EUVD-2020-6061

Malware in sbrugna...

CVE-2020-13850

Artica Pandora FMS 7.44 has inadequate access controls on a web folder...

GHSA-QMWF-J7G7-F5JW Cross-Site Scripting in third party library mso/idna-convert

Make sure to not expose the vendor directory to the publicly accessible document root. In composer managed installation, make sure to configure a dedicated web folder. In general it is recommended to not expose the complete typo3src sources folder in the document root...

CVE-2023-27133

TSplus Remote Work 16.0.0.0 has weak permissions for .exe, .js, and .html files under the %PROGRAMFILESX86%\TSplus-RemoteWork\Clients\www folder. This may enable privilege escalation if a different local user modifies a file. NOTE: CVE-2023-31067 and CVE-2023-31068 are only about the TSplus Remot...

CVE-2022-24688

An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. The Touch settings allow unrestricted file upload and consequently Remote Code Execution via PDF upload with PHP content and a .php extension. The attacker must hijack or obtain privileged user access to the Parameters page in order...

CVE-2022-24688

An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. The Touch settings allow unrestricted file upload and consequently Remote Code Execution via PDF upload with PHP content and a .php extension. The attacker must hijack or obtain privileged user access to the Parameters page in order...

CVE-2020-13850

Artica Pandora FMS 7.44 has inadequate access controls on a web folder...

CVE-2020-13850

Artica Pandora FMS 7.44 has inadequate access controls on a web folder...

Design/Logic Flaw

Artica Pandora FMS 7.44 has inadequate access controls on a web folder...

CVE-2020-13850

Pandora FMS (Artica Pandora FMS) 7.44 contains an inadequate access control flaw in the Pandora Console web folder (CVE-2020-13850) that enables directory listing and exposure of sensitive files (e.g., logs and uploaded content) via direct URLs such as /pandora_console/*. The CoreLabs advisory do...

Directory traversal

Winmail Server through 6.2 allows remote code execution by authenticated users who leverage directory traversal in a netdisk.php copyfolderfile call in inc/class.ftpfolder.php to move a .php file from the FTP folder into a web folder...

CVE-2018-5700

Winmail Server through 6.2 allows remote code execution by authenticated users who leverage directory traversal in a netdisk.php copyfolderfile call in inc/class.ftpfolder.php to move a .php file from the FTP folder into a web folder...

CVE-2018-5700

Winmail Server through 6.2 allows remote code execution by authenticated users who leverage directory traversal in a netdisk.php copyfolderfile call in inc/class.ftpfolder.php to move a .php file from the FTP folder into a web folder...

CVE-2017-9846

Winmail Server 6.1 allows remote code execution by authenticated users who leverage directory traversal in a netdisk.php movefolderfile call to move a .php file from the FTP folder into a web folder...

Directory traversal

Winmail Server 6.1 allows remote code execution by authenticated users who leverage directory traversal in a netdisk.php movefolderfile call to move a .php file from the FTP folder into a web folder...

CVE-2017-9846

Winmail Server 6.1 allows remote code execution by authenticated users who leverage directory traversal in a netdisk.php movefolderfile call to move a .php file from the FTP folder into a web folder...

Internet Explorer Drag and Drop Code Execution (CVE-2005-0053)

Microsoft Internet Explorer provides a number of ways to represent remote or local content. One of its more powerful features is the Web folder view. The Web folder provides easy access to files located on a web server. A vulnerability exists in the Microsoft Internet Explorer security restrictio...

Internet Explorer Drag and Drop Elevation of Privilege (MS04-038; CVE-2004-0839)

Microsoft Internet Explorer provides a number of ways to represent remote or local content. One of it's more powerful features is the Web folder view. The Web folder provides easy access to files located on a web server. A vulnerability exists in the way Internet Explorer uses the web folder view...

CVE-2005-1989

CVE-2005-1989 is part of a set of Internet Explorer flaws affecting IE 5.0/5.5/6.0 via Web Folder Behaviors Cross‑Domain Vulnerability (CAN-2005-1989) and related issues (CAN-2005-1988 JPEG Rendering; CAN-2005-1990 COM Object Instantiation). The connected records confirm a cross‑domain informatio...

Microsoft Internet Explorer Web Folder Behaviors Cross-Domain Scripting Vulnerability

Description Microsoft Internet Explorer is prone to a security vulnerability that may let a Web page execute malicious script code in the context of an arbitrary domain or browser security zone. This issue is the result of a security flaw in the browser security model when handling URIs when a We...