CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The fix for CVE-2024-26261 was incomplete, and and the specific package for OAKlouds from Hgiga remains at risk. Unauthenticated remote attackers still can download arbitrary system files, which may be deleted subsequently...

9.8CVSS0.01621EPSS

Exploits0References2

CVE•added 2024/10/14 3:23 a.m.•53 views

CVE-2024-9924

CVE-2024-9924 describes an Arbitrary File Read and Delete vulnerability in HGiga OAKlouds. An unauthenticated remote attacker can request specific files and download arbitrary system files, with reports indicating the files may be deleted after download. The issue is connected to CVE-2024-26261, ...

9.8CVSS9.6AI score0.01621EPSS

Exploits0References2

Cvelist•added 2024/10/14 3:23 a.m.•19 views

CVE-2024-9924 Hgiga OAKlouds - Arbitrary File Read And Delete

9.8CVSS0.01621EPSS

Exploits0References2

Vulnrichment•added 2024/10/14 3:23 a.m.•14 views

CVE-2024-9924 Hgiga OAKlouds - Arbitrary File Read And Delete

9.8CVSS7.1AI score0.01621EPSS

Exploits0References2

CNNVD•added 2024/10/14 12:0 a.m.•1 views

Hgiga OAKlouds 安全漏洞

HGiga OAKlouds is an enterprise collaborative work portal network of China Henderson Technology HGiga Company. It is used for just-in-time communication and resource reservation. HGiga OAKlouds suffers from a security vulnerability that originates from the fact that an unauthorized remote attacke...

9.8CVSS7AI score0.01621EPSS

Exploits0References3

OSV•added 2024/02/15 3:15 a.m.•0 views

CVE-2024-26261

The functionality for file download in HGiga OAKlouds' certain modules contains an Arbitrary File Read and Delete vulnerability. Attackers can put file path in specific request parameters, allowing them to download the file without login. Furthermore, the file will be deleted after being download...

9.8CVSS5.7AI score

Exploits0References2

NVD•added 2024/02/15 3:15 a.m.•10 views

CVE-2024-26260

The functionality for synchronization in HGiga OAKlouds' certain moudules has an OS Command Injection vulnerability, allowing remote attackers to inject system commands within specific request parameters. This enables the execution of arbitrary code on the remote server without permission...

9.8CVSS10AI score0.02746EPSS

Exploits0References2

OSV•added 2024/02/15 3:15 a.m.•0 views

CVE-2024-26260

9.8CVSS6.1AI score0.02746EPSS

Exploits0References2

Prion•added 2024/02/15 3:15 a.m.•15 views

Command injection

7.5CVSS8.4AI score0.02746EPSS

Exploits0References1

Prion•added 2024/02/15 3:15 a.m.•11 views

Design/Logic Flaw

7.5CVSS7.2AI score0.00253EPSS

Exploits0References1

CVE•added 2024/02/15 2:29 a.m.•54 views

CVE-2024-26261

CVE-2024-26261 affects HGiga OAKlouds where certain modules expose an Arbitrary File Read and Delete via path parameters, enabling attackers to download files without authentication and subsequently delete them. The vulnerability stems from a path traversal/unsafe file access flaw in the file-dow...

9.8CVSS9.4AI score0.00253EPSS

Exploits0References2Affected Software4

Vulnrichment•added 2024/02/15 2:29 a.m.•20 views

CVE-2024-26261 Hgiga OAKlouds - Arbitrary File Read And Delete

9.8CVSS6.9AI score0.00253EPSS

Exploits0References2

CVE•added 2024/02/15 2:18 a.m.•73 views

CVE-2024-26260

HGiga OAKlouds is affected by an OS command injection in the synchronization function of certain modules, enabling remote command execution via specific request parameters. Root cause is input/sanitization in those parameters leading to arbitrary code execution on the server; CVSS v3.1 base score...

9.8CVSS10AI score0.02746EPSS

Exploits0References2Affected Software4

Cvelist•added 2024/02/15 2:18 a.m.•20 views

CVE-2024-26260 Hgiga OAKlouds - Command Injection

9.8CVSS10AI score0.02746EPSS

Exploits0References2

Vulnrichment•added 2024/02/15 2:18 a.m.•25 views

CVE-2024-26260 Hgiga OAKlouds - Command Injection

9.8CVSS8.2AI score0.02746EPSS

Exploits0References2

Rows per page