The vulnerability of the application software interface of the Cisco Identity Services Engine (ISE) platform allows a perpetrator to load files into any location within the operating system of the affected device.

The vulnerability of the application software interface of the Cisco Identity Services Engine ISE management platform is related to incorrect restrictions on the path name to the restricted catalog. Exploiting this vulnerability could allow a malicious actor to load files into any location within...

CVE-2021-37626

Contao is an open source CMS that allows you to create websites and scalable web applications. In affected versions it is possible to load PHP files by entering insert tags in the Contao back end. Installations are only affected if they have untrusted back end users who have the rights to modify...

The vulnerability of the cloud integrated development environment (IDE) Atheos lies in the lack of file loading restrictions, which allows attackers to read, modify, or execute any files on the server.

The vulnerability of the cloud integrated development environment IDE Atheos relates to the absence of file loading restrictions. Exploiting this vulnerability allows a malicious actor to remotely read, modify, or execute any files on the server...

The vulnerability of the getMimeType function in the Voyager PHP framework Laravel allows a hacker to execute arbitrary code.

The vulnerability of the getMimeType function in the Voyager PHP framework Laravel relates to the unlimited loading of files of a dangerous type. Exploiting this vulnerability allows an attacker to execute arbitrary code, provided that the user opens a specially crafted file...

The vulnerability of SAP NetWeaver AS Java software integration platforms lies in the unlimited loading of dangerous files, which allows attackers to execute cross-site scripting attacks.

The vulnerability of SAP NetWeaver AS Java software integration platforms is related to the unlimited loading of dangerous files. Exploiting this vulnerability allows a remote attacker to perform cross-site scripting attacks...

Buffer Over-read

Overview Affected versions of this package are vulnerable to Buffer Over-read through the loading of a specially crafted file. Remediation Upgrade Microsoft.NETCore.App.Runtime.linux-musl-x64 to version 8.0.12, 9.0.1 or higher. References - GitHub Issue - GitHub Issue - Security Advisory...

Buffer Over-read

Overview Affected versions of this package are vulnerable to Buffer Over-read through the loading of a specially crafted file. Remediation Upgrade Microsoft.NETCore.App.Runtime.linux-arm to version 8.0.12, 9.0.1 or higher. References - GitHub Issue - GitHub Issue - Security Advisory...

Buffer Over-read

Overview Affected versions of this package are vulnerable to Buffer Over-read through the loading of a specially crafted file. Remediation Upgrade Microsoft.NETCore.App.Runtime.osx-arm64 to version 8.0.12, 9.0.1 or higher. References - GitHub Issue - GitHub Issue - Security Advisory...

Buffer Over-read

Overview Affected versions of this package are vulnerable to Buffer Over-read through the loading of a specially crafted file. Remediation Upgrade Microsoft.NETCore.App.Runtime.win-x64 to version 8.0.12, 9.0.1 or higher. References - GitHub Issue - GitHub Issue - Security Advisory...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow through the loading of a specially crafted file. Remediation Upgrade Microsoft.NETCore.App.Runtime.win-x64 to version 8.0.12, 9.0.1 or higher. References - GitHub Issue...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow through the loading of a specially crafted file. Remediation Upgrade Microsoft.NETCore.App.Runtime.linux-arm64 to version 8.0.12, 9.0.1 or higher. References - GitHub Issue...

The vulnerability of software for monitoring, managing, and configuring VigorAP access points and VigorSwitches in the DrayTek VigorConnect local network lies in the inter-site requests that are forged. This allows a perpetrator to carry out a CSRF attack.

The vulnerability of software for monitoring, managing, and configuring VigorAP access points and VigorSwitches in the DrayTek VigorConnect local network is related to the unlimited loading of dangerous files. Exploiting this vulnerability can allow a remote attacker to…...

CVE-2022-48063

...

The vulnerability of the command-line interface (CLI) of the Instant AOS-8 and AOS-10 operating systems, which allows a hacker to execute arbitrary commands

The vulnerability of the command-line interface CLI of the Instant AOS-8 and AOS-10 operating systems is related to the lack of restrictions on the loading of files. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of microprogramming software in embedded network control devices of ASPECT Enterprise, NEXUS Series, and MATRIX Series allows for unlimited loading of malicious files, enabling attackers to introduce harmful code into the system.

The vulnerability of microprogramming software in embedded network control devices of ASPECT Enterprise, NEXUS Series, and MATRIX Series is related to the unlimited loading of malicious files. Exploiting this vulnerability allows a remote attacker to inject malicious code into the system...

The vulnerability of the command-line interface (CLI) of the Instant AOS-8 and AOS-10 operating systems, which allows a hacker to execute arbitrary commands

The vulnerability of the command-line interface CLI of the Instant AOS-8 and AOS-10 operating systems is related to the lack of restrictions on the loading of files. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the python3.dll library, which is an interpreter for the Python programming language, allows attackers to compromise the integrity and accessibility of protected information.

The vulnerability of the python3.dll library, which is responsible for interpreting Python programming language code, is related to the use of an invalid search path during the loading of the vulnerable file after the PySetPath function is called. Exploiting this vulnerability could allow a...

CVE-2024-47187 Suricata datasets: missing hashtable random seed leads to potential DoS

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, missing initialization of the random seed for "thash" leads to datasets having predictable hash table behavior. This can lead to dataset file loading to us...

CVE-2024-47187 Suricata datasets: missing hashtable random seed leads to potential DoS

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, missing initialization of the random seed for "thash" leads to datasets having predictable hash table behavior. This can lead to dataset file loading to us...

The vulnerability of the SAP Business Objects Business Intelligence Platform lies in its ability to download files of a dangerous type without limitation, allowing an attacker to execute arbitrary code.

The vulnerability of the SAP Business Objects Business Intelligence Platform relates to the unlimited loading of dangerous files. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...