Multiple vulnerabilities in Edgecross Basic Software for Windows

Overview Edgecross Basic Software for Windows provided by Edgecross Consortium contains multiple vulnerabilities listed below. Incorrect default permissions CWE-276 - CVE-2024-4229 External control of file name or path CWE-73 - CVE-2024-4230 Edgecross Consortium reported these vulnerabilities to...

PT-2024-39453 · Olgu Computer Systems · E-Belediye

Name of the Vulnerable Software and Affected Versions: Olgu Computer Systems e-Belediye versions prior to 2.0.642 Description: The issue allows external control of file name or path due to incorrect permission assignment for critical resources, enabling manipulation of web input to file system...

CVE-2024-3980

The MicroSCADA Pro/X SYS600 product allows an authenticated user input to control or influence paths or file names that are used in filesystem operations. If exploited the vulnerability allows the attacker to access or modify system files or other files that are critical to the application...

Multiple vulnerabilities in Toshiba Tec and Oki Electric Industry MFPs

Overview MFPs multifunction printers provided by Toshiba Tec Corporation and Oki Electric Industry Co., Ltd. contain multiple vulnerabilities listed below. Improper Restriction of Recursive Entity References in DTDs 'XML Entity Expansion' CWE-776 - CVE-2024-27141, CVE-2024-27142 Execution with...

CVE-2024-25965

Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 contains an external control of file name or path vulnerability. A local high privilege attacker could potentially exploit this vulnerability, leading to denial of service...

Dell PowerScale OneFS 安全漏洞

Dell PowerScale OneFS is a proprietary operating system developed by Dell for its PowerScale horizontally scalable NAS network attached storage solution. Dell PowerScale OneFS has an external control of file name or path vulnerability that can be exploited by an attacker to cause a denial of...

CVE-2023-5247

Malicious Code Execution Vulnerability due to External Control of File Name or Path in multiple Mitsubishi Electric FA Engineering Software Products allows a malicious attacker to execute a malicious code by having legitimate users open a specially crafted project file, which could result in...

VulnCheck KEV: CVE-2022-39952

A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via...

CVE-2023-1105

CVE-2023-1105 affects FlatPress prior to v1.3 in the flatpressblog/flatpress repository. The root cause is external control of file names or paths, enabling manipulation of file targets. Impact is described as the ability to influence filenames/paths; exploitation status is not provided in the do...

Xxe

External Control of File Name or Path in GitHub repository nilsteampassnet/teampass prior to 3.0.0.22...

CVE-2023-1070

CVE-2023-1070 affects TeamPass (nilsteampassnet/teampass) prior to version 3.0.0.22. The issue is described as External Control of File Name or Path, enabling an attacker to delete arbitrary files through manipulation of file names/paths. The root cause is a vulnerability in how file names/paths ...

CVE-2023-1070 External Control of File Name or Path in nilsteampassnet/teampass

External Control of File Name or Path in GitHub repository nilsteampassnet/teampass prior to 3.0.0.22...

CVE-2022-39952

A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via...

CVE-2022-39952

A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via...

PT-2023-1417 · Fortinet · Fortinac

Name of the Vulnerable Software and Affected Versions: FortiNAC versions 8.3.7, 8.5.0 through 8.5.4, 8.6.0 through 8.6.5, 8.7.0 through 8.7.6, 8.8.0 through 8.8.11, 9.1.0 through 9.1.7, 9.2.0 through 9.2.5, 9.4.0 Description: The issue is related to incorrect external control of file name or path...

SUSE CVE-2018-1000532

beep version 1.3 and up contains a External Control of File Name or Path vulnerability in --device option that can result in Local unprivileged user can inhibit execution of arbitrary programs by other users, allowing DoS. This attack appear to be exploitable via The system must allow local users...

CVE-2022-45918

ILIAS before 7.16 allows External Control of File Name or Path...

CVE-2022-2400

External Control of File Name or Path in GitHub repository dompdf/dompdf prior to 2.0.0...

Fortinet FortiClient 安全漏洞

Fortinet FortiClient is a mobile endpoint security solution from Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance, and two-factor authentication when connected to a FortiGate firewall appliance. A security vulnerability exists in Fortinet FortiClient...

CVE-2022-1119

The Simple File List WordPress plugin is vulnerable to Arbitrary File Download via the eeFile parameter found in the /includes/ee-downloader.php file due to missing controls which makes it possible unauthenticated attackers to supply a path to a file that will subsequently be downloaded, in...