Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pydio pydio vulnerabilities and exploits
(subscribe to this query)
614
VMScore
CVE-2020-12850
The following vulnerability applies only to the Pydio Cells Enterprise OVF version 2.0.4. Prior versions of the Pydio Cells Enterprise OVF (such as version 2.0.3) have a looser policy restriction allowing the “pydio” user to execute any privileged command using sudo. ...
Pydio Cells 2.0.4
578
VMScore
CVE-2020-12847
Pydio Cells 2.0.4 web application offers an administrative console named “Cells Console” that is available to users with an administrator role. This console provides an administrator user with the possibility of changing several settings, including the application&rsq...
Pydio Cells 2.0.4
578
VMScore
CVE-2019-20452
A problem was found in Pydio Core prior to 8.2.4 and Pydio Enterprise prior to 8.2.4. A PHP object injection is present in the page plugins/core.access/src/RecycleBinManager.php. An authenticated user with basic privileges can inject objects and achieve remote code execution.
Pydio Pydio
578
VMScore
CVE-2019-20453
A problem was found in Pydio Core prior to 8.2.4 and Pydio Enterprise prior to 8.2.4. A PHP object injection is present in the page plugins/uploader.http/HttpDownload.php. An authenticated user with basic privileges can inject objects and achieve remote code execution.
Pydio Pydio
578
VMScore
CVE-2019-12901
Pydio Cells prior to 1.5.0 fails to neutralize '../' elements, allowing an attacker with minimum privilege to Upload files to, and Delete files/folders from, an unprivileged directory, leading to Privilege escalation.
Pydio Cells
570
VMScore
CVE-2019-10045
The "action" get_sess_id in the web application of Pydio up to and including 8.2.2 discloses the session cookie value in the response body, enabling scripts to get access to its value. This identifier can be reused by an malicious user to impersonate a user and perform ...
Pydio Pydio
516
VMScore
CVE-2020-12848
In Pydio Cells 2.0.4, once an authenticated user shares a file selecting the create a public link option, a hidden shared user account is created in the backend with a random username. An anonymous user that obtains a valid public link can get the associated hidden account userna...
Pydio Cells 2.0.4
490
VMScore
CVE-2020-12851
Pydio Cells 2.0.4 allows an authenticated user to write or overwrite existing files in another user’s personal and cells folders (repositories) by uploading a custom generated ZIP file and leveraging the file extraction feature present in the web application. The extracted ...
Pydio Cells 2.0.4
445
VMScore
CVE-2019-15032
Pydio 6.0.8 mishandles error reporting when a directory allows unauthenticated uploads, and the remote-upload option is used with the http://localhost:22 URL. The attacker can obtain sensitive information such as the name of the user who created that directory and other internal ...
Pydio Pydio 6.0.8
445
VMScore
CVE-2019-10046
An unauthenticated attacker can obtain information about the Pydio 8.2.2 configuration including session timeout, libraries, and license information.
Pydio Pydio 8.2.2
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »