10.4, 21.04 before 21.04.3, and 21.10 before 21.10.1, the names of folders in the Files area can be seen by a person not owning the folders. Only folder names are affected. Neither file names nor file contents are affected...

Design/Logic Flaw

In Mahara 20.10 before 20.10.4, 21.04 before 21.04.3, and 21.10 before 21.10.1, the names of folders in the Files area can be seen by a person not owning the folders. Only folder names are affected. Neither file names nor file contents are affected...

CVE-2022-24694

In Mahara 20.10 before 20.10.4, 21.04 before 21.04.3, and 21.10 before 21.10.1, the names of folders in the Files area can be seen by a person not owning the folders. Only folder names are affected. Neither file names nor file contents are affected...

Tobesoft Nexacro 输入验证错误漏洞

Tobesoft Nexacro is a unified framework-based OSMU single-source multi-purpose application development solution from Tobesoft Corporation in South Korea. An input validation error vulnerability exists in Tobesoft nexacro, which can be exploited by an attacker to copy files to the startup folder...

Mahara 安全漏洞

Catalyst It Catalyst IT Mahara is a social networking system from Catalyst IT Catalyst It in New Zealand. The system includes a blog, resume builder, file manager, and more. A security vulnerability exists in Mahara, which stems from the fact that the name of a folder in the file area can be seen...

Improper Input Validation

frourio is vulnerable to improper input validation. The vulnerability exists due to improper input validation within the class-validator function through the validators/ folder in the index.ts file, which allows an attacker to bypass security...

Adobe Creative Cloud Desktop Application 代码问题漏洞

Adobe Creative Cloud Desktop Application is a suite of applications from Adobe for managing applications and services in the Creative Cloud Member Management Center. The application supports synchronizing and sharing files, managing fonts, and accessing a library of assets for commercial...

openSUSE: Security Advisory for nextcloud (openSUSE-SU-2021:1602-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Siemens APOGEE Insight Incorrect File Permissions (CVE-2016-3155)

Siemens APOGEE Insight uses weak permissions for the application folder, which allows local users to obtain sensitive information or modify data via unspecified vectors. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...

SMBSR - Lookup For Interesting Stuff In SMB Shares

Well, SMBSR is a python script which given a CIDR/IP/IPfile/HOSTNAMEs enumerates all the SMB services listening 445 among the targets and tries to authenticate against them; if the authentication succeed then all the folders and subfolders are visited recursively in order to find secrets in files...

CVE-2022-22987

The affected product has a hardcoded private key available inside the project folder, which may allow an attacker to achieve Web Server login and perform further actions...

Hardcoded credentials

The affected product has a hardcoded private key available inside the project folder, which may allow an attacker to achieve Web Server login and perform further actions...

Exploit for Out-of-bounds Write in Polkit_Project Polkit

pwnKit About: Title: pwnKit Description: Privilege esc...

CVE-2021-24919

The Wicked Folders WordPress plugin before 2.8.10 does not sanitise and escape the folderid parameter before using it in a SQL statement in the wickedfolderssavesortorder AJAX action, available to any authenticated user. leading to an SQL injection...

Path Traversal

onionsharecli is vulnerable to path traversal. The vulnerability exists in the common.py as it does not properly validate the access permissions, which allows an attacker to access sensitive information in the user's home folder...

Design/Logic Flaw

OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions an adversary with a primitive that allows for filesystem access from the context of the Onionshare process can access sensitive...

CVE-2022-21693

OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions an adversary with a primitive that allows for filesystem access from the context of the Onionshare process can access sensitive...

CVE-2022-21693 Path traversal in Onionshare

OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions an adversary with a primitive that allows for filesystem access from the context of the Onionshare process can access sensitive...