Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
directory server vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-29050
The optional "LDAP contacts provider" could be abused by privileged users to inject LDAP filter strings that allow to access content outside of the intended hierarchy. Unauthorized users could break confidentiality of information in the directory and potentially cause h...
Open-xchange Ox App Suite 7.10.6
Open-xchange Ox App Suite
Open-xchange Ox App Suite 8.16
NA
CVE-2023-6114
The Duplicator WordPress plugin prior to 1.5.7.1, Duplicator Pro WordPress plugin prior to 4.5.14.2 does not disallow listing the `backups-dup-lite/tmp` directory (or the `backups-dup-pro/tmp` directory in the Pro version), which temporarily stores files containing sensitive data...
Awesomemotive Duplicator
NA
CVE-2023-50731
MindsDB is a SQL Server for artificial intelligence. Prior to version 23.11.4.1, the `put` method in `mindsdb/mindsdb/api/http/namespaces/file.py` does not validate the user-controlled name value, which is used in a temporary file name, which is afterwards opened for writing on l...
Mindsdb Mindsdb
NA
CVE-2022-22942
The vmwgfx driver contains a local privilege escalation vulnerability that allows unprivileged users to gain access to files opened by other processes on the system through a dangling 'file' pointer.
Vmware Photon Os 4.0
Vmware Photon Os 3.0
NA
CVE-2023-41113
An issue exists in EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32, 12.x prior to 12.16.20, 13.x prior to 13.12.16, 14.x prior to 14.9.0, and 15.x prior to 15.4.0. It allows an authenticated user to to obtain information about whether certain files exist on disk, w...
Enterprisedb Postgres Advanced Server
NA
CVE-2023-41118
An issue exists in EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32, 12.x prior to 12.16.20, 13.x prior to 13.12.16, 14.x prior to 14.9.0, and 15.x prior to 15.4.0. It may allow an authenticated user to bypass authorization requirements and access underlying impleme...
Enterprisedb Postgres Advanced Server
NA
CVE-2023-36654
Directory traversal in the log-download REST API endpoint in ProLion CryptoSpike 3.0.15P2 allows remote authenticated malicious users to download host server SSH private keys (associated with a Linux root user) by injecting paths inside REST API endpoint parameters.
Prolion Cryptospike 3.0.15
NA
CVE-2023-6120
The Welcart e-Commerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.9.6 via the upload_certificate_file function. This makes it possible for administrators to upload .pem or .crt files to arbitrary locations on the server.
Collne Welcart E-commerce
NA
CVE-2023-49788
Collabora Online is a collaborative online office suite based on LibreOffice technology. Unlike a standalone dedicated Collabora Online server, the Built-in CODE Server (richdocumentscode) is run without chroot sandboxing. Vulnerable versions of the richdocumentscode app can be s...
Collaboraoffice Richdocumentscode
NA
CVE-2023-33411
A web server in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions up to 3.17.02, allows remote unauthenticated users to perform directory traversal, potentially...
Supermicro M11sdv-4c-ln4f Firmware
Supermicro M11sdv-4ct-ln4f Firmware
Supermicro M11sdv-8c-ln4f Firmware
Supermicro M11sdv-8ct-ln4f Firmware
Supermicro M11sdv-8c+-ln4f Firmware
Supermicro C9x299-pg Firmware
Supermicro C9x299-pg300 Firmware
Supermicro C9x299-pg300f Firmware
Supermicro C9x299-pgf Firmware
Supermicro C9x299-pgf-l Firmware
Supermicro C9x299-rpgf Firmware
Supermicro C9x299-rpgf-l Firmware
Supermicro B13dee Firmware
Supermicro B13det Firmware
Supermicro B13see-cpu-25g Firmware
Supermicro B13seg Firmware
Supermicro H13dsg-o-cpu Firmware
Supermicro H13dsg-o-cpu-d Firmware
Supermicro H13dsg-om Firmware
Supermicro H13dsh Firmware
Supermicro H13sae-mf Firmware
Supermicro H13sra-f Firmware
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5841
file upload
man-in-the-middle
arbitrary
CVE-2024-27801
CVE-2024-28020
CVE-2024-30080
CVE-2024-30069
CVE-2024-5843
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »