CVE-2019-12365

The Newton application through 10.0.23 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READEXTERNALSTORAGE permission...

CVE-2019-12369

The TypeApp application through 1.9.5.35 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READEXTERNALSTORAGE permission...

EUVD-2019-4003

Malware in sbrugna...

EUVD-2021-0032

Malware in sbrugna...

CVE-2022-25824

Improper access control vulnerability in BixbyTouch prior to version 2.2.00.6 in China models allows untrusted applications to load arbitrary URL and local files in webview...

CVE-2021-37938

It was discovered that on Windows operating systems specifically, Kibana was not validating a user supplied path, which would load .pbf files. Because of this, a malicious user could arbitrarily traverse the Kibana host to load internal files ending in the .pbf extension. Thanks to Dominic Coutur...

CVE-2019-12368

The Edison Mail application through 1.7.1 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READEXTERNALSTORAGE permission...

The vulnerability of microprogrammed software in Toshiba e-STUDIO multifunctional devices, related to bypassing the authentication process through an alternative path or channel, allows attackers to circumvent security restrictions and load arbitrary files.

The vulnerability of the microprogramming software in Toshiba e-STUDIO multifunctional devices relates to bypassing the authentication process by using an alternative path or channel. Exploiting this vulnerability allows a malicious actor to circumvent security restrictions and load arbitrary fil...

The vulnerability of the file loading function of Cisco Firepower Management Center (FMC) software allows a hacker to load any desired files.

The vulnerability of the file loading function of Cisco Firepower Management Center FMC software lies in insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to load any desired files...

The vulnerability in the web interface of the Cisco Identity Services Engine (ISE) management platform allows a perpetrator to load arbitrary files.

The vulnerability in the web interface of the Cisco Identity Services Engine ISE management platform relates to the unlimited loading of dangerous files. Exploiting this vulnerability allows a malicious actor to load any desired files...

The vulnerability in the /sysmanage/changelogo.php script of the D-Link DAR-8000 router’s microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability in the /sysmanage/changelogo.php script of the D-Link DAR-8000 router’s microprogramming system is related to the unlimited loading of dangerous files. Exploiting this vulnerability could allow a remote attacker to execute arbitrary commands...

The vulnerability of the iPXE network loading standard implementation for the Cisco IOS XR operating system allows a hacker to load arbitrary files.

The vulnerability of the iPXE network loading standard implementation for the Cisco IOS XR operating system is related to insufficient verification of data authenticity during file loading. Exploiting this vulnerability could allow attackers to load arbitrary files...

CVE-2023-2745

WordPress Core is vulnerable to Directory Traversal in versions up to, and including, 6.2, via the ‘wplang’ parameter. This allows unauthenticated attackers to access and load arbitrary translation files. In cases where an attacker is able to upload a crafted translation file onto the site, such ...

The vulnerability of the APC Easy UPS Online Monitoring Software lies in its ability to allow the loading of arbitrary files, which enables a intruder to execute arbitrary code.

The vulnerability of the APC Easy UPS Online Monitoring Software relates to the ability to load any arbitrary file. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by loading any JSP file remotely...

The vulnerability of the Jenkins Deployer Framework Plugin involves incorrect path name restrictions for restricted directories, allowing attackers to load arbitrary files.

The vulnerability of the Jenkins Deployer Framework Plugin is related to an incorrect limitation on the path to the restricted directory. Exploiting this vulnerability allows a malicious actor to download arbitrary files remotely...

SUSE-SU-2022:2592-1 Security update for rubygem-tzinfo

This update for rubygem-tzinfo fixes the following issues: - CVE-2022-31163: Fixed relative path traversal vulnerability that allows TZInfo::Timezone.get to load arbitrary files bsc1201835...

UBUNTU-CVE-2022-31163

TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using time zone rules. Versions prior to 0.36.1, as well as those prior to 1.2.10 when used with the Ruby data source tzinfo-data, are vulnerable to relative path traversal. With the Ruby data source,...

PT-2022-20578 · Tzinfo +3 · Tzinfo +3

Name of the Vulnerable Software and Affected Versions: TZInfo versions prior to 0.3.61 TZInfo versions 1.0.0 to 1.2.9 when used with the Ruby data source TZInfo version 0.3.60 and earlier Description: The issue is related to relative path traversal in the TZInfo Ruby library, which provides acces...

The vulnerability of the web interface of Cisco Small Business RV340, RV340W, RV345, and RV345P router software allows a hacker to cause service interruptions.

The vulnerability of the web interface of Cisco Small Business RV340, RV340W, RV345, and RV345P microprogrammed software routers lies in the absence of restrictions on file loading. Exploiting this vulnerability can allow a malicious actor to cause service failures by loading arbitrary files onto...

Directory traversal

Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary locale .dat files containing serialized Python objects via directory traversal, leading to code execution...