Lucene search
K

4 matches found

Packet Storm
Packet Storm
added 2024/10/25 12:0 a.m.461 views

Lawo AG vsm LTC Time Sync Path Traversal

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Unauthenticated Path Traversal Vulnerability product: Lawo AG - vsm LTC Time Sync vTimeSync vulnerable version: 4.5.6.0 fixed version: 4.5.6.0 CVE number: CVE-2024-6049...

7.5CVSS7.1AI score0.04325EPSS
Exploits1
NVD
NVD
added 2024/10/24 8:15 a.m.37 views

CVE-2024-6049

The web server of Lawo AG vsm LTC Time Sync vTimeSync is affected by a "..." triple dot path traversal vulnerability. By sending a specially crafted HTTP request, an unauthenticated remote attacker could download arbitrary files from the operating system. As a limitation, the exploitation is only...

7.5CVSS0.04325EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2024/10/24 7:47 a.m.15 views

CVE-2024-6049 Unauthenticated Path Traversal

The web server of Lawo AG vsm LTC Time Sync vTimeSync is affected by a "..." triple dot path traversal vulnerability. By sending a specially crafted HTTP request, an unauthenticated remote attacker could download arbitrary files from the operating system. As a limitation, the exploitation is only...

7.3AI score0.04325EPSS
Exploits1References2
CVE
CVE
added 2024/10/24 7:47 a.m.73 views

CVE-2024-6049

The CVE-2024-6049 issue affects Lawo AG vsm LTC Time Sync (vTimeSync) Web server. A triple-dot path traversal vulnerability allows unauthenticated attackers to download arbitrary OS files via crafted HTTP requests, with exploitation possible only when a file extension is requested (e.g., .exe, .t...

7.5CVSS7.7AI score0.04325EPSS
Exploits1References3
Rows per page
Query Builder