BIT-SUITECRM-2020-28328

SuiteCRM before 7.11.17 is vulnerable to remote code execution via the system settings Log File Name setting. In certain circumstances involving admin account takeover, loggerfilename can refer to an attacker-controlled .php file under the web root...

Apache OFBiz Code Issue Vulnerability

Apache OFBiz is the United States Apache Apache Foundation of a set of enterprise resource planning ERP system. The system provides a suite of Java-based web application components and tools. A code issue vulnerability exists in Apache OFBiz versions prior to 18.12.12. An attacker could exploit...

Apache OFBiz Security Vulnerability

Apache OFBiz is the United States Apache Apache Foundation of a set of enterprise resource planning ERP system. The system provides a complete set of Java-based web application components and tools. A security vulnerability exists in Apache OFBiz versions prior to 18.12.12. An attacker could...

Backstage Security Vulnerabilities

Backstage is a software application. Backstage is an open platform for building developer portals. A security vulnerability exists in Backstage backend-common, which stems from insufficiently detailed path checking using "resolveSafeChildPath". The vulnerability can be exploited to access files a...

Directory traversal

TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions of TYPO3 entities of the File Abstraction Layer FAL could be persisted directly via DataHandler. This allowed attackers to reference files in the fallback storage directly and retrieve...

Sharp JH-RV11 Security Vulnerability

Sharp JH-RV11 is an energy management controller for cloud services from Sharp Japan. A security vulnerability exists in Sharp JH-RV11 Ver.B0.1.9.1 version and earlier versions. An attacker could exploit the vulnerability to access files and directories stored outside of the web root folder...

CPIO Security Vulnerabilities

cpio is a file backup program for UNIX-like systems. A security vulnerability exists in CPIO. An attacker could exploit the vulnerability to access files and directories stored outside of the web root folder...

Exploit for CVE-2023-47400

CVE-2023-47400 Proof of Concept for the CVE-2023-47400 Aut...

Biges Safe Life Technologies Electronics VGuard Security Breach

Biges Safe Life Technologies Electronics VGuard is a CCTV monitoring solution from Biges Safe Life Technologies Electronics. A security vulnerability exists in versions prior to Biges Safe Life Technologies Electronics VGuard V500.0003.R008.4011.C0012.B351. An attacker could exploit the...

Mattermost Injection Vulnerability

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a security vulnerability that stems from an inability to validate the route parameter in //channels/. An attacker exploiting this vulnerability could access files and directorie...

BVRP Software Avanquest Software SLmail Path Traversal Vulnerability

BVRP Software Avanquest Software SLmail BVRP Software SLmail is an email server solution from BVRP Software, France. A path traversal vulnerability exists in BVRP Software Avanquest Software SLmail version 5.5.0.4433. An attacker could use this vulnerability to access files and directories stored...

CVE-2023-38880

The Community Edition version 9.0 of OS4ED's openSIS Classic has a broken access control vulnerability in the database backup functionality. Whenever an admin generates a database backup, the backup is stored in the web root while the file name has a format of "opensisBackup.sql" e.g...

CVE-2023-38880

The Community Edition version 9.0 of OS4ED's openSIS Classic has a broken access control vulnerability in the database backup functionality. Whenever an admin generates a database backup, the backup is stored in the web root while the file name has a format of "opensisBackup.sql" e.g...

Improper access control

The Community Edition version 9.0 of OS4ED's openSIS Classic has a broken access control vulnerability in the database backup functionality. Whenever an admin generates a database backup, the backup is stored in the web root while the file name has a format of "opensisBackup.sql" e.g...

CVE-2023-38880

The Community Edition version 9.0 of OS4ED's openSIS Classic has a broken access control vulnerability in the database backup functionality. Whenever an admin generates a database backup, the backup is stored in the web root while the file name has a format of "opensisBackup.sql" e.g...

CVE-2023-26578

Arbitrary file upload to web root in the IDAttend’s IDWeb application 3.1.013 allows authenticated attackers to upload dangerous files to web root such as ASP or ASPX, gaining command execution on the affected server...

CVE-2023-26578

Arbitrary file upload to web root in the IDAttend’s IDWeb application 3.1.013 allows authenticated attackers to upload dangerous files to web root such as ASP or ASPX, gaining command execution on the affected server...

CVE-2023-26578 Arbitrary File Upload to Web Root In IDAttend’s IDWeb Application

Arbitrary file upload to web root in the IDAttend’s IDWeb application 3.1.013 allows authenticated attackers to upload dangerous files to web root such as ASP or ASPX, gaining command execution on the affected server...

CVE-2023-26578

CVE-2023-26578 affects IDAttend IDWeb 3.1.013. The vulnerability is an arbitrary file upload to the web root by authenticated users, enabling uploading of dangerous files (e.g., ASP/ASPX) and resulting in command execution on the server. Affected component: IDWeb application’s upload handling. Im...

CVE-2023-26578 Arbitrary File Upload to Web Root In IDAttend’s IDWeb Application

Arbitrary file upload to web root in the IDAttend’s IDWeb application 3.1.013 allows authenticated attackers to upload dangerous files to web root such as ASP or ASPX, gaining command execution on the affected server...