BIT-MOODLE-2020-14322

In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, yuicombo needed to limit the amount of files it can load to help mitigate the risk of denial of service...

The vulnerability of the application software interface for backup/restore services provided by the Apache Solr search server allows a hacker to execute arbitrary code within the system.

The vulnerability of the application programming interface for backup/restore services provided by the Apache Solr search server lies in the lack of restrictions on the loading of files. Exploiting this vulnerability allows a malicious actor to execute arbitrary code within the system remotely...

The vulnerability of the Apache InLong data integration platform lies in its reliance on files and directories accessible from external parties, allowing attackers to execute arbitrary code.

The vulnerability of the Apache InLong data integration platform lies in the use of files and directories accessible to external parties due to incorrect restrictions on the path to the restricted directory during file loading. Exploiting this vulnerability allows a malicious actor to execute...

The vulnerability of the SCP utility for access control and remote authentication, as well as software such as BIG-IP Advanced Firewall Manager, BIG-IP Advanced Web Application Firewall, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security Manager, BIG-IP Application Visibility and Reporting (AVR), BIG-IP Camer-Grade NAT (CGNAT), BIG-IP DDos Hybrid Defender, BIG-IP Domain Name System, BIG-IP Edge Gateway, BIG-IP Fraud Protection Service, BIG-IP Global Traffic Manager, BIG-IP Link Controller, BIG-IP Local Traffic Manager, BIG-IP Policy Inforcement Manager, BIG-IP SSL Orchestrator, BIG-IP Webaccelerator, and BIG-IP WebSafe—is related to unlimited resource distribution. This allows attackers to execute arbitrary commands.

The vulnerability of the SCP utility for access control and remote authentication, as well as software such as BIG-IP Advanced Firewall Manager, BIG-IP Advanced Web Application Firewall, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security Manager, BIG-IP...

The vulnerability of the File Transfer Protocol (FTP) implementation in the microprogrammed networking devices of ZyXEL USG FLEX, USG FLEX 50(W)/USG20(W)-VPN, USG FLEX H, and ATP allows a perpetrator to execute arbitrary commands.

The vulnerability of the File Transfer Protocol FTP implementation in microprogrammed network devices such as ZyXEL USG FLEX, USG FLEX 50W/USG20W-VPN, USG FLEX H, and ATP lies in the lack of measures to neutralize special elements used in operating system commands during the loading of binary...

The vulnerability of the core.mediamanager component in the SCHLIX CMS content management system allows a hacker to execute arbitrary code.

The vulnerability of the core.mediamanager component in the SCHLIX CMS content management system is related to the unlimited loading of dangerous files. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

The vulnerability of the file loading function of the corporate cloud storage system HGiga OAKlouds allows a attacker to execute arbitrary code.

The vulnerability of the file loading function of the corporate cloud storage system HGiga OAKlouds relates to the unlimited loading of dangerous types of files. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code by sending a specially crafted file...

The vulnerability of the microprogrammed control units Saho ADM100 and ADM-100FP lies in the possibility of unlimited loading of dangerous files, allowing a intruder to execute arbitrary commands.

The vulnerability of the microprogrammed control units Saho ADM100 and ADM-100FP lies in the ability to download files of a malicious nature without limitation. Exploiting this vulnerability allows an attacker to execute arbitrary commands remotely by introducing specially crafted files...

The vulnerability of the file loading component of the Oracle Web Applications Desktop Integrator software allows a attacker to compromise the confidentiality and integrity of the protected information.

The vulnerability of the file loading component of the Oracle Web Applications Desktop Integrator software relates to insufficient validation of input data. Exploiting this vulnerability allows an attacker to compromise the confidentiality and integrity of protected information through the use of...

The vulnerability of PMB electronic document management software lies in its ability to download files of a malicious nature without limitation. This allows attackers to execute arbitrary code and increase their privileges.

The vulnerability of PMB electronic document management software is related to the unlimited loading of dangerous types of files. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely and increase their privileges through a specially created PHP file...

EulerOS Virtualization 3.0.6.0 : php (EulerOS-SA-2023-3445)

According to the versions of the php packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In PHP versions 8.0. before 8.0.29, 8.1. before 8.1.20, 8.2. before 8.2.7 when using SOAP HTTP Digest Authentication, random value...

The vulnerability of the BMP Logo Handler component in the BIOS AMI AptioV configuration tool allows a hacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the BMP Logo Handler component in the BIOS AMI AptioV setup tool involves the unlimited loading of dangerous files. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

The vulnerability of the Custom Includes module in the Nagios XI monitoring tool allows a hacker to execute arbitrary code and gain unauthorized access to protected information.

The vulnerability of the Custom Includes module in Nagios XI is related to the unlimited loading of files of a dangerous type. Exploiting this vulnerability allows a malicious actor to execute arbitrary code and gain unauthorized access to protected information...

The vulnerability of the Apache Struts software platform, related to the use of files and directories accessible from external parties, allows a hacker to execute arbitrary code.

The vulnerability of the Apache Struts software platform is related to the use of files and directories accessible from external parties due to incorrect restrictions on the path to the restricted directory during file loading. Exploiting this vulnerability allows a remote attacker to execute...

The vulnerability of the ACEManager component in the ALEOS operating system of Sierra Wireless’ wireless routers—MP70, RV50x, RV55, LX40, LX60 ES450, GX450—allows a hacker to execute arbitrary scripts and trigger a system reboot.

The vulnerability of the ACEManager component in the ALEOS operating system of Sierra Wireless’ wireless routers—MP70, RV50x, RV55, LX40, LX60 ES450, GX450—is related to the ability to load files of a malicious nature without limitation. Exploiting this vulnerability allows an attacker to execute...

The vulnerability of the file loading function of Cisco Firepower Management Center (FMC) software allows a hacker to load any desired files.

The vulnerability of the file loading function of Cisco Firepower Management Center FMC software lies in insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to load any desired files...

The vulnerability in the web interface of the Cisco Identity Services Engine (ISE) management platform allows a perpetrator to load arbitrary files.

The vulnerability in the web interface of the Cisco Identity Services Engine ISE management platform relates to the unlimited loading of dangerous files. Exploiting this vulnerability allows a malicious actor to load any desired files...

CVE-2021-22151

It was discovered that Kibana was not validating a user supplied path, which would load .pbf files. Because of this, a malicious user could arbitrarily traverse the Kibana host to load internal files ending in the .pbf extension...

Design/Logic Flaw

It was discovered that Kibana was not validating a user supplied path, which would load .pbf files. Because of this, a malicious user could arbitrarily traverse the Kibana host to load internal files ending in the .pbf extension...

PT-2023-12041 · Elastic · Kibana

Name of the Vulnerable Software and Affected Versions: Kibana affected versions not specified Description: A security issue was found in Kibana where it failed to validate a user-supplied path, allowing the loading of .pbf files. This could enable a malicious user to traverse the Kibana host and...