10 matches found
CVE-2026-24773
The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, an Insecure Direct Object Reference IDOR vulnerability allows unauthenticated remote attackers to access personal files of other users by directly requesting predictable user...
CVE-2026-24773
The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, an Insecure Direct Object Reference IDOR vulnerability allows unauthenticated remote attackers to access personal files of other users by directly requesting predictable user...
CVE-2026-24773 Open eClass Unauthenticated IDOR Allows Access to Arbitrary User Files
The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, an Insecure Direct Object Reference IDOR vulnerability allows unauthenticated remote attackers to access personal files of other users by directly requesting predictable user...
Hack of US Surveillance Provider RemoteCOM Exposes Court Data
A massive data breach at RemoteCOM exposed 14,000 personal files and police contacts from the SCOUT software. Learn what this aggressive spyware records, and the high risks for all involved parties...
Lark Technologies: Attacker is able to join any tenant on larksuite and view personal files/chats.
A privilege escalation issue was found in Open.larksuite.com, which could have potentially allowed attackers to join any tenant, and view files and communications that are shared by team members. We thank @imrannisar for reporting this to our team and confirming the resolution...
CVE-2021-41324
Directory traversal in the Copy, Move, and Delete features in Pydio Cells 2.2.9 allows remote authenticated users to enumerate personal files or Cells files belonging to any user via the nodes parameter for Copy and Move or via the Path parameter for Delete...
Directory traversal
Directory traversal in the Copy, Move, and Delete features in Pydio Cells 2.2.9 allows remote authenticated users to enumerate personal files or Cells files belonging to any user via the nodes parameter for Copy and Move or via the Path parameter for Delete...
Ransomware Gang Leaks Metropolitan Police Data After Failed Negotiations
The cybercrime syndicate behind Babuk ransomware has leaked more personal files belonging to the Metropolitan Police Department MPD after negotiations with the DC Police broke down, warning that they intend to publish all data if their ransom demands are not met. "The negotiations reached a dead...
Updated wesnoth packages fix CVE-2015-0844
Updated wesnoth packages fix security vulnerability A severe security vulnerability in Battle of Wesnoth's game client was found which could allow a malicious user to obtain personal files and information from other players in networked multiplayer games using the built-in WML/Lua API on any...
Zaurus PDA FTP Server Unpassworded root Account
The remote Zaurus FTP server can be accessed as the user 'root' with no password. An attacker may use this flaw to steal or modify the content of your PDA, including but not limited to your address book, personal files, and list of appointments. C Tenable Network Security, Inc. Script audit and...