Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pydio cells vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2023-32751
Pydio Cells up to and including 4.1.2 allows XSS. Pydio Cells implements the download of files using presigned URLs which are generated using the Amazon AWS SDK for JavaScript [1]. The secrets used to sign these URLs are hardcoded and exposed through the JavaScript files of the w...
Pydio Cells
6.5
CVSSv3
CVE-2023-32750
Pydio Cells up to and including 4.1.2 allows SSRF. For longer running processes, Pydio Cells allows for the creation of jobs, which are run in the background. The job "remote-download" can be used to cause the backend to send a HTTP GET request to a specified URL and sa...
Pydio Cells
8.8
CVSSv3
CVE-2023-32749
Pydio Cells allows users by default to create so-called external users in order to share files with them. By modifying the HTTP request sent when creating such an external user, it is possible to assign the new user arbitrary roles. By assigning all roles to a newly created user,...
Pydio Cells
1 Github repository
8.8
CVSSv3
CVE-2023-2980
A vulnerability classified as critical was found in Abstrium Pydio Cells 4.2.0. This vulnerability affects unknown code of the component User Creation Handler. The manipulation leads to improper control of resource identifiers. The attack can be initiated remotely. The exploit ha...
Abstrium Pydio Cells 4.2.0
5.4
CVSSv3
CVE-2023-2981
A vulnerability, which was classified as problematic, has been found in Abstrium Pydio Cells 4.2.0. This issue affects some unknown processing of the component Chat. The manipulation leads to basic cross site scripting. The attack may be initiated remotely. The exploit has been d...
Abstrium Pydio Cells 4.2.0
4.3
CVSSv3
CVE-2023-2978
A vulnerability was found in Abstrium Pydio Cells 4.2.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Change Subscription Handler. The manipulation leads to authorization bypass. The exploit has been disclosed to the publ...
Abstrium Pydio Cells 4.2.0
8.8
CVSSv3
CVE-2023-2979
A vulnerability classified as critical has been found in Abstrium Pydio Cells 4.2.0. This affects an unknown part of the component User Creation Handler. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been discl...
Abstrium Pydio Cells 4.2.0
6.5
CVSSv3
CVE-2021-41324
Directory traversal in the Copy, Move, and Delete features in Pydio Cells 2.2.9 allows remote authenticated users to enumerate personal files (or Cells files belonging to any user) via the nodes parameter (for Copy and Move) or via the Path parameter (for Delete).
Pydio Cells 2.2.9
6.5
CVSSv3
CVE-2021-41323
Directory traversal in the Compress feature in Pydio Cells 2.2.9 allows remote authenticated users to overwrite personal files, or Cells files belonging to any user, via the format parameter.
Pydio Cells 2.2.9
6.5
CVSSv3
CVE-2021-41325
Broken access control for user creation in Pydio Cells 2.2.9 allows remote anonymous users to create standard users via the profile parameter. (In addition, such users can be granted several admin permissions via the Roles parameter.)
Pydio Cells 2.2.9
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »