31 matches found
CVE-2026-12119
The Simple File List plugin for WordPress is vulnerable to unauthorized file operations due to a missing authorization check on the 'frontmanage' shortcode attribute in all versions up to, and including, 6.3.7. This makes it possible for authenticated attackers, with contributor-level access and...
Authorization Bypass
StudioCMS is vulnerable to Improper Access Control. The vulnerability is due to missing await handling for the asynchronous isAuthorized function in the S3 storage manager, where authorization checks in the POST and PUT handlers always evaluate as successful because unresolved Promise objects are...
SAP S/4HANA 安全漏洞
SAP S/4HANA is a enterprise resource management software developed by SAP, a German company, based on the SAP HANA memory database system. There is a security vulnerability in SAP S/4HANA, which stems from the lack of authorization checks. This vulnerability may lead to the deletion of operating...
AList 路径遍历漏洞
AList is a file list program developed by Xhofe, a developer from China. Versions of AList prior to 3.57.0 had a path traversal vulnerability. This vulnerability stemmed from vulnerabilities in multiple file operation handlers, which could lead to unauthorized file operations...
CVE-2005-1657
Multiple directory traversal vulnerabilities in Mercur Messaging 2005 SP2 allow remote attackers to perform unauthorized file operations via the Folder.Id parameter to 1 deletefolder.ctml, 2 deletemessage.ctml, 3 origmessage.ctml, or 4 readmessage.ctml, the Message.Id parameter to editmessage.ctm...
EUVD-2005-1729
Malware in sbrugna...
EUVD-2005-1659
Malware in sbrugna...
EUVD-2023-47090
Malicious code in bioql PyPI...
CVE-2005-1727
Apple Mac OS X 10.4.x up to 10.4.1 sets insecure world- and group-writable permissions for the 1 system cache folder and 2 Dashboard system widgets, which allows local users to conduct unauthorized file operations via "file race conditions."...
CVE-2024-25660
The WebDAV service in Infinera TNMS Transcend Network Management System 19.10.3 allows a low-privileged remote attacker to conduct unauthorized file operations, because of execution with unnecessary privileges...
CVE-2024-25660
The WebDAV service in Infinera TNMS Transcend Network Management System 19.10.3 allows a low-privileged remote attacker to conduct unauthorized file operations, because of execution with unnecessary privileges...
CVE-2024-25660
CVE-2024-25660 concerns Infinera TNMS 19.10.3 where the WebDAV service can be abused by a low-privileged, remote attacker to perform unauthorized file operations. The root cause is the service executing with unnecessary privileges, enabling impact on confidentiality, integrity, and availability. ...
PT-2023-4416 · Eset +2 · Eset Endpoint Antivirus +12
Name of the Vulnerable Software and Affected Versions: ESET NOD32 Antivirus affected versions not specified ESET Internet Security affected versions not specified ESET Smart Security Premium affected versions not specified ESET Endpoint Antivirus affected versions not specified ESET Endpoint...
Code injection
When a user has admin rights in Serv-U Console, the user can move, create and delete any files are able to be accessed on the Serv-U host machine...
CVE-2021-40358
A vulnerability has been identified in SIMATIC PCS 7 V8.2 All versions, SIMATIC PCS 7 V9.0 All versions V9.0 SP3 UC04, SIMATIC PCS 7 V9.1 All versions V9.1 SP1, SIMATIC WinCC V15 and earlier All versions V15 SP1 Update 7, SIMATIC WinCC V16 All versions V16 Update 5, SIMATIC WinCC V17 All versions...
CVE-2020-14975
The driver in IOBit Unlocker 1.1.2 allows a low-privileged user to delete, move, or copy arbitrary files via IOCTL code 0x222124...
Command injection
An issue was discovered in LinuxTV xawtv before 3.107. The function devopen in v4l-conf.c does not perform sufficient checks to prevent an unprivileged caller of the program from opening unintended filesystem paths. This allows a local attacker with access to the v4l-conf setuid-root program to...
CVE-2017-8307
In Avast Antivirus before v17, using the LPC interface API exposed by the AvastSVC.exe Windows service, it is possible to launch predefined binaries, or replace or delete arbitrary files. This vulnerability is exploitable by any unprivileged user when Avast Self-Defense is disabled. It is also...
Directory traversal
Multiple directory traversal vulnerabilities in the FileBrowser components in Synology DiskStation Manager DSM before 4.3-3810 Update 3 allow remote attackers to read, write, and delete arbitrary files via a .. dot dot in the 1 path parameter to filedelete.cgi or 2 folderpath parameter to...
CVE-2013-0219
System Security Services Daemon SSSD before 1.9.4, when 1 creating, 2 copying, or 3 removing a user home directory tree, allows local users to create, modify, or delete arbitrary files via a symlink attack on another user's files...