EUVD-2020-6061

Malware in sbrugna...

CVE-2020-13850

Artica Pandora FMS 7.44 has inadequate access controls on a web folder...

GHSA-QMWF-J7G7-F5JW Cross-Site Scripting in third party library mso/idna-convert

Make sure to not expose the vendor directory to the publicly accessible document root. In composer managed installation, make sure to configure a dedicated web folder. In general it is recommended to not expose the complete typo3src sources folder in the document root...

CVE-2023-27133

TSplus Remote Work 16.0.0.0 has weak permissions for .exe, .js, and .html files under the %PROGRAMFILESX86%\TSplus-RemoteWork\Clients\www folder. This may enable privilege escalation if a different local user modifies a file. NOTE: CVE-2023-31067 and CVE-2023-31068 are only about the TSplus Remot...

CVE-2022-24688

An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. The Touch settings allow unrestricted file upload and consequently Remote Code Execution via PDF upload with PHP content and a .php extension. The attacker must hijack or obtain privileged user access to the Parameters page in order...

CVE-2022-24688

An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. The Touch settings allow unrestricted file upload and consequently Remote Code Execution via PDF upload with PHP content and a .php extension. The attacker must hijack or obtain privileged user access to the Parameters page in order...

CVE-2020-13850

Artica Pandora FMS 7.44 has inadequate access controls on a web folder...

CVE-2020-13850

Artica Pandora FMS 7.44 has inadequate access controls on a web folder...

Design/Logic Flaw

Artica Pandora FMS 7.44 has inadequate access controls on a web folder...

CVE-2020-13850

Pandora FMS (Artica Pandora FMS) 7.44 contains an inadequate access control flaw in the Pandora Console web folder (CVE-2020-13850) that enables directory listing and exposure of sensitive files (e.g., logs and uploaded content) via direct URLs such as /pandora_console/*. The CoreLabs advisory do...

Directory traversal

Winmail Server through 6.2 allows remote code execution by authenticated users who leverage directory traversal in a netdisk.php copyfolderfile call in inc/class.ftpfolder.php to move a .php file from the FTP folder into a web folder...

CVE-2018-5700

Winmail Server through 6.2 allows remote code execution by authenticated users who leverage directory traversal in a netdisk.php copyfolderfile call in inc/class.ftpfolder.php to move a .php file from the FTP folder into a web folder...

CVE-2018-5700

Winmail Server through 6.2 allows remote code execution by authenticated users who leverage directory traversal in a netdisk.php copyfolderfile call in inc/class.ftpfolder.php to move a .php file from the FTP folder into a web folder...

CVE-2017-9846

Winmail Server 6.1 allows remote code execution by authenticated users who leverage directory traversal in a netdisk.php movefolderfile call to move a .php file from the FTP folder into a web folder...

Directory traversal

Winmail Server 6.1 allows remote code execution by authenticated users who leverage directory traversal in a netdisk.php movefolderfile call to move a .php file from the FTP folder into a web folder...

CVE-2017-9846

Winmail Server 6.1 allows remote code execution by authenticated users who leverage directory traversal in a netdisk.php movefolderfile call to move a .php file from the FTP folder into a web folder...

Internet Explorer Drag and Drop Code Execution (CVE-2005-0053)

Microsoft Internet Explorer provides a number of ways to represent remote or local content. One of its more powerful features is the Web folder view. The Web folder provides easy access to files located on a web server. A vulnerability exists in the Microsoft Internet Explorer security restrictio...

Internet Explorer Drag and Drop Elevation of Privilege (MS04-038; CVE-2004-0839)

Microsoft Internet Explorer provides a number of ways to represent remote or local content. One of it's more powerful features is the Web folder view. The Web folder provides easy access to files located on a web server. A vulnerability exists in the way Internet Explorer uses the web folder view...

CVE-2005-1989

CVE-2005-1989 is part of a set of Internet Explorer flaws affecting IE 5.0/5.5/6.0 via Web Folder Behaviors Cross‑Domain Vulnerability (CAN-2005-1989) and related issues (CAN-2005-1988 JPEG Rendering; CAN-2005-1990 COM Object Instantiation). The connected records confirm a cross‑domain informatio...

MS05-038: Cumulative Security Update for Internet Explorer (896727)

The remote host contains a version of the Internet Explorer that is vulnerable to multiple security flaws JPEG Rendering, Web Folder, COM Object that could allow an attacker to execute arbitrary code on the remote host by constructing a malicious web page and entice a victim to visit this web pag...