The vulnerability of the C-Bus Toolkit software exists due to an incorrect limitation on the path name to the restricted access directory, allowing a perpetrator to execute arbitrary code.

The vulnerability of the C-Bus Toolkit software exists due to an incorrect limitation on the path name to the restricted access directory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code during the file loading process...

The vulnerability of the web interface of Cisco Small Business RV340, RV340W, RV345, and RV345P router software allows a hacker to cause service interruptions.

The vulnerability of the web interface of Cisco Small Business RV340, RV340W, RV345, and RV345P microprogrammed software routers lies in the absence of restrictions on file loading. Exploiting this vulnerability can allow a malicious actor to cause service failures by loading arbitrary files onto...

The vulnerability of the File Manager web interface for system administration on UNIX-like operating systems, such as Webmin, allows a perpetrator to escalate their privileges or execute arbitrary code.

The vulnerability of the File Manager web interface for system administration in UNIX-like operating systems, such as Webmin, is related to deficiencies in the authentication mechanism. Exploiting this vulnerability allows an attacker to increase their privileges or execute arbitrary code by...

iRZ Mobile Router - CSRF to Remote Code Execution Exploit

Exploit Title: iRZ Mobile Router - CSRF to RCE Google Dork: intitle:"iRZ Mobile Router" Exploit Author: Stephen Chavez & Robert Willis Vendor Homepage: https://en.irz.ru/ Software Link: https://github.com/SakuraSamuraii/ez-iRZ Version: Routers through 2022-03-16 Tested on: RU21, RU21w, RL21, RU41...

The vulnerability of the SAP Business One resource management system lies in the lack of restrictions on file loading, allowing a perpetrator to load and execute any desired file.

The vulnerability of the SAP Business One resource management system lies in the lack of restrictions on file loading. Exploiting this vulnerability allows a malicious actor to load and execute any desired file remotely...

The vulnerability of the PHP framework Laravel, related to the unlimited loading of dangerous types of files, allows attackers to execute arbitrary code.

The vulnerability of the PHP framework Laravel is related to the unlimited loading of dangerous files. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

CVE-2021-37938

It was discovered that on Windows operating systems specifically, Kibana was not validating a user supplied path, which would load .pbf files. Because of this, a malicious user could arbitrarily traverse the Kibana host to load internal files ending in the .pbf extension. Thanks to Dominic Coutur...

CVE-2021-37938

It was discovered that on Windows operating systems specifically, Kibana was not validating a user supplied path, which would load .pbf files. Because of this, a malicious user could arbitrarily traverse the Kibana host to load internal files ending in the .pbf extension. Thanks to Dominic Coutur...

Open Design Alliance Drawings SDK 缓冲区错误漏洞

Open Design Alliance Drawings SDK is a software development kit for drawing design applications from Open Design Alliance, Inc. The development package provides access to data in .dwg and .dgn through a convenient, object-oriented API that provides a C API, support for repair files, support for t...

Kibana 7.15.2 Security Update

Kibana Path Traversal issue ESA-2021-26 It was discovered that on Windows operating systems specifically, Kibana was not validating a user supplied path, which would load .pbf files. Because of this, a malicious user could arbitrarily traverse the Kibana host to load internal files ending in the...

Directory traversal

Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary locale .dat files containing serialized Python objects via directory traversal, leading to code execution...

The vulnerability of Honeywell’s industrial portable computer operating system lies in the lack of restrictions on file loading, allowing a hacker to execute any code on the server.

The vulnerability of Honeywell’s industrial portable computer operating system lies in the lack of restrictions on file loading. Exploiting this vulnerability allows a remote attacker to execute arbitrary code on the server...

PT-2021-15141 · Google · Slo Generator

Name of the Vulnerable Software and Affected Versions: SLO Generator versions prior to the version including https://github.com/google/slo-generator/pull/173 Description: The SLO generator has an issue where it allows for the loading of YAML files. If these files are crafted in a specific format,...

The vulnerability lies in the implementation of the /woocommerce-stock-manager/trunk/admin/views/import-export.php function, which handles import/export operations for the WooCommerce Stock Manager plugin. This plugin is a content management system for WordPress websites. An attacker can exploit this vulnerability to perform a CSRF attack.

The vulnerability in the implementation of the /woocommerce-stock-manager/trunk/admin/views/import-export.php function, which handles plugin imports/exports for the WooCommerce Stock Manager content management system for WordPress, relates to unlimited loading of dangerous files. Exploiting this...

CVE-2021-25452

An improper input validation vulnerability in loading graph file in DSP driver prior to SMR Sep-2021 Release 1 allows attackers to perform permanent denial of service on the device...

Samsung SMR 输入验证错误漏洞

Samsung SMR is a system patch package from Samsung South Korea. The patch program is provided for Samsung mobile applications. Samsung SMR suffers from an Input Validation Error vulnerability that stems from an Input Validation Error vulnerability in the DSP driver when loading graphic files prio...

python-babel: Relative path traversal allows attacker to load arbitrary locale files and execute arbitrary code

A flaw was found in python-babel. A path traversal vulnerability was found in how locale data files are checked and loaded within python-babel, allowing a local attacker to trick an application that uses python-babel to load a file outside of the intended locale directory. The highest threat from...

Code injection

Contao is an open source CMS that allows you to create websites and scalable web applications. In affected versions it is possible to load PHP files by entering insert tags in the Contao back end. Installations are only affected if they have untrusted back end users who have the rights to modify...

The vulnerability of the Event Banner plugin for the WordPress content management system allows for unlimited loading of dangerous files, enabling attackers to load and execute arbitrary files.

The vulnerability of the Event Banner plugin for the WordPress content management system is related to the unlimited loading of dangerous files. Exploiting this vulnerability allows a malicious actor to download and execute arbitrary files remotely...

The vulnerability of the ColdFusion software platform, related to the unlimited loading of dangerous type files, allows attackers to execute arbitrary code.

The vulnerability of the ColdFusion software platform is related to the unlimited loading of dangerous files. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...