The vulnerability of the PHP-SVG-Lib library for file analysis and rendering of vector graphics lies in improper external control of file names or paths, allowing attackers to execute arbitrary code.

The vulnerability of the php-svg-lib library for analyzing and rendering vector graphics is related to improper external manipulation of the file name or path. Exploiting this vulnerability could allow an attacker to execute arbitrary code with insufficient protection against attacks...

Siemens RUGGEDCOM APE1808

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

HYPR Backlink Vulnerability

HYPR is a security application from HYPR that implements password-less security. A security vulnerability exists in HYPR Workforce Access prior to version 8.7 that stems from an incorrectly resolved file access link that allows a user to take control of a file name...

The vulnerability in the /model/__lang_msg.php microprogramming software of the D-LINK DIR-300 router allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the /model/langmsg.php microprogrammed software in D-LINK DIR-300 routers is related to incorrect external control of file names or files. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility of protected...

Nextcloud 代码问题漏洞

Nextcloud is an open source, self-hosted file synchronization and sharing communication application platform from Nextcloud, a German company. A code issue vulnerability exists in Nextcloud server that stems from the ability to control file names when uploading a website icon as an administrator ...

Arbitrary File Write

nilsteampassnet/teampass is vulnerable to External Control Of File Name. The vulnerability is due to a lack of santization in the path element, which allows an attacker to write arbitrary files outside the expected directory...

CVE-2023-1070 External Control of File Name or Path in nilsteampassnet/teampass

External Control of File Name or Path in GitHub repository nilsteampassnet/teampass prior to 3.0.0.22...

The vulnerability in the web interface of the security, automation, and response platform Cortex XSOAR allows a attacker to read arbitrary files.

The vulnerability of the web interface of the security, automation, and response platform Cortex XSOAR is related to improper external control of the file name or file path. Exploiting this vulnerability allows a malicious actor to read arbitrary files...

PT-2023-1646 · Teampass · Teampass

Name of the Vulnerable Software and Affected Versions: TeamPass versions prior to 3.0.0.22 Description: The issue is related to external control of file name or path in the TeamPass password manager, which can be exploited by a remote attacker to delete arbitrary files. Recommendations: For...

UBUNTU-CVE-2022-2400

External Control of File Name or Path in GitHub repository dompdf/dompdf prior to 2.0.0...

CVE-2022-2400 External Control of File Name or Path in dompdf/dompdf

External Control of File Name or Path in GitHub repository dompdf/dompdf prior to 2.0.0...

The vulnerability of the Cisco Prime Infrastructure monitoring and management system, the Cisco Evolved Programmable Network (EPN) Manager software for managing network services, and the Cisco Identity Services Engine platform for managing connection policies arises from improper external control of file names or paths. This allows attackers to write arbitrary files.

The vulnerability of the Cisco Prime Infrastructure monitoring and management system, the Cisco Evolved Programmable Network EPN Manager software for managing network services, and the Cisco Identity Services Engine connection policy management platform are related to improper external manipulati...

VulnCheck KEV: CVE-2019-7195

QNAP devices running Photo Station contain an external control of file name or path vulnerability allowing remote attackers to access or modify system files...

CVE-2019-7194

This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP recommend updating Photo Station to their latest versions...

GHSA-JHGP-HVJ6-X2P2 Stored Cross-Site Scripting in tianma-static

All versions of tianma-static are vulnerable to stored cross-site scripting XSS. The vulnerability is exploitable if a user can control the name of a file that is served by tianma-static Recommendation As no fix is available for this vulnerability at this time it is our recommendation to use...

Design/Logic Flaw

In Advantech WebAccess versions V8.220170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an external control of file name or path vulnerability has been identified...

PHPCMS V9 getwebshell exploit and fix-vulnerability warning-the black bar safety net

Without any permission, directly to get WEBSHELL on. and... Actually. in. There is a condition limit, and have PHP parse the vulnerability of the host to pass to kill。。。。 Life on the outside, the most important not many friends but, super long standby. I'm Edison, you know me. Detailed descriptio...