Total
193 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-1585 | 1 Project-source-code-download Project | 1 Project-source-code-download | 2022-08-04 | N/A | 7.5 HIGH |
| The Project Source Code Download WordPress plugin through 1.0.0 does not protect its backup generation and download functionalities, which may allow any visitors on the site to download the entire site, including sensitive files like wp-config.php. | |||||
| CVE-2021-1256 | 1 Cisco | 1 Firepower Threat Defense | 2022-07-29 | 3.6 LOW | 6.0 MEDIUM |
| A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to overwrite files on the file system of an affected device by using directory traversal techniques. A successful exploit could cause system instability if important system files are overwritten. This vulnerability is due to insufficient validation of user input for the file path in a specific CLI command. An attacker could exploit this vulnerability by logging in to a targeted device and issuing a specific CLI command with crafted user input. A successful exploit could allow the attacker to overwrite arbitrary files on the file system of the affected device. The attacker would need valid user credentials on the device. | |||||
| CVE-2022-34049 | 1 Wavlink | 2 Wl-wn530hg4, Wl-wn530hg4 Firmware | 2022-07-27 | N/A | 5.3 MEDIUM |
| An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows unauthenticated attackers to download log files and configuration data. | |||||
| CVE-2021-40149 | 1 Reolink | 2 E1 Zoom, E1 Zoom Firmware | 2022-07-27 | N/A | 5.9 MEDIUM |
| The web server of the E1 Zoom camera through 3.0.0.716 discloses its SSL private key via the root web server directory. In this way an attacker can download the entire key via the /self.key URI. | |||||
| CVE-2021-40150 | 1 Reolink | 2 E1 Zoom, E1 Zoom Firmware | 2022-07-22 | N/A | 7.5 HIGH |
| The web server of the E1 Zoom camera through 3.0.0.716 discloses its configuration via the /conf/ directory that is mapped to a publicly accessible path. In this way an attacker can download the entire NGINX/FastCGI configurations by querying the /conf/nginx.conf or /conf/fastcgi.conf URI. | |||||
| CVE-2022-2222 | 1 Wpchill | 1 Download Monitor | 2022-07-18 | 4.0 MEDIUM | 4.9 MEDIUM |
| The Download Monitor WordPress plugin before 4.5.91 does not ensure that files to be downloaded are inside the blog folders, and not sensitive, allowing high privilege users such as admin to download the wp-config.php or /etc/passwd even in an hardened environment or multisite setup. | |||||
| CVE-2022-24138 | 1 Iobit | 1 Advanced Systemcare | 2022-07-13 | 7.2 HIGH | 7.8 HIGH |
| IOBit Advanced System Care (Asc.exe) 15 and Action Download Center both download components of IOBit suite into ProgramData folder, ProgramData folder has "rwx" permissions for unprivileged users. Low privilege users can use SetOpLock to wait for CreateProcess and switch the genuine component with a malicious executable thus gaining code execution as a high privilege user (Low Privilege -> high integrity ADMIN). | |||||
| CVE-2020-11469 | 1 Zoom | 1 Meetings | 2022-07-12 | 7.2 HIGH | 7.8 HIGH |
| Zoom Client for Meetings through 4.6.8 on macOS copies runwithroot to a user-writable temporary directory during installation, which allows a local process (with the user's privileges) to obtain root access by replacing runwithroot. | |||||
| CVE-2022-21236 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2022-07-01 | 5.0 MEDIUM | 7.5 HIGH |
| An information disclosure vulnerability exists due to a web server misconfiguration in the Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2022-32143 | 1 Codesys | 2 Plcwinnt, Runtime Toolkit | 2022-07-01 | 6.5 MEDIUM | 8.8 HIGH |
| In multiple CODESYS products, file download and upload function allows access to internal files in the working directory e.g. firmware files of the PLC. All requests are processed on the controller only if no level 1 password is configured on the controller or if remote attacker has previously successfully authenticated himself to the controller. A successful Attack may lead to a denial of service, change of local files, or drain of confidential Information. User interaction is not required | |||||
| CVE-2021-44719 | 2 Apple, Docker | 3 Mac Os X, Macos, Docker Desktop | 2022-06-09 | 6.6 MEDIUM | 8.4 HIGH |
| Docker Desktop 4.3.0 has Incorrect Access Control. | |||||
| CVE-2022-30428 | 1 Ginadmin Project | 1 Ginadmin | 2022-06-08 | 5.0 MEDIUM | 7.5 HIGH |
| In ginadmin through 05-10-2022, the incoming path value is not filtered, resulting in arbitrary file reading. | |||||
| CVE-2015-5211 | 2 Debian, Vmware | 2 Debian Linux, Spring Framework | 2022-06-04 | 9.3 HIGH | 9.6 CRITICAL |
| Under some situations, the Spring Framework 4.2.0 to 4.2.1, 4.0.0 to 4.1.7, 3.2.0 to 3.2.14 and older unsupported versions is vulnerable to a Reflected File Download (RFD) attack. The attack involves a malicious user crafting a URL with a batch script extension that results in the response being downloaded rather than rendered and also includes some input reflected in the response. | |||||
| CVE-2020-11642 | 1 Br-automation | 1 Sitemanager | 2022-06-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| The local file inclusion vulnerability present in B&R SiteManager versions <9.2.620236042 allows authenticated users to impact availability of SiteManager instances. | |||||
| CVE-2020-11641 | 1 Br-automation | 1 Sitemanager | 2022-06-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| A local file inclusion vulnerability in B&R SiteManager versions <9.2.620236042 allows authenticated users to read sensitive files from SiteManager instances. | |||||
| CVE-2022-29720 | 1 74cms | 1 74cmsse | 2022-06-02 | 5.0 MEDIUM | 7.5 HIGH |
| 74cmsSE v3.5.1 was discovered to contain an arbitrary file read vulnerability via the component \index\controller\Download.php. | |||||
| CVE-2022-29447 | 1 Wow-company | 1 Hover Effects | 2022-06-02 | 4.0 MEDIUM | 7.2 HIGH |
| Authenticated (administrator or higher user role) Local File Inclusion (LFI) vulnerability in Wow-Company's Hover Effects plugin <= 2.1 at WordPress. | |||||
| CVE-2022-29446 | 1 Wow-company | 1 Counter Box | 2022-05-26 | 4.0 MEDIUM | 7.2 HIGH |
| Authenticated (administrator or higher role) Local File Inclusion (LFI) vulnerability in Wow-Company's Counter Box plugin <= 1.1.1 at WordPress. | |||||
| CVE-2021-42644 | 1 Cmseasy | 1 Cmseasy | 2022-05-26 | 4.0 MEDIUM | 6.5 MEDIUM |
| cmseasy V7.7.5_20211012 is affected by an arbitrary file read vulnerability. After login, the configuration file information of the website such as the database configuration file (config / config_database) can be read through this vulnerability. | |||||
| CVE-2020-3927 | 2 Changingtec, Microsoft | 2 Servisign, Windows | 2022-05-25 | 8.5 HIGH | 7.5 HIGH |
| An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the attackers learn the specific API function, they may access arbitrary files on target system via crafted API parameter. | |||||