Directory Traversal

github.com/cloudflare/cfrpki is vulnerable to directory traversal. The vulnerability exists due to a lack of sanitization of the URI filename, allowing an attacker to create a file on the disk outside the base cache folder...

CVE-2021-31853

DLL Search Order Hijacking Vulnerability in McAfee Drive Encryption MDE prior to 7.3.0 HF2 7.3.0.183 allows local users to execute arbitrary code and escalate privileges via execution from a compromised folder...

Spoofing

DLL Search Order Hijacking Vulnerability in McAfee Drive Encryption MDE prior to 7.3.0 HF2 7.3.0.183 allows local users to execute arbitrary code and escalate privileges via execution from a compromised folder...

CVE-2021-31853 MDE DLL Search Order Hijacking vulnerability

DLL Search Order Hijacking Vulnerability in McAfee Drive Encryption MDE prior to 7.3.0 HF2 7.3.0.183 allows local users to execute arbitrary code and escalate privileges via execution from a compromised folder...

CVE-2021-37207

A vulnerability has been identified in SENTRON powermanager V3 All versions. The affected application assigns improper access rights to a specific folder containing configuration files. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges...

Siemens Sentron Powermanager 安全漏洞

Siemens Sentron Powermanager is a power management software from Siemens, a German company. A local code execution vulnerability exists in Siemens Sentron Powermanager, which stems from an affected application assigning incorrect access rights to a specific folder containing configuration files. ...

Backup and Restore <= 1.0.3 - Admin+ Arbitrary File Deletion

The plugin does not sanitise and validate the foldername parameter when deleting a report, which could allow high privilege users to delete arbitrary files on the web server, including those outside of the WordPress folder PoC POST /wp-admin/admin-ajax.php HTTP/1.1 Accept: / Accept-Language:...

CVE-2021-25507

Improper authorization vulnerability in Samsung Flow mobile application prior to 4.8.03.5 allows Samsung Flow PC application connected with user device to access part of notification data in Secure Folder without authorization...

CVE-2021-25507

Improper authorization vulnerability in Samsung Flow mobile application prior to 4.8.03.5 allows Samsung Flow PC application connected with user device to access part of notification data in Secure Folder without authorization...

Authorization

Improper authorization vulnerability in Samsung Flow mobile application prior to 4.8.03.5 allows Samsung Flow PC application connected with user device to access part of notification data in Secure Folder without authorization...

CVE-2021-25507

CVE-2021-25507 describes an improper authorization vulnerability in the Samsung Flow mobile app before version 4.8.03.5. The issue enables a Samsung Flow PC application connected to the user device to access part of notification data housed in Secure Folder without authorization. The available re...

CVE-2021-25507

Improper authorization vulnerability in Samsung Flow mobile application prior to 4.8.03.5 allows Samsung Flow PC application connected with user device to access part of notification data in Secure Folder without authorization...

SAMSUNG Flow 安全漏洞

SAMSUNG Flow is a software product from Samsung South Korea. It is used to enable a seamless, secure, and connected experience on devices. A security vulnerability exists in the SAMSUNG Flow mobile application prior to version 4.8.03.5, which can be exploited by an attacker to gain unauthorized...

Samsung Flow 输入验证错误漏洞

Samsung Flow is a software product from Samsung South Korea. It is used to enable a seamless, secure, and connected experience on devices. A security vulnerability exists in the Samsung Flow Windows application prior to version 4.8.5.0, which stems from a lack of input validation in the...

baijiacms path traversal vulnerability

baijiacms is a content management system CMS for e-commerce. baijiacms is vulnerable to a path traversal vulnerability, which stems from a directory traversal vulnerability found in database.php, which allows an attacker to delete a folder on any server with the id parameter...

Fedora: Security Advisory for libzapojit (FEDORA-2021-77ce69dba6)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Directory traversal

A directory traversal vulnerability in the component system/manager/class/web/database.php was discovered in Baijiacms V4 which allows attackers to arbitrarily delete folders on the server via the "id" parameter...

baijiacms 路径遍历漏洞

baijiacms is a content management system CMS for e-commerce. baijiacms is vulnerable to a path traversal vulnerability, which stems from a directory traversal vulnerability found in database.php, which allows an attacker to delete a folder on any server with the id parameter...

Folder Lock Cross-Site Scripting Vulnerability

Folder Lock is a perfect data security application from NewSoftwares, Inc. Folder Lock is vulnerable to a cross-site scripting vulnerability in v3.4.5, which stems from the " Create Folder" function under the "Create" module lacks a data validation filter for user-supplied data and output. An...

SolarWinds DameWare Mini Remote Control < 12.2 Arbitrary File Deletion

An arbitrary file deletion vulnerability exists in Dameware Mini Remote Control Service due to insecure folder permissions. An unauthenticated, remote attacker can exploit this by initiating a repair via the windows installer, to delete arbitrary files. Note that Nessus has not tested for this...