CVE & Exploit Intelligence Database

CVE-2022-43513 8.2 HIGH EPSS 0.00

A vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6 (All versions < V6.0 SP9 Upd4), TeleControl Server Basic V3 (All versions < V3.1.2). The affected components allow to rename license files with user chosen input without authentication. This could allow an unauthenticated remote attacker to rename and move files as SYSTEM user.

CWE-610 Jan 10, 2023

CVE-2014-125059 5.0 MEDIUM EPSS 0.01

A vulnerability, which was classified as problematic, has been found in sternenseemann sternenblog. This issue affects the function blog_index of the file main.c. The manipulation of the argument post_path leads to file inclusion. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. Upgrading to version 0.1.0 is able to address this issue. The identifier of the patch is cf715d911d8ce17969a7926dea651e930c27e71a. It is recommended to upgrade the affected component. The identifier VDB-217613 was assigned to this vulnerability. NOTE: This case is rather theoretical and probably won't happen. Maybe only on obscure Web servers.

CWE-73 Jan 07, 2023

CVE-2014-125044 6.3 MEDIUM EPSS 0.01

A vulnerability, which was classified as critical, was found in soshtolsus wing-tight. This affects an unknown part of the file index.php. The manipulation of the argument p leads to file inclusion. It is possible to initiate the attack remotely. Upgrading to version 1.0.0 is able to address this issue. The patch is named 567bc33e6ed82b0d0179c9add707ac2b257aeaf2. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217515.

CWE-610 Jan 05, 2023

CVE-2022-45213 5.3 MEDIUM EPSS 0.00

perfSONAR before 4.4.6 inadvertently supports the parse option for a file:// URL.

CWE-73 Jan 01, 2023

CVE-2022-34669 8.8 HIGH EPSS 0.00

NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can access or modify system files or other files that are critical to the application, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.

CWE-610 Dec 30, 2022

CVE-2022-31739 8.8 HIGH EPSS 0.00

When downloading files on Windows, the % character was not escaped, which could have lead to a download incorrectly being saved to attacker-influenced paths that used variables such as %HOMEPATH% or %APPDATA%.<br>*This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.

CWE-73 Dec 22, 2022

CVE-2022-23536 6.5 MEDIUM EPSS 0.01

Cortex provides multi-tenant, long term storage for Prometheus. A local file inclusion vulnerability exists in Cortex versions 1.13.0, 1.13.1 and 1.14.0, where a malicious actor could remotely read local files as a result of parsing maliciously crafted Alertmanager configurations when submitted to the Alertmanager Set Configuration API. Only users of the Alertmanager service where `-experimental.alertmanager.enable-api` or `enable_api: true` is configured are affected. Affected Cortex users are advised to upgrade to patched versions 1.13.2 or 1.14.1. However as a workaround, Cortex administrators may reject Alertmanager configurations containing the `api_key_file` setting in the `opsgenie_configs` section before sending to the Set Alertmanager Configuration API.

CWE-184 Dec 19, 2022

CVE-2022-42893 7.5 HIGH EPSS 0.00

A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics application server hosts a web service using an operation with improper write access control that could allow to write data in any folder accessible to the account assigned to the website’s application pool.

CWE-610 Nov 17, 2022

CVE-2022-42891 7.5 HIGH EPSS 0.00

A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics application server hosts a web service using an operation with improper write access control that could allow to write data in any folder accessible to the account assigned to the website’s application pool.

CWE-610 Nov 17, 2022

CVE-2022-42734 7.5 HIGH EPSS 0.00

A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics application server hosts a web service using an operation with improper write access control that could allow to write data in any folder accessible to the account assigned to the website’s application pool.

CWE-610 Nov 17, 2022

CVE-2022-42733 7.5 HIGH EPSS 0.00

A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics application server hosts a web service using an operation with improper read access control that could allow files to be retrieved from any folder accessible to the account assigned to the website’s application pool.

CWE-610 Nov 17, 2022

CVE-2022-42732 7.5 HIGH EPSS 0.00

A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics application server hosts a web service using an operation with improper read access control that could allow files to be retrieved from any folder accessible to the account assigned to the website’s application pool.

CWE-610 Nov 17, 2022

CVE-2022-2431 8.1 HIGH EPSS 0.17

The Download Manager plugin for WordPress is vulnerable to arbitrary file deletion in versions up to, and including 3.2.50. This is due to insufficient file type and path validation on the deleteFiles() function found in the ~/Admin/Menu/Packages.php file that triggers upon download post deletion. This makes it possible for contributor level users and above to supply an arbitrary file path via the 'file[files]' parameter when creating a download post and once the user deletes the post the supplied arbitrary file will be deleted. This can be used by attackers to delete the /wp-config.php file which will reset the installation and make it possible for an attacker to achieve remote code execution on the server.

CWE-610 Sep 06, 2022

CVE-2022-2638 6.5 MEDIUM EPSS 0.00

The Export All URLs WordPress plugin before 4.4 does not validate the path of the file to be removed on the system which is supposed to be the CSV file. This could allow high privilege users to delete arbitrary file from the server

CWE-610 Aug 29, 2022

CVE-2022-32761 6.5 MEDIUM 1 Writeup EPSS 0.03

An information disclosure vulnerability exists in the aVideoEncoderReceiveImage functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger this vulnerability.

CWE-610 Aug 22, 2022

CVE-2022-28710 6.5 MEDIUM 1 Writeup EPSS 0.03

An information disclosure vulnerability exists in the chunkFile functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger this vulnerability.

CWE-610 Aug 22, 2022

CVE-2022-2400 5.3 MEDIUM 1 Writeup EPSS 0.00

External Control of File Name or Path in GitHub repository dompdf/dompdf prior to 2.0.0.

CWE-73 Jul 18, 2022

CVE-2022-34765 5.5 MEDIUM EPSS 0.00

A CWE-73: External Control of File Name or Path vulnerability exists that could cause loading of unauthorized firmware images when user-controlled data is written to the file path. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V2.01 and later), OPC UA Modicon Communication Module (BMENUA0100) (V1.10 and prior)

CWE-668 Jul 13, 2022

CVE-2022-24900 9.9 CRITICAL 1 Writeup NUCLEI EPSS 0.69

Piano LED Visualizer is software that allows LED lights to light up as a person plays a piano connected to a computer. Version 1.3 and prior are vulnerable to a path traversal attack. The `os.path.join` call is unsafe for use with untrusted input. When the `os.path.join` call encounters an absolute path, it ignores all the parameters it has encountered till that point and starts working with the new absolute path. Since the "malicious" parameter represents an absolute path, the result of `os.path.join` ignores the static directory completely. Hence, untrusted input is passed via the `os.path.join` call to `flask.send_file` can lead to path traversal attacks. A patch with a fix is available on the `master` branch of the GitHub repository. This can also be fixed by preventing flow of untrusted data to the vulnerable `send_file` function. In case the application logic necessiates this behaviour, one can either use the `flask.safe_join` to join untrusted paths or replace `flask.send_file` calls with `flask.send_from_directory` calls.

CWE-22 Apr 29, 2022

CVE-2022-20789 4.9 MEDIUM EPSS 0.01

A vulnerability in the software upgrade process of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to write arbitrary files on the affected system. This vulnerability is due to improper restrictions applied to a system script. An attacker could exploit this vulnerability by using crafted variables during the execution of a system upgrade. A successful exploit could allow the attacker to overwrite or append arbitrary data to system files using root-level privileges.

CWE-610 Apr 21, 2022