Vulnerabilities (CVE)

Filtered by CWE-73
Total 170 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-20234 1 Cisco 43 Firepower 1000, Firepower 1010, Firepower 1020 and 40 more 2024-11-21 N/A 4.4 MEDIUM
A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to create a file or overwrite any file on the filesystem of an affected device, including system files. The vulnerability occurs because there is no validation of parameters when a specific CLI command is used. An attacker could exploit this vulnerability by authenticating to an affected device and using the command at the CLI. A successful exploit could allow the attacker to overwrite any file on the disk of the affected device, including system files. The attacker must have valid administrative credentials on the affected device to exploit this vulnerability.
CVE-2023-1105 1 Flatpress 1 Flatpress 2024-11-21 N/A 8.1 HIGH
External Control of File Name or Path in GitHub repository flatpressblog/flatpress prior to 1.3.
CVE-2023-1070 1 Teampass 1 Teampass 2024-11-21 N/A 7.1 HIGH
External Control of File Name or Path in GitHub repository nilsteampassnet/teampass prior to 3.0.0.22.
CVE-2022-2400 1 Dompdf Project 1 Dompdf 2024-11-21 N/A 5.3 MEDIUM
External Control of File Name or Path in GitHub repository dompdf/dompdf prior to 2.0.0.
CVE-2022-0593 1 Idehweb 1 Login With Phone Number 2024-11-21 6.4 MEDIUM 6.5 MEDIUM
The Login with phone number WordPress plugin before 1.3.7 includes a file delete.php with no form of authentication or authorization checks placed in the plugin directory, allowing unauthenticated user to remotely delete the plugin files leading to a potential Denial of Service situation.
CVE-2022-0246 1 Webence 1 Iq Block Country 2024-11-21 4.0 MEDIUM 4.9 MEDIUM
The settings of the iQ Block Country WordPress plugin before 1.2.13 can be exported or imported using its backup functionality. An authorized user can import preconfigured settings of the plugin by uploading a zip file. After the uploading process, files in the uploaded zip file are extracted one by one. During the extraction process, existence of a file is checked. If the file exists, it is deleted without any security control by only considering the name of the extracted file. This behavior leads to "Zip Slip" vulnerability.
CVE-2021-3845 1 Ws Scrcpy Project 1 Ws Scrcpy 2024-11-21 5.0 MEDIUM 7.5 HIGH
ws-scrcpy is vulnerable to External Control of File Name or Path
CVE-2021-38477 1 Auvesy 1 Versiondog 2024-11-21 6.4 MEDIUM 9.8 CRITICAL
There are multiple API function codes that permit reading and writing data to or from files and directories, which could lead to the manipulation and/or the deletion of files.
CVE-2021-27250 1 Dlink 2 Dap-2020, Dap-2020 Firmware 2024-11-21 3.3 LOW 6.5 MEDIUM
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI scripts. When parsing the errorpage request parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-11856.
CVE-2021-24966 1 Bestwebsoft 1 Error Log Viewer 2024-11-21 4.0 MEDIUM 4.9 MEDIUM
The Error Log Viewer WordPress plugin through 1.1.1 does not validate the path of the log file to clear, allowing high privilege users to clear arbitrary files on the web server, including those outside of the blog folder
CVE-2020-15264 1 Chocolatey 1 Boxstarter 2024-11-21 7.2 HIGH 8.0 HIGH
The Boxstarter installer before version 2.13.0 configures C:\ProgramData\Boxstarter to be in the system-wide PATH environment variable. However, this directory is writable by normal, unprivileged users. To exploit the vulnerability, place a DLL in this directory that a privileged service is looking for. For example, WptsExtensions.dll When Windows starts, it'll execute the code in DllMain() with SYSTEM privileges. Any unprivileged user can execute code with SYSTEM privileges. The issue is fixed in version 3.13.0
CVE-2019-3681 2 Opensuse, Suse 5 Factory, Leap, Osc and 2 more 2024-11-21 6.4 MEDIUM 7.5 HIGH
A External Control of File Name or Path vulnerability in osc of SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Software Development Kit 12-SP5, SUSE Linux Enterprise Software Development Kit 12-SP4; openSUSE Leap 15.1, openSUSE Factory allowed remote attackers that can change downloaded packages to overwrite arbitrary files. This issue affects: SUSE Linux Enterprise Module for Development Tools 15 osc versions prior to 0.169.1-3.20.1. SUSE Linux Enterprise Software Development Kit 12-SP5 osc versions prior to 0.162.1-15.9.1. SUSE Linux Enterprise Software Development Kit 12-SP4 osc versions prior to 0.162.1-15.9.1. openSUSE Leap 15.1 osc versions prior to 0.169.1-lp151.2.15.1. openSUSE Factory osc versions prior to 0.169.0 .
CVE-2014-125059 1 Sternenblog Project 1 Sternenblog 2024-11-21 4.6 MEDIUM 5.0 MEDIUM
A vulnerability, which was classified as problematic, has been found in sternenseemann sternenblog. This issue affects the function blog_index of the file main.c. The manipulation of the argument post_path leads to file inclusion. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. Upgrading to version 0.1.0 is able to address this issue. The identifier of the patch is cf715d911d8ce17969a7926dea651e930c27e71a. It is recommended to upgrade the affected component. The identifier VDB-217613 was assigned to this vulnerability. NOTE: This case is rather theoretical and probably won't happen. Maybe only on obscure Web servers.
CVE-2024-10672 1 Themeisle 1 Multiple Page Generator 2024-11-14 N/A 2.7 LOW
The Multiple Page Generator Plugin – MPG plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the mpg_upsert_project_source_block() function in all versions up to, and including, 4.0.2. This makes it possible for authenticated attackers, with editor-level access and above, to delete limited files on the server.
CVE-2024-43451 1 Microsoft 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more 2024-11-14 N/A 6.5 MEDIUM
NTLM Hash Disclosure Spoofing Vulnerability
CVE-2023-5816 1 Bowo 1 Code Explorer 2024-11-06 N/A 4.9 MEDIUM
The Code Explorer plugin for WordPress is vulnerable to arbitrary external file reading in all versions up to, and including, 1.4.5. This is due to the fact that the plugin does not restrict accessing files to those outside of the WordPress instance, though the intention of the plugin is to only access WordPress related files. This makes it possible for authenticated attackers, with administrator-level access, to read files outside of the WordPress instance.
CVE-2024-5823 1 Gaizhenbiao 1 Chuanhuchatgpt 2024-10-31 N/A 9.1 CRITICAL
A file overwrite vulnerability exists in gaizhenbiao/chuanhuchatgpt versions <= 20240410. This vulnerability allows an attacker to gain unauthorized access to overwrite critical configuration files within the system. Exploiting this vulnerability can lead to unauthorized changes in system behavior or security settings. Additionally, tampering with these configuration files can result in a denial of service (DoS) condition, disrupting normal system operation.
CVE-2024-43615 1 Microsoft 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more 2024-10-21 N/A 7.1 HIGH
Microsoft OpenSSH for Windows Remote Code Execution Vulnerability
CVE-2024-43581 1 Microsoft 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more 2024-10-16 N/A 7.1 HIGH
Microsoft OpenSSH for Windows Remote Code Execution Vulnerability
CVE-2024-38029 1 Microsoft 1 Windows Server 2022 23h2 2024-10-16 N/A 7.5 HIGH
Microsoft OpenSSH for Windows Remote Code Execution Vulnerability