Total
271 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-48661 | 1 Dell | 3 Powermax Os, Solutions Enabler Virtual Appliance, Unisphere For Powermax Virtual Appliance | 2023-12-19 | 4.9 Medium |
Dell vApp Manager, versions prior to 9.2.4.x contain an arbitrary file read vulnerability. A remote malicious user with high privileges could potentially exploit this vulnerability to read arbitrary files from the target system. | ||||
CVE-2023-5907 | 1 Bitapps | 1 File Manager | 2023-12-13 | 6.5 Medium |
The File Manager WordPress plugin before 6.3 does not restrict the file managers root directory, allowing an administrator to set a root outside of the WordPress root directory, giving access to system files and directories even in a multisite setup, where site administrators should not be allowed to modify the sites files. | ||||
CVE-2023-6375 | 1 Tylertech | 1 Court Case Management Plus | 2023-12-06 | 7.5 High |
Tyler Technologies Court Case Management Plus may store backups in a location that can be accessed by a remote, unauthenticated attacker. Backups may contain sensitive information such as database credentials. | ||||
CVE-2022-37424 | 2 Linux, Opennebula | 2 Linux Kernel, Opennebula | 2023-11-30 | 6.5 Medium |
Files or Directories Accessible to External Parties vulnerability in OpenNebula on Linux allows File Discovery. | ||||
CVE-2023-39545 | 1 Nec | 2 Expresscluster X, Expresscluster X Singleserversafe | 2023-11-24 | 8.8 High |
CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command. | ||||
CVE-2023-47612 | 1 Telit | 20 Bgs5, Bgs5 Firmware, Ehs5 and 17 more | 2023-11-16 | 6.1 Medium |
A CWE-552: Files or Directories Accessible to External Parties vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow an attacker with physical access to the target system to obtain a read/write access to any files and directories on the targeted system, including hidden files and directories. | ||||
CVE-2021-31831 | 1 Mcafee | 1 Database Security | 2023-11-15 | 5.5 Medium |
Incorrect access to deleted scripts vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote authenticated attacker to gain access to signed SQL scripts which have been marked as deleted or expired within the administrative console. This access was only available through the REST API. | ||||
CVE-2021-44315 | 1 Phpgurukul | 1 Bus Pass Management System | 2023-11-14 | 7.5 High |
In Bus Pass Management System v1.0, Directory Listing/Browsing is enabled on the web server which allows an attacker to view the sensitive files of the application, for example: Any file which contains sensitive information of the user or server. | ||||
CVE-2023-4930 | 1 Shamimsplugins | 1 Front End Pm | 2023-11-14 | 6.5 Medium |
The Front End PM WordPress plugin before 11.4.3 does not block listing the contents of the directories where it stores attachments to private messages, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled. | ||||
CVE-2023-42534 | 1 Samsung | 1 Android | 2023-11-13 | 5.5 Medium |
Improper input validation vulnerability in ChooserActivity prior to SMR Nov-2023 Release 1 allows local attackers to read arbitrary files with system privilege. | ||||
CVE-2023-31017 | 2 Microsoft, Nvidia | 2 Windows, Virtual Gpu | 2023-11-13 | 7.8 High |
NVIDIA GPU Display Driver for Windows contains a vulnerability where an attacker may be able to write arbitrary data to privileged locations by using reparse points. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering. | ||||
CVE-2023-5099 | 1 Jonashjalmarsson | 1 Html Filter And Csv-file Search | 2023-11-13 | 8.8 High |
The HTML filter and csv-file search plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.7 via the 'src' attribute of the 'csvsearch' shortcode. This allows authenticated attackers, with contributor-level permissions and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | ||||
CVE-2023-5199 | 1 Php To Page Project | 1 Php To Page | 2023-11-13 | 8.8 High |
The PHP to Page plugin for WordPress is vulnerable Local File Inclusion to Remote Code Execution in versions up to, and including, 0.3 via the 'php-to-page' shortcode. This allows authenticated attackers with subscriber-level permissions or above, to include local file and potentially execute code on the server. While subscribers may need to poison log files or otherwise get a file installed in order to achieve remote code execution, author and above users can upload files by default and achieve remote code execution easily. | ||||
CVE-2023-3155 | 1 Imagely | 1 Nextgen Gallery | 2023-11-07 | 7.2 High |
The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to Arbitrary File Read and Delete due to a lack of input parameter validation in the `gallery_edit` function, allowing an attacker to access arbitrary resources on the server. | ||||
CVE-2023-28375 | 1 Propumpservice | 2 Osprey Pump Controller, Osprey Pump Controller Firmware | 2023-11-07 | 7.5 High |
Osprey Pump Controller version 1.01 is vulnerable to an unauthenticated file disclosure. Using a GET parameter, attackers can disclose arbitrary files on the affected device and disclose sensitive and system information. | ||||
CVE-2023-23330 | 1 Amano | 1 Xoffice | 2023-11-07 | 7.5 High |
amano Xparc parking solutions 7.1.3879 was discovered to be vulnerable to local file inclusion. | ||||
CVE-2023-20184 | 1 Cisco | 1 Dna Center | 2023-11-07 | 4.3 Medium |
Multiple vulnerabilities in the API of Cisco DNA Center Software could allow an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as the root user. For more information about these vulnerabilities, see the Details section of this advisory. | ||||
CVE-2023-20183 | 1 Cisco | 1 Dna Center | 2023-11-07 | 4.3 Medium |
Multiple vulnerabilities in the API of Cisco DNA Center Software could allow an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as the root user. For more information about these vulnerabilities, see the Details section of this advisory. | ||||
CVE-2023-1246 | 1 Saysis | 1 Starcities | 2023-11-07 | 7.5 High |
Files or Directories Accessible to External Parties vulnerability in Saysis Starcities allows Collect Data from Common Resource Locations.This issue affects Starcities: through 1.3. | ||||
CVE-2023-0822 | 1 Deltaww | 1 Diaenergie | 2023-11-07 | 8.8 High |
The affected product DIAEnergie (versions prior to v1.9.03.001) contains improper authorization, which could allow an unauthorized user to bypass authorization and access privileged functionality. |