Total
169 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-43451 | 1 Microsoft | 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more | 2024-11-15 | 6.5 Medium |
NTLM Hash Disclosure Spoofing Vulnerability | ||||
CVE-2024-10672 | 1 Themeisle | 1 Multiple Page Generator | 2024-11-14 | 2.7 Low |
The Multiple Page Generator Plugin – MPG plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the mpg_upsert_project_source_block() function in all versions up to, and including, 4.0.2. This makes it possible for authenticated attackers, with editor-level access and above, to delete limited files on the server. | ||||
CVE-2020-26078 | 1 Cisco | 1 Iot Field Network Director | 2024-11-13 | 6.5 Medium |
A vulnerability in the file system of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to overwrite files on an affected system. The vulnerability is due to insufficient file system protections. An attacker could exploit this vulnerability by crafting API requests and sending them to an affected system. A successful exploit could allow the attacker to overwrite files on an affected system. | ||||
CVE-2024-38029 | 1 Microsoft | 2 Windows Server 2022 23h2, Windows Server 23h2 | 2024-11-12 | 7.5 High |
Microsoft OpenSSH for Windows Remote Code Execution Vulnerability | ||||
CVE-2024-43615 | 1 Microsoft | 17 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 14 more | 2024-11-12 | 7.1 High |
Microsoft OpenSSH for Windows Remote Code Execution Vulnerability | ||||
CVE-2024-43581 | 1 Microsoft | 17 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 14 more | 2024-11-12 | 7.1 High |
Microsoft OpenSSH for Windows Remote Code Execution Vulnerability | ||||
CVE-2021-1306 | 1 Cisco | 3 Evolved Programmable Network Manager, Identity Services Engine, Prime Infrastructure | 2024-11-08 | 4.4 Medium |
A vulnerability in the restricted shell of Cisco Evolved Programmable Network (EPN) Manager, Cisco Identity Services Engine (ISE), and Cisco Prime Infrastructure could allow an authenticated, local attacker to identify directories and write arbitrary files to the file system. This vulnerability is due to improper validation of parameters that are sent to a CLI command within the restricted shell. An attacker could exploit this vulnerability by logging in to the device and issuing certain CLI commands. A successful exploit could allow the attacker to identify file directories on the affected device and write arbitrary files to the file system on the affected device. To exploit this vulnerability, the attacker must be an authenticated shell user. | ||||
CVE-2021-34761 | 1 Cisco | 3 Firepower Management Center Virtual Appliance, Firepower Threat Defense, Sourcefire Defense Center | 2024-11-07 | 4.4 Medium |
A vulnerability in Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to overwrite or append arbitrary data to system files using root-level privileges. The attacker must have administrative credentials on the device. This vulnerability is due to incomplete validation of user input for a specific CLI command. An attacker could exploit this vulnerability by authenticating to the device with administrative privileges and issuing a CLI command with crafted user parameters. A successful exploit could allow the attacker to overwrite or append arbitrary data to system files using root-level privileges. | ||||
CVE-2023-5816 | 1 Bowo | 1 Code Explorer | 2024-11-06 | 4.9 Medium |
The Code Explorer plugin for WordPress is vulnerable to arbitrary external file reading in all versions up to, and including, 1.4.5. This is due to the fact that the plugin does not restrict accessing files to those outside of the WordPress instance, though the intention of the plugin is to only access WordPress related files. This makes it possible for authenticated attackers, with administrator-level access, to read files outside of the WordPress instance. | ||||
CVE-2022-20789 | 1 Cisco | 1 Unified Communications Manager | 2024-11-06 | 4.9 Medium |
A vulnerability in the software upgrade process of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to write arbitrary files on the affected system. This vulnerability is due to improper restrictions applied to a system script. An attacker could exploit this vulnerability by using crafted variables during the execution of a system upgrade. A successful exploit could allow the attacker to overwrite or append arbitrary data to system files using root-level privileges. | ||||
CVE-2024-5823 | 1 Gaizhenbiao | 1 Chuanhuchatgpt | 2024-10-31 | 9.1 Critical |
A file overwrite vulnerability exists in gaizhenbiao/chuanhuchatgpt versions <= 20240410. This vulnerability allows an attacker to gain unauthorized access to overwrite critical configuration files within the system. Exploiting this vulnerability can lead to unauthorized changes in system behavior or security settings. Additionally, tampering with these configuration files can result in a denial of service (DoS) condition, disrupting normal system operation. | ||||
CVE-2022-39952 | 1 Fortinet | 1 Fortinac | 2024-10-23 | 9.8 Critical |
A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP request. | ||||
CVE-2024-38173 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2024-10-16 | 6.7 Medium |
Microsoft Outlook Remote Code Execution Vulnerability | ||||
CVE-2024-38165 | 1 Microsoft | 4 Windows 11 22h2, Windows 11 22h2, Windows 11 23h2 and 1 more | 2024-10-16 | 6.5 Medium |
Windows Compressed Folder Tampering Vulnerability | ||||
CVE-2024-38040 | 1 Esri | 1 Portal For Arcgis | 2024-10-15 | 7.5 High |
There is a local file inclusion vulnerability in Esri Portal for ArcGIS 11.2. 11.1, 11.0 and 10.9.1 that may allow a remote, unauthenticated attacker to craft a URL that could potentially disclose sensitive configuration information by reading internal files. | ||||
CVE-2024-9142 | 1 Olgu Computer Systems | 1 E-belediye | 2024-10-14 | 9.8 Critical |
External Control of File Name or Path, : Incorrect Permission Assignment for Critical Resource vulnerability in Olgu Computer Systems e-Belediye allows Manipulating Web Input to File System Calls.This issue affects e-Belediye: before 2.0.642. | ||||
CVE-2024-9575 | 1 Rami.io Gmbh | 1 Pretiix Widget Wordpress Plugin | 2024-10-14 | 8.1 High |
Local File Inclusion vulnerability in pretix Widget WordPress plugin pretix-widget on Windows allows PHP Local File Inclusion. This issue affects pretix Widget WordPress plugin: from 1.0.0 through 1.0.5. | ||||
CVE-2023-40194 | 1 Foxitsoftware | 1 Foxit Reader | 2024-10-10 | 8.8 High |
An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to mistreatment of whitespace characters. A specially crafted malicious file can create files at arbitrary locations, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled. | ||||
CVE-2023-4191 | 2 Resort Reservation System Project, Sourcecodester | 2 Resort Reservation System, Resort Reservation System | 2024-10-09 | 6.3 Medium |
A vulnerability, which was classified as critical, has been found in SourceCodester Resort Reservation System 1.0. Affected by this issue is some unknown functionality of the file index.php. The manipulation of the argument page leads to file inclusion. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-236234 is the identifier assigned to this vulnerability. | ||||
CVE-2024-38049 | 1 Microsoft | 23 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 20 more | 2024-10-08 | 6.6 Medium |
Windows Distributed Transaction Coordinator Remote Code Execution Vulnerability |