ReportizFlow
Filtered by vendor
Subscriptions
Total
176 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-5334 | 2024-11-21 | N/A | ||
| A local file read vulnerability exists in the stitionai/devika repository, affecting the latest version. The vulnerability is due to improper handling of the 'snapshot_path' parameter in the '/api/get-browser-snapshot' endpoint. An attacker can exploit this vulnerability by crafting a request with a malicious 'snapshot_path' parameter, leading to arbitrary file read from the system. This issue impacts the security of the application by allowing unauthorized access to sensitive files on the server. | ||||
| CVE-2024-4818 | 2024-11-21 | 5.3 Medium | ||
| A vulnerability was found in Campcodes Online Laundry Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /index.php. The manipulation of the argument page leads to file inclusion. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263939. | ||||
| CVE-2024-39904 | 2024-11-21 | 8.8 High | ||
| VNote is a note-taking platform. Prior to 3.18.1, a code execution vulnerability existed in VNote, which allowed an attacker to execute arbitrary programs on the victim's system. A crafted URI can be used in a note to perform this attack using file:/// as a link. For example, file:///C:/WINDOWS/system32/cmd.exe. This allows attackers to execute arbitrary programs by embedding a reference to a local executable file such as file:///C:/WINDOWS/system32/cmd.exe and file:///C:/WINDOWS/system32/calc.exe. This vulnerability can be exploited by creating and sharing specially crafted notes. An attacker could send a crafted note file and perform further attacks. This vulnerability is fixed in 3.18.1. | ||||
| CVE-2024-39303 | 1 Weblate | 1 Weblate | 2024-11-21 | 4.4 Medium |
| Weblate is a web based localization tool. Prior to version 5.6.2, Weblate didn't correctly validate filenames when restoring project backup. It may be possible to gain unauthorized access to files on the server using a crafted ZIP file. This issue has been addressed in Weblate 5.6.2. As a workaround, do not allow untrusted users to create projects. | ||||
| CVE-2024-37295 | 1 Aimeos | 1 Aimeos-core | 2024-11-21 | 7.2 High |
| Aimeos is an Open Source e-commerce framework for online shops. Starting in version 2024.01.1 and prior to version 2024.04.5, a user with administrative privileges can upload files that look like images but contain PHP code which can then be executed in the context of the web server. Version 2024.04.5 fixes the issue. | ||||
| CVE-2024-37149 | 1 Glpi-project | 1 Glpi | 2024-11-21 | 7.2 High |
| GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated technician user can upload a malicious PHP script and hijack the plugin loader to execute this malicious script. Upgrade to 10.0.16. | ||||
| CVE-2024-33860 | 2024-11-21 | 6.5 Medium | ||
| An issue was discovered in Logpoint before 7.4.0. It allows Local File Inclusion (LFI) when an arbitrary File Path is used within the File System Collector. The content of the file specified can be viewed in the incoming logs. | ||||
| CVE-2024-33671 | 2024-11-21 | 7.7 High | ||
| An issue was discovered in Veritas Backup Exec before 22.2 HotFix 917391. The Backup Exec Deduplication Multi-threaded Streaming Agent can be leveraged to perform arbitrary file deletion on protected files. | ||||
| CVE-2024-31492 | 2024-11-21 | 7.8 High | ||
| An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3 and below, version 7.0.10 and below installer may allow a local attacker to execute arbitrary code or commands via writing a malicious configuration file in /tmp before starting the installation process. | ||||
| CVE-2024-30265 | 2024-11-21 | 7.5 High | ||
| Collabora Online is a collaborative online office suite based on LibreOffice technology. Any deployment of voilà dashboard allow local file inclusion. Any file on a filesystem that is readable by the user that runs the voilà dashboard server can be downloaded by someone with network access to the server. Whether this still requires authentication depends on how voilà is deployed. This issue has been patched in 0.2.17, 0.3.8, 0.4.4 and 0.5.6. | ||||
| CVE-2024-2917 | 2024-11-21 | 5.4 Medium | ||
| A vulnerability was found in Campcodes House Rental Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file index.php. The manipulation of the argument page leads to file inclusion. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257983. | ||||
| CVE-2024-2155 | 2024-11-21 | 4.3 Medium | ||
| A vulnerability was found in SourceCodester Best POS Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file index.php. The manipulation of the argument page leads to file inclusion. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-255587. | ||||
| CVE-2024-2150 | 1 Sourcecodester | 1 Insurance Management System | 2024-11-21 | 5.3 Medium |
| A vulnerability, which was classified as critical, has been found in SourceCodester Insurance Management System 1.0. This issue affects some unknown processing. The manipulation of the argument page leads to file inclusion. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-255503. | ||||
| CVE-2024-27945 | 1 Siemens | 1 Ruggedcom Crossbow | 2024-11-21 | 7.2 High |
| A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The bulk import feature of the affected systems allow a privileged user to upload files to the root installation directory of the system. By replacing specific files, an attacker could tamper specific files or even achieve remote code execution. | ||||
| CVE-2024-27944 | 1 Siemens | 1 Ruggedcom Crossbow | 2024-11-21 | 7.2 High |
| A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow a privileged user to upload firmware files to the root installation directory of the system. By replacing specific files, an attacker could tamper specific files or even achieve remote code execution. | ||||
| CVE-2024-27943 | 1 Siemens | 1 Ruggedcom Crossbow | 2024-11-21 | 7.2 High |
| A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow a privileged user to upload generic files to the root installation directory of the system. By replacing specific files, an attacker could tamper specific files or even achieve remote code execution. | ||||
| CVE-2024-27175 | 2024-11-21 | 4.4 Medium | ||
| Remote Command program allows an attacker to read any file using a Local File Inclusion vulnerability. An attacker can read any file on the printer. As for the affected products/models/versions, see the reference URL. | ||||
| CVE-2024-26185 | 1 Microsoft | 2 Windows 11 22h2, Windows 11 23h2 | 2024-11-21 | 6.5 Medium |
| Windows Compressed Folder Tampering Vulnerability | ||||
| CVE-2024-25975 | 2024-11-21 | 6.5 Medium | ||
| The application implements an up- and downvote function which alters a value within a JSON file. The POST parameters are not filtered properly and therefore an arbitrary file can be overwritten. The file can be controlled by an authenticated attacker, the content cannot be controlled. It is possible to overwrite all files for which the webserver has write access. It is required to supply a relative path (path traversal). | ||||
| CVE-2024-25965 | 2024-11-21 | 6.1 Medium | ||
| Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 contains an external control of file name or path vulnerability. A local high privilege attacker could potentially exploit this vulnerability, leading to denial of service. | ||||