128 matches found
Design/Logic Flaw
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists that could cause tampering of files on the personal computer running C-Bus when using the File Command...
CVE-2023-5399
Schneider Electric C-Bus Toolkit (SpaceLogic C-Bus Toolkit) contains a path traversal flaw in the FileCommand feature that can allow unauthenticated remote code execution. The root cause is improper validation of a user-supplied path prior to file operations, enabling an attacker to tamper with f...
CVE-2023-5399
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists that could cause tampering of files on the personal computer running C-Bus when using the File Command...
PT-2023-6039 · Schneider Electric · C-Bus Toolkit
Name of the Vulnerable Software and Affected Versions: Schneider Electric C-Bus Toolkit affected versions not specified Description: A path traversal issue exists due to improper limitation of a pathname to a restricted directory. This could cause tampering of files on the personal computer runni...
file 缓冲区错误漏洞
file is an open source implementation of the Unix File1 command by Fine Free File Command. A security vulnerability exists in file versions prior to 5.43, which stems from an over-read of a stack-based buffer in filecopystr in funcs.c. The vulnerability is caused by the use of a stack-based buffe...
SUSE CVE-2016-8569
The gitoidnfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service NULL pointer dereference via a cat-file command with a crafted object file...
CVE-2022-41991
A heap-based buffer overflow vulnerability exists in the m2m DELETEFILE cmd functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger this vulnerability...
CVE-2022-40222
An OS command injection vulnerability exists in the m2m DELETEFILE cmd functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger this vulnerability...
PT-2023-13961 · Siretta · Siretta Quartz-Gold
Name of the Vulnerable Software and Affected Versions: Siretta QUARTZ-GOLD version G5.0.1.5-210720-141020 Description: A directory traversal issue exists in the m2m DELETE FILE cmd functionality. This can be exploited by sending a specially-crafted network packet, leading to arbitrary file...
PYSEC-2022-264
mangadex-downloader is a command-line tool to download manga from MangaDex. When using file: command and is a web URL location http, https, mangadex-downloader between versions 1.3.0 and 1.7.2 will try to open and read a file in local disk for each line of website contents. Version 1.7.2 contains...
CVE-2022-36082 mangadex-downloader vulnerable to unauthorized file reading
mangadex-downloader is a command-line tool to download manga from MangaDex. When using file: command and is a web URL location http, https, mangadex-downloader between versions 1.3.0 and 1.7.2 will try to open and read a file in local disk for each line of website contents. Version 1.7.2 contains...
mangadex-downloader 输入验证错误漏洞
mangadex-downloader is a command line tool for downloading comics from MangaDex by the individual developer Rahman Yusuf. An input validation error vulnerability exists in versions of mangadex-downloader prior to 1.7.2, which stems from an attempt to open and read a file on local disk for each li...
Moderate: Red Hat Security Advisory: file security update
An update for file is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...
Moderate: file security update
The file command is used to identify a particular file according to the type of data the file contains. It can identify many different file types, including Executable and Linkable Format ELF binary files, system libraries, RPM packages, and different graphics formats. Security Fixes: file:...
RLSA-2021:4374 Moderate: file security update
The file command is used to identify a particular file according to the type of data the file contains. It can identify many different file types, including Executable and Linkable Format ELF binary files, system libraries, RPM packages, and different graphics formats. Security Fixes: file:...
ALSA-2021:4374 Moderate: file security update
The file command is used to identify a particular file according to the type of data the file contains. It can identify many different file types, including Executable and Linkable Format ELF binary files, system libraries, RPM packages, and different graphics formats. Security Fixes: file:...
CVE-2020-7869
An improper input validation vulnerability of ZOOK software remote administration tool could allow a remote attacker to create arbitrary file. The ZOOK viewer has the "Tight file CMD" function to create file. An attacker could create and execute arbitrary file in the ZOOK agent program using "Tig...
ZOOK 输入验证错误漏洞
ZOOK is a Korean remote control service program that can control a remote PC from an Android phone. A security vulnerability exists in the ZOOK software remote administration tool, which can be exploited by an attacker to create and execute arbitrary files in the ZOOK agent program using the "Tig...
ALBA-2021:1091 file bug fix and enhancement update
The file command is used to identify a particular file according to the type of data the file contains. It can identify many different file types, including Executable and Linkable Format ELF binary files, system libraries, RPM packages, and different graphics formats. Bug Fixes and Enhancements:...
Low: Red Hat Security Advisory: file security update
An update for file is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...