CWE:
 

Nic nie znaleziono w bazie WLB2


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2022-08-08
Waiting for details
CVE-2022-2357

Updating...
 

 
The WSM Downloader WordPress plugin through 1.4.0 allows any visitor to use its remote file download feature to download any local files, including sensitive ones like wp-config.php.

 
2022-07-17
Low
CVE-2022-2222

Vendor: Wpchill
Software: Download monitor
 

 
The Download Monitor WordPress plugin before 4.5.91 does not ensure that files to be downloaded are inside the blog folders, and not sensitive, allowing high privilege users such as admin to download the wp-config.php or /etc/passwd even in an hardened environment or multisite setup.

 
2022-07-12
Low
CVE-2022-33686

Vendor: Google
Software: Android
 

 
Exposure of Sensitive Information in GsmAlarmManager prior to SMR Jul-2022 Release 1 allows local attacker to access iccid via log.

 
2022-07-06
Medium
CVE-2022-24138

Vendor: Iobit
Software: Advanced sys...
 

 
IOBit Advanced System Care (Asc.exe) 15 and Action Download Center both download components of IOBit suite into ProgramData folder, ProgramData folder has "rwx" permissions for unprivileged users. Low privilege users can use SetOpLock to wait for CreateProcess and switch the genuine component with a malicious executable thus gaining code execution as a high privilege user (Low Privilege -> high integrity ADMIN).

 
2022-06-24
Medium
CVE-2022-32143

Vendor: Codesys
Software: Runtime toolkit
 

 
In multiple CODESYS products, file download and upload function allows access to internal files in the working directory e.g. firmware files of the PLC. All requests are processed on the controller only if no level 1 password is configured on the controller or if remote attacker has previously successfully authenticated himself to the controller. A successful Attack may lead to a denial of service, change of local files, or drain of confidential Information. User interaction is not required

 
2022-05-26
Medium
CVE-2022-29720

Vendor: 74cms
Software: 74cmsse
 

 
74cmsSE v3.5.1 was discovered to contain an arbitrary file read vulnerability via the component \index\controller\Download.php.

 
2022-05-19
Low
CVE-2022-29446

Vendor: Wow-company
Software: Counter box
 

 
Authenticated (administrator or higher role) Local File Inclusion (LFI) vulnerability in Wow-Company's Counter Box plugin <= 1.1.1 at WordPress.

 
2022-05-12
Low
CVE-2022-29302

Updating...
 

 
SolarView Compact ver.6.00 was discovered to contain a local file disclosure via /html/Solar_Ftp.php.

 
2022-05-05
Medium
CVE-2022-28462

Vendor: Novel-plus project
Software: Novel-plus
 

 
novel-plus 3.6.0 suffers from an Arbitrary file reading vulnerability.

 
2022-04-25
Waiting for details
CVE-2022-0656

Updating...
 

 
The Web To Print Shop : uDraw WordPress plugin before 3.3.3 does not validate the url parameter in its udraw_convert_url_to_base64 AJAX action (available to both unauthenticated and authenticated users) before using it in the file_get_contents function and returning its content base64 encoded in the response. As a result, unauthenticated users could read arbitrary files on the web server (such as /etc/passwd, wp-config.php etc)

 

 


Copyright 2022, cxsecurity.com

 

Back to Top