Search Results | AttackerKB

Lenovo LeCloud App improper input validation allows attackers to access arbitrary components and arbitrary file downloads, which could result in information disclosure.

Attack Vector: Network Privileges: None User Interaction: None

Attacker Value

Unknown

CVE-2022-39833

Disclosure Date: November 23, 2022 (last updated October 08, 2023)

FileCloud Versions 20.2 and later allows remote attackers to potentially cause unauthorized remote code execution and access to reported API endpoints via a crafted HTTP request.

Attack Vector: Network Privileges: High User Interaction: None

Attacker Value

Unknown

CVE-2022-41085

Disclosure Date: November 09, 2022 (last updated January 11, 2025)

Azure CycleCloud Elevation of Privilege Vulnerability

Attack Vector: Adjacent Network Privileges: None User Interaction: None

Attacker Value

Unknown

CVE-2022-1958

Disclosure Date: June 15, 2022 (last updated February 23, 2025)

A vulnerability classified as critical has been found in FileCloud. Affected is an unknown function of the component NTFS Handler. The manipulation leads to improper access controls. It is possible to launch the attack remotely. Upgrading to version 21.3.5.18513 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-201960.

Attack Vector: Network Privileges: Low User Interaction: None

Attacker Value

Unknown

CVE-2022-24633

Disclosure Date: February 24, 2022 (last updated February 23, 2025)

All versions of FileCloud prior to 21.3 are vulnerable to user enumeration. The vulnerability exists in the parameter "path" passing "/SHARED/<username>". A malicious actor could identify the existence of users by requesting share information on specified share paths.

Attack Vector: Network Privileges: None User Interaction: None

16 Total Results

Displaying 1-10 of 16

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Quick Cookie Notification