ReportizFlow
Filtered by vendor
Subscriptions
Total
423 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-5297 | 1 Rockoa | 1 Rockoa | 2024-11-21 | 3.7 Low |
| A vulnerability was found in Xinhu RockOA 2.3.2. It has been classified as problematic. This affects the function start of the file task.php?m=sys|runt&a=beifen. The manipulation leads to exposure of backup file to an unauthorized control sphere. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240927. | ||||
| CVE-2023-4933 | 1 Awsm | 1 Wp Job Openings | 2024-11-21 | 5.3 Medium |
| The WP Job Openings WordPress plugin before 3.4.3 does not block listing the contents of the directories where it stores attachments to job applications, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled. | ||||
| CVE-2023-4588 | 1 Delinea | 1 Secret Server | 2024-11-21 | 6.8 Medium |
| File accessibility vulnerability in Delinea Secret Server, in its v10.9.000002 and v11.4.000002 versions. Exploitation of this vulnerability could allow an authenticated user with administrative privileges to create a backup file in the application's webroot directory, changing the default backup directory to the wwwroot folder, and download it with some configuration files such as encryption.config/ and database.config stored in the wwwroot directory, exposing the database credentials in plain text. | ||||
| CVE-2023-4550 | 3 Linux, Microsoft, Opentext | 3 Linux Kernel, Windows, Appbuilder | 2024-11-21 | 7.5 High |
| Improper Input Validation, Files or Directories Accessible to External Parties vulnerability in OpenText AppBuilder on Windows, Linux allows Probe System Files. An unauthenticated or authenticated user can abuse a page of AppBuilder to read arbitrary files on the server on which it is hosted. This issue affects AppBuilder: from 21.2 before 23.2. | ||||
| CVE-2023-4475 | 1 Asustor | 1 Data Master | 2024-11-21 | 7.5 High |
| An Arbitrary File Movement vulnerability was found in ASUSTOR Data Master (ADM) allows an attacker to exploit the file renaming feature to move files to unintended directories. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below. | ||||
| CVE-2023-49198 | 1 Apache | 1 Seatunnel | 2024-11-21 | 7.5 High |
| Mysql security vulnerability in Apache SeaTunnel. Attackers can read files on the MySQL server by modifying the information in the MySQL URL allowLoadLocalInfile=true&allowUrlInLocalInfile=true&allowLoadLocalInfileInPath=/&maxAllowedPacket=655360 This issue affects Apache SeaTunnel: 1.0.0. Users are recommended to upgrade to version [1.0.1], which fixes the issue. | ||||
| CVE-2023-48661 | 1 Dell | 3 Powermax Os, Solutions Enabler Virtual Appliance, Unisphere For Powermax Virtual Appliance | 2024-11-21 | 4.9 Medium |
| Dell vApp Manager, versions prior to 9.2.4.x contain an arbitrary file read vulnerability. A remote malicious user with high privileges could potentially exploit this vulnerability to read arbitrary files from the target system. | ||||
| CVE-2023-47612 | 1 Telit | 20 Bgs5, Bgs5 Firmware, Ehs5 and 17 more | 2024-11-21 | 6.8 Medium |
| A CWE-552: Files or Directories Accessible to External Parties vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow an attacker with physical access to the target system to obtain a read/write access to any files and directories on the targeted system, including hidden files and directories. | ||||
| CVE-2023-42534 | 1 Samsung | 1 Android | 2024-11-21 | 6.3 Medium |
| Improper input validation vulnerability in ChooserActivity prior to SMR Nov-2023 Release 1 allows local attackers to read arbitrary files with system privilege. | ||||
| CVE-2023-41717 | 1 Zscaler | 1 Zscaler Proxy | 2024-11-21 | 5.5 Medium |
| Inappropriate file type control in Zscaler Proxy versions 3.6.1.25 and prior allows local attackers to bypass file download/upload restrictions. | ||||
| CVE-2023-3712 | 1 Honeywell | 2 Pm43, Pm43 Firmware | 2024-11-21 | 6.6 Medium |
| Files or Directories Accessible to External Parties vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Privilege Escalation.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006). | ||||
| CVE-2023-39545 | 1 Nec | 2 Expresscluster X, Expresscluster X Singleserversafe | 2024-11-21 | 8.8 High |
| CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command. | ||||
| CVE-2023-38948 | 1 Jizhicms | 1 Jizhicms | 2024-11-21 | 7.2 High |
| An arbitrary file download vulnerability in the /c/PluginsController.php component of jizhi CMS 1.9.5 allows attackers to execute arbitrary code via downloading a crafted plugin. | ||||
| CVE-2023-37551 | 1 Codesys | 16 Control For Beaglebone Sl, Control For Empc-a\/imx6 Sl, Control For Iot2000 Sl and 13 more | 2024-11-21 | 6.5 Medium |
| In multiple Codesys products in multiple versions, after successful authentication as a user, specially crafted network communication requests can utilize the CmpApp component to download files with any file extensions to the controller. In contrast to the regular file download via CmpFileTransfer, no filtering of certain file types is performed here. As a result, the integrity of the CODESYS control runtime system may be compromised by the files loaded onto the controller. | ||||
| CVE-2023-33517 | 1 Carrental Project | 1 Carrental | 2024-11-21 | 7.5 High |
| carRental 1.0 is vulnerable to Incorrect Access Control (Arbitrary File Read on the Back-end System). | ||||
| CVE-2023-32226 | 1 Sysaid | 1 Sysaid On-premises | 2024-11-21 | 8.3 High |
| Sysaid - CWE-552: Files or Directories Accessible to External Parties - Authenticated users may exfiltrate files from the server via an unspecified method. | ||||
| CVE-2023-31066 | 1 Apache | 1 Inlong | 2024-11-21 | 9.1 Critical |
| Files or Directories Accessible to External Parties vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Different users in InLong could delete, edit, stop, and start others' sources! Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7775 https://github.com/apache/inlong/pull/7775 to solve it. | ||||
| CVE-2023-31064 | 1 Apache | 1 Inlong | 2024-11-21 | 7.5 High |
| Files or Directories Accessible to External Parties vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. the user in InLong could cancel an application that doesn't belongs to it. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7799 https://github.com/apache/inlong/pull/7799 to solve it. | ||||
| CVE-2023-31017 | 2 Microsoft, Nvidia | 2 Windows, Virtual Gpu | 2024-11-21 | 7.8 High |
| NVIDIA GPU Display Driver for Windows contains a vulnerability where an attacker may be able to write arbitrary data to privileged locations by using reparse points. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering. | ||||
| CVE-2023-2538 | 1 Tyan | 8 S5552\/s5552gm2nr, S5552\/s5552gm2nr Firmware, S5552\/s5552gm4nr and 5 more | 2024-11-21 | 5.8 Medium |
| A CWE-552 "Files or Directories Accessible to External Parties” in the web interface of the Tyan S5552 BMC version 3.00 allows an unauthenticated remote attacker to retrieve the private key of the TLS certificate in use by the BMC via forced browsing. This can then be abused to perform Man-in-the-Middle (MitM) attacks against victims that access the web interface through HTTPS. | ||||