Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
directory server vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-40051
This issue affects Progress Application Server (PAS) for OpenEdge in versions 11.7 before 11.7.18, 12.2 before 12.2.13, and innovation releases before 12.8.0. An attacker can formulate a request for a WEB transport that allows unintended file uploads to a server directory path on...
Progress Openedge
Progress Openedge Innovation
NA
CVE-2023-4757
The Staff / Employee Business Directory for Active Directory WordPress plugin prior to 1.2.3 does not sanitize and escape data returned from the LDAP server before rendering it in the page, allowing users who can control their entries in the LDAP directory to inject malicious jav...
Miniorange Staff \\/ Employee Business Directory For Active Directory
NA
CVE-2023-22527
A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated malicious user to achieve RCE on an affected instance. Customers using an affected version must take immediate action. Most recent supported versions of Confluence ...
Atlassian Confluence Data Center
Atlassian Confluence Server
26 Github repositories
2 Articles
NA
CVE-2023-6457
Incorrect Default Permissions vulnerability in Hitachi Tuning Manager on Windows (Hitachi Tuning Manager server component) allows local users to read and write specific files.This issue affects Hitachi Tuning Manager: prior to 8.8.5-04.
Hitachi Tuning Manager
NA
CVE-2023-48166
A directory traversal vulnerability in the SOAP Server integrated in Atos Unify OpenScape Voice V10 before V10R3.26.1 allows a remote malicious user to view the contents of arbitrary files in the local file system. An unauthenticated attacker might obtain sensitive files that all...
Unify Openscape Voice 10.0
NA
CVE-2023-5504
The BackWPup plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.0.1 via the Log File Folder. This allows authenticated malicious users to store backups in arbitrary folders on the server provided they can be written to by the server. Add...
Inpsyde Backwpup
1 Github repository
NA
CVE-2023-6583
The Import and export users and customers plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.24.2 via the Recurring Import functionality. This makes it possible for authenticated attackers, with administrator access and above, to rea...
Codection Import And Export Users And Customers
NA
CVE-2023-6699
The WP Compress – Image Optimizer [All-In-One] plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 6.10.33 via the css parameter. This makes it possible for unauthenticated malicious users to read the contents of arbitrary files o...
Wpcompress Wp Compress
NA
CVE-2023-29050
The optional "LDAP contacts provider" could be abused by privileged users to inject LDAP filter strings that allow to access content outside of the intended hierarchy. Unauthorized users could break confidentiality of information in the directory and potentially cause h...
Open-xchange Ox App Suite 7.10.6
Open-xchange Ox App Suite
Open-xchange Ox App Suite 8.16
NA
CVE-2023-6114
The Duplicator WordPress plugin prior to 1.5.7.1, Duplicator Pro WordPress plugin prior to 4.5.14.2 does not disallow listing the `backups-dup-lite/tmp` directory (or the `backups-dup-pro/tmp` directory in the Pro version), which temporarily stores files containing sensitive data...
Awesomemotive Duplicator
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »