The vulnerability in the Avalanche mobile device management web component allows a hacker to execute arbitrary commands with SYSTEM privileges.

The vulnerability of the Avalanche mobile device management web component is related to an incorrect restriction on the path name to the restricted catalog. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands with SYSTEM privileges remotely...

The vulnerability in the Avalanche mobile device management web component allows a hacker to execute arbitrary commands with SYSTEM privileges.

The vulnerability of the Avalanche mobile device management web component is related to an incorrect restriction on the path name to the restricted catalog. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands with SYSTEM privileges remotely...

The vulnerability of the Avalanche device management system, related to incorrect restrictions on the path name to the restricted access catalog, allows a perpetrator to execute arbitrary commands with SYSTEM privileges.

The vulnerability of the Avalanche device management system is related to incorrect restrictions on the path name to the restricted access catalog. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands with SYSTEM privileges remotely...

The vulnerability in the Avalanche mobile device management web component allows a hacker to delete any files they desire.

The vulnerability of the Avalanche mobile device management web component is related to incorrect restrictions on the path name to the restricted catalog. Exploiting this vulnerability could allow a malicious actor to delete any files they desire...

The vulnerability in the Avalanche mobile device management web component allows a hacker to execute arbitrary commands with SYSTEM privileges.

The vulnerability of the Avalanche mobile device management web component is related to an incorrect restriction on the path name to the restricted catalog. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands with SYSTEM privileges remotely...

The vulnerability of the Jenkins Git Log command’s plugin involves an incorrect restriction on the path name for the restricted directory. This allows a malicious user to read the content from any arbitrary file.

The vulnerability of the Jenkins Git Log Command plugin is related to the operation of the command syntax analyzer function. This function replaces the symbol “@”, which is followed by a path to a file in the argument containing the file’s content. Exploiting this vulnerability allows an attacker...

PT-2024-3202 · Microsoft · Defender For Iot

Name of the Vulnerable Software and Affected Versions: Microsoft Defender for IoT affected versions not specified Description: The issue is related to incorrect restriction of a directory path with limited access. Exploitation of this issue may allow a remote attacker to execute arbitrary code...

The vulnerability of the Pulsar Functions Worker module on the cloud platform for distributed messaging and Apache Pulsar streaming involves allowing a hacker to execute arbitrary code.

The vulnerability of the Pulsar Functions Worker module on the cloud platform for distributed messaging and Apache Pulsar streaming involves an incorrect restriction on the path name to the restricted directory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code...

The issue with the Apache Ivy package manager, related to an incorrect restriction on the path to the restricted directory, allows a violator to write arbitrary files into the file system.

The vulnerability of the Apache Ivy package manager is related to an incorrect restriction on the path to the restricted catalog. Exploiting this vulnerability could allow a malicious actor to write arbitrary files into the file system...

The possibility of the Apache Ivy package manager, due to incorrect restrictions on the path name to the restricted directory, allowing unauthorized users to gain unauthorized access to the file system.

The vulnerability of the Apache Ivy package manager is related to an incorrect restriction on the path name to the restricted directory. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to the file system...

The vulnerability of the microprogramming software for UniLogic Studio series UniStream-controlled programmable logic controllers arises from incorrect restrictions on the path name to the restricted-access directory. This allows attackers to execute arbitrary code.

The vulnerability of the microprogramming software for UniLogic Studio programmable logic controllers of the UniStream series is related to an incorrect restriction on the path name of the restricted access directory. Exploiting this vulnerability could allow a malicious actor to execute arbitrar...

The vulnerability of the `testngXmlExistsInJar` function (testng-core/src/main/java/org/testng/JarFileUtils.java) in the TestNG testing framework allows a attacker to execute arbitrary code.

The vulnerability of the testngXmlExistsInJar function testng-core/src/main/java/org/testng/JarFileUtils.java in the TestNG testing framework is related to an incorrect path limitation for the restricted access directory. Exploiting this vulnerability could allow a malicious actor, operating...

The vulnerability of TP-Link JetStream TL-SG2210P microprogramming software lies in the incorrect limitation of the path name to the restricted access directory, allowing attackers to escalate their privileges.

The vulnerability of TP-Link JetStream TL-SG2210P switch’s microprogramming software is related to an incorrect restriction on the path name of the restricted access directory. Exploiting this vulnerability can allow a remote attacker to increase their privileges...

Cisco 9900 Series Phone Arbitrary File Download (CVE-2013-3426)

The Serviceability servlet on Cisco 9900 IP phones does not properly restrict paths, which allows remote attackers to read arbitrary files by specifying a pathname in a file request, aka Bug ID CSCuh52810. This plugin only works with Tenable.ot. Please visit...

CVE-2024-1303

Incorrectly limiting the path to a restricted directory vulnerability in Badger Meter Monitool that affects versions up to 4.6.3 and earlier. This vulnerability allows an authenticated attacker to retrieve any file from the device using the download-file functionality...

Design/Logic Flaw

Incorrectly limiting the path to a restricted directory vulnerability in Badger Meter Monitool that affects versions up to 4.6.3 and earlier. This vulnerability allows an authenticated attacker to retrieve any file from the device using the download-file functionality...

The vulnerability of the codeplex-codehaus framework built with Apache Maven allows a hacker to gain unauthorized access to arbitrary files and directories.

The vulnerability of the codeplex-codehaus framework built with Apache Maven is related to an incorrect restriction on the path name for the restricted access directory. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to arbitrary files...

The vulnerability of the Zoho ManageEngine ADManager Plus software for managing Active Directory services arises from incorrect restrictions on the path to the restricted access directory. This allows attackers to gain unauthorized access to confidential information.

The vulnerability of the Zoho ManageEngine ADManager Plus software for managing Active Directory services is related to an incorrect limitation on the path to the restricted access directory. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to confidential...

The vulnerability of the backup/restore function of the video surveillance software Agent DVR allows a intruder to execute arbitrary code and upload arbitrary files.

The vulnerability of the Backup/Restore function of the video surveillance software for DVR systems is related to incorrect restrictions on the path to the restricted-access directory. Exploiting this vulnerability could allow an attacker to execute arbitrary commands and upload arbitrary files...

The vulnerability of the args4j plugin for Jenkins’ Git server allows a hacker to read the first two lines of arbitrary files.

The vulnerability of the args4j library plugin for Jenkins’ Git server plugin is related to an incorrect restriction on the path name of the restricted directory. Exploiting this vulnerability could allow a malicious actor to read the first two lines of arbitrary files...