8 matches found
CVE-2026-34413 Xerte Online Toolkits Missing Authentication via connector.php
Xerte Online Toolkits versions 3.15 and earlier contain a missing authentication vulnerability in the elFinder connector endpoint at /editor/elfinder/php/connector.php where an HTTP redirect to unauthenticated callers does not call exit or die, allowing PHP execution to continue and process the...
PT-2026-32039
Name of the Vulnerable Software and Affected Versions goshs versions prior to 2.0.0-beta.4 Description goshs, a SimpleHTTPServer written in Go, had an authorization bypass. Prior to version 2.0.0-beta.4, the software enforced ACL/basic-auth mechanisms for directory listings and file reads, but di...
CVE-2025-52551
E2 Facility Management Systems use a proprietary protocol that allows for unauthenticated file operations on any file in the file system...
CVE-2025-52551 Proprietary protocol allows for unauthenticated file operations
E2 Facility Management Systems use a proprietary protocol that allows for unauthenticated file operations on any file in the file system...
CVE-2025-52551 Proprietary protocol allows for unauthenticated file operations
E2 Facility Management Systems use a proprietary protocol that allows for unauthenticated file operations on any file in the file system...
PT-2025-35560
Name of the Vulnerable Software and Affected Versions: E2 Facility Management Systems affected versions not specified Description: E2 Facility Management Systems utilizes a proprietary protocol that permits unauthenticated file operations on any file within the file system. Recommendations: At th...
CVE-2024-28064
Kiteworks Totemomail 7.x and 8.x before 8.3.0 allows /responsiveUI/EnvelopeOpenServlet messageId directory traversal for unauthenticated file read and delete operations with displayLoginChunkedImages and write operations with storeLoginChunkedImages...
ICL ScadaFlex II SCADA Controllers SC-1/SC-2 1.03.07 Remote File CRUD
Summary Scadaflex II controllers are 100% web based for both configuration and user interface. No applications are required other than any standard web browser. They are easily supported by remote access over the Internet or a cellular link. Scadaflex II controllers support industry standard wire...