An attacker with low privileges may be able to read files from specific directories on the device, potentially exposing sensitive information.
An attacker with limited permissions may still be able to write files to specific locations on the device, potentially leading to system manipulation.
An attacker may gain unauthorized access to the host filesystem, potentially allowing them to read and modify system data.
A malicious actor with access to the network and low privileges could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulate
A remote, unauthorized attacker can brute force folders and files and read them like private keys or configurations, making the application vulnerable for gathering sensitive information.
An authorized remote attacker can access files and directories outside the intended web root, potentially exposing sensitive system information of the affected Sunny Boy devices.
A low privileged remote attacker can overwrite an arbitrary file on the filesystem which may lead to an arbitrary file read with root privileges.
Out-of-bounds read in Windows Projected File System allows an authorized attacker to elevate privileges locally.
A low privileged remote attacker can specify an arbitrary file on the filesystem which may lead to an arbitrary file writes with root privileges.
Path Traversal in My Files prior to SMR Sep-2024 Release 1 allows physical attackers to access directories with My Files' privilege.
Out-of-bounds read in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally.
A vulnerability exists in REB500 for an authenticated user with low-level privileges to access and alter the content of directories by using the DAC protocol that the user is not authorized to do so.
A low privileged remote attacker with file access can replace a critical file or folder used by the service security-profile to get read, write and execute access to any file on the device.
A low privileged remote attacker with file access can replace a critical file used by the arp-preinit script to get read, write and execute access to any file on the device.
Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally.
Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally.
Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally.
Out-of-bounds read in Windows Resilient File System (ReFS) allows an authorized attacker to elevate privileges locally.
It's possible to brute force folders and files, what can be used by an attacker to steal sensitve information.
The ugw-logread method allows a remote attacker with user privileges to access arbitrary local files due to insufficient validation of user-supplied input.
Page 1+ Next →