Lucene search
K

1370 matches found

CNVD
CNVD
added 2021/07/09 12:0 a.m.14 views

WordPress Media File Organizer plugin directory traversal vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A directory traversal vulnerability exists in version 1.0.1 of the Media File Organizer plugin for...

8.6CVSS8.7AI score0.01998EPSS
Exploits0References1
NVD
NVD
added 2021/07/07 2:15 p.m.16 views

CVE-2020-24143

Directory traversal in the Video Downloader for TikTok aka downloader-tiktok plugin 1.3 for WordPress lets an attacker get access to files that are stored outside the web root folder via the njt-tk-download-video parameter...

7.5CVSS0.01967EPSS
Exploits0References1
OSV
OSV
added 2021/07/07 2:15 p.m.3 views

CVE-2020-24144

Directory traversal in the Media File Organizer aka media-file-organizer plugin 1.0.1 for WordPress lets an attacker get access to files that are stored outside the web root folder via the items parameter in a move operation...

8.6CVSS5.8AI score0.01998EPSS
Exploits0References2
OSV
OSV
added 2021/07/07 2:15 p.m.5 views

CVE-2020-24143

Directory traversal in the Video Downloader for TikTok aka downloader-tiktok plugin 1.3 for WordPress lets an attacker get access to files that are stored outside the web root folder via the njt-tk-download-video parameter...

7.5CVSS7.1AI score0.01967EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/07/07 1:37 p.m.17 views

CVE-2020-24144

Directory traversal in the Media File Organizer aka media-file-organizer plugin 1.0.1 for WordPress lets an attacker get access to files that are stored outside the web root folder via the items parameter in a move operation...

8.6AI score0.01998EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/07/07 12:0 a.m.6 views

WordPress 路径遍历漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A path traversal vulnerability exists in WordPress Ninja Team Video Downloader for TikTok, which ste...

7.5CVSS7.4AI score0.01967EPSS
Exploits0References2
Veracode
Veracode
added 2021/04/20 6:25 a.m.16 views

Directory Traversal

flow-server is vulnerable to directory traversal. The attack is possible due to a lack of proper validation of URL path, allowing an attacker to inject ../ characters into in parameters to access resources outside of the web root...

7.5CVSS5.1AI score0.01211EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2021/04/14 4:44 a.m.7 views

Information Disclosure

shopware/production is vulnerable to information disclosure. The .env and other confidential files can be accessed if the project root is configured as the web root...

2.4AI score
Exploits0
Github Security Blog
Github Security Blog
added 2021/04/13 3:13 p.m.24 views

Exposure of .env if project root is configured as web root in shopware/production

Impact The .env and other sensitive files can be leaked if the project root and not /public is configured as the web root. Patches We recommend to update to the current version 6.3.5.3. You can get the update to 6.3.5.3 regularly via the Auto-Updater or directly via the download overview...

2.4AI score
Exploits0References3Affected Software2
OSV
OSV
added 2021/04/13 3:13 p.m.14 views

GHSA-3PCR-4982-548M Exposure of .env if project root is configured as web root in shopware/production

Impact The .env and other sensitive files can be leaked if the project root and not /public is configured as the web root. Patches We recommend to update to the current version 6.3.5.3. You can get the update to 6.3.5.3 regularly via the Auto-Updater or directly via the download overview...

7.1AI score
Exploits0References3
NVD
NVD
added 2021/03/04 9:15 p.m.60 views

CVE-2021-26293

An issue was discovered in AfterLogic Aurora through 8.5.3 and WebMail Pro through 8.5.3, when DAV is enabled. They allow directory traversal to create new files such as an executable file under the web root. This is related to DAVServer.php in 8.x and DAV/Server.php in 7.x...

9.8CVSS0.0711EPSS
Exploits2References1
OSV
OSV
added 2021/03/04 9:15 p.m.5 views

CVE-2021-26293

An issue was discovered in AfterLogic Aurora through 8.5.3 and WebMail Pro through 8.5.3, when DAV is enabled. They allow directory traversal to create new files such as an executable file under the web root. This is related to DAVServer.php in 8.x and DAV/Server.php in 7.x...

9.8CVSS7.3AI score0.0711EPSS
Exploits2References1
Prion
Prion
added 2021/03/04 9:15 p.m.16 views

Directory traversal

An issue was discovered in AfterLogic Aurora through 8.5.3 and WebMail Pro through 8.5.3, when DAV is enabled. They allow directory traversal to create new files such as an executable file under the web root. This is related to DAVServer.php in 8.x and DAV/Server.php in 7.x...

6.8CVSS9.3AI score0.0711EPSS
Exploits2References1Affected Software2
Cvelist
Cvelist
added 2021/03/04 8:32 p.m.30 views

CVE-2021-26293

An issue was discovered in AfterLogic Aurora through 8.5.3 and WebMail Pro through 8.5.3, when DAV is enabled. They allow directory traversal to create new files such as an executable file under the web root. This is related to DAVServer.php in 8.x and DAV/Server.php in 7.x...

9.6AI score0.0711EPSS
Exploits2References1
NVD
NVD
added 2021/02/09 7:15 p.m.18 views

CVE-2020-28645

Deleting users with certain names caused system files to be deleted. Risk is higher for systems which allow users to register themselves and have the data directory in the web root. This affects ownCloud/core versions 10.6...

9.1CVSS0.0124EPSS
Exploits0References1
OSV
OSV
added 2021/02/09 7:15 p.m.15 views

CVE-2020-28645

Deleting users with certain names caused system files to be deleted. Risk is higher for systems which allow users to register themselves and have the data directory in the web root. This affects ownCloud/core versions 10.6...

9.1CVSS6.7AI score
Exploits0References1
Prion
Prion
added 2021/02/09 7:15 p.m.15 views

Design/Logic Flaw

Deleting users with certain names caused system files to be deleted. Risk is higher for systems which allow users to register themselves and have the data directory in the web root. This affects ownCloud/core versions 10.6...

5CVSS9AI score0.0124EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/02/09 6:41 p.m.27 views

CVE-2020-28645

Deleting users with certain names caused system files to be deleted. Risk is higher for systems which allow users to register themselves and have the data directory in the web root. This affects ownCloud/core versions 10.6...

9.1AI score0.0124EPSS
Exploits0References1
CVE
CVE
added 2021/02/09 6:41 p.m.51 views

CVE-2020-28645

CVE-2020-28645 affects the ownCloud Core before version 10.6. The issue, described as deleting users with certain names causing system files to be deleted, implies a vulnerability in user handling where specific usernames trigger file deletions when data directories are web-rooted. The available ...

9.1CVSS9AI score0.0124EPSS
Exploits0References1Affected Software1
OwnCloud
OwnCloud
added 2020/12/30 12:0 a.m.30 views

Missing user validation leading to information disclosure

Deleting users with certain names caused system files to be deleted. Risk is higher for systems which allow users to register themselves and have the data directory in the web root...

3.1CVSS2.9AI score0.0124EPSS
Exploits0Affected Software1
Rows per page
Query Builder