The vulnerability of the Import Certificate function in the Nginx UI server’s user interface allows a perpetrator to gain access to read, modify, and delete data, as well as execute arbitrary code.

The vulnerability of the Import Certificate function in the Nginx UI server’s user interface is related to incorrect restrictions on the path names for sslcertificatepath, sslcertificatekeypath, sslcertificate, and sslcertificatekey, which have limited access. Exploiting this vulnerability could...

The vulnerability of the Git-based software platform for collaborative code development on GitLab arises from an incorrect limitation on the path name for the restricted access directory. This allows a malicious user to write files to arbitrary locations on the server when creating a working area.

The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to an incorrect restriction on the path name of the restricted directory. Exploiting this vulnerability allows a malicious actor to perform file writing operations at arbitrary locations o...

PT-2024-1417 · Agent Dvr · Agent Dvr

Name of the Vulnerable Software and Affected Versions: Agent DVR version 5.1.6.0 Description: The issue is related to the Backup/Restore function in Agent DVR software, which is used for video surveillance. It involves incorrect restriction of the path name to a directory with limited access...

PT-2024-1286

Name of the Vulnerable Software and Affected Versions GitLab versions 16.0 through 16.5.7 GitLab versions 16.6 through 16.6.5 GitLab versions 16.7 through 16.7.3 GitLab versions 16.8 through 16.8.0 Description The issue is related to an incorrect restriction of the path name to a directory with...

The vulnerability of the NEXO-OS operating system in the Bosch Nexo cordless nutrunner and Bosch Nexo special cordless nutrunner tools for installation work on production lines allows a perpetrator to load any desired files.

The vulnerability of the NEXO-OS operating system for tools used in production line assembly work, such as the Bosch Nexo cordless nutrunner and the Bosch Nexo special cordless nutrunner, is related to an incorrect limitation on the path name to the restricted access catalog. Exploiting this...

The vulnerability of the OPNsense operating system arises from an incorrect limitation on the path to the restricted access directory. This allows a malicious user to execute arbitrary commands with root privileges.

The vulnerability of the OPNsense operating system exists due to an incorrect limitation on the path name to the restricted access directory. Exploiting this vulnerability allows a malicious actor, operating remotely, to execute arbitrary commands with root privileges using a specially created ZI...

PT-2024-1178 · Nexo-Os · Nexo-Os

Name of the Vulnerable Software and Affected Versions: NEXO-OS affected versions not specified Description: The issue allows a remote attacker to download arbitrary files in all paths of the system under the context of the application OS user “root” via a crafted HTTP request. This is due to...

The vulnerability of the Xreader software for viewing electronic documents lies in the incorrect restriction on the path name to the restricted access catalog, allowing a perpetrator to execute arbitrary code.

The vulnerability of the Xreader software for viewing electronic documents is related to an incorrect restriction on the path name to the restricted access catalog. Exploiting this vulnerability could allow a hacker to execute arbitrary code by having the user open a specially crafted EPUB or CBT...

The vulnerability of the Welcart eCommerce plugin for the WordPress content management system allows a hacker to execute arbitrary code.

The vulnerability of the Welcart eCommerce plugin for the WordPress content management system is related to an incorrect restriction on the path to the restricted access catalog. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

The vulnerability of OMICARD’s marketing mailing system lies in the improper restriction on the name of the path to the restricted catalog. This allows attackers to bypass the authentication process and upload arbitrary files.

The vulnerability of OMICARD’s marketing email system is related to incorrect restrictions on the path name to the restricted catalog during the processing of the FileName parameter. Exploiting this vulnerability allows a malicious actor to bypass authentication procedures and upload arbitrary...

The vulnerability of the APC Easy UPS Online Monitoring Software lies in the incorrect limitation of the path to the restricted directory. This allows a hacker to delete any files they desire.

The vulnerability of the APC Easy UPS Online Monitoring Software relates to incorrect restrictions on the path name to the restricted directory. Exploiting this vulnerability could allow an attacker to delete arbitrary files...

Advisory ROSA-SA-2023-2305

software: suricata 6.0.13 WASP: ROSA-CHROME packageevrstring: suricata-6.0.13-1.src.rpm CVE-ID: CVE-2023-35852 BDU-ID: 2023-06800 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Suricata Intrusion Detection and Prevention System is related to an incorrect restriction of the path name of a...

The vulnerability of the built-in document editing server Collabora Online – the CODE Server (richdocumentscode) – is related to an incorrect limitation on the path to the restricted access catalog. This allows a malicious user to execute arbitrary commands.

The vulnerability of the built-in document editing server Collabora Online – CODE Server richdocumentcode is related to an incorrect limitation on the path to the restricted access catalog. Exploiting this vulnerability could allow a malicious actor to execute arbitrary commands remotely...

The vulnerability of the Trend Micro Mobile Security software for mobile devices lies in its improper path name limitation for the restricted access directory, which allows a hacker to delete any files they want.

The vulnerability of the Trend Micro Mobile Security software relates to an incorrect restriction on the path to the restricted access catalog. Exploiting this vulnerability could allow a malicious actor to delete arbitrary files...

The vulnerability of the Delta Electronics InfraSuite Device Master software for real-time device monitoring lies in improper restrictions on path names in the catalog. This allows attackers to disclose user information, obtain login credentials in plain text, or perform NTLM relay attacks.

The vulnerability of the Delta Electronics InfraSuite Device Master software for real-time device monitoring is related to an incorrect limitation on the path name to the catalog. Exploiting this vulnerability can allow a malicious actor to disclose user information, obtain login credentials in...

The vulnerability of the account_print.cgi component in the microprogramming software for Zyxel USG FLEX and VPN devices allows a hacker to execute arbitrary commands.

The vulnerability of the accountprint.cgi component in the Zyxel USG FLEX and VPN network devices is related to an incorrect limitation on the path name to the tmp directory. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

PT-2023-7439 · Delta Electronics · Infrasuite Device Master

Name of the Vulnerable Software and Affected Versions: Delta Electronics InfraSuite Device Master version 1.0.7 Description: A vulnerability exists in Delta Electronics InfraSuite Device Master that allows an unauthenticated attacker to disclose user information through a single UDP packet, obtai...

PT-2023-32210 · Tacc · Tacc Epo Extension

Name of the Vulnerable Software and Affected Versions: TACC ePO extension versions prior to 8.4.0 Description: The issue is related to an improper limitation of a path name to a restricted directory, which could allow an authorized administrator attacker to execute arbitrary code by uploading a...

The vulnerability of the /api/upload component of the software platform zdir, which allows a perpetrator to execute arbitrary code.

The vulnerability of the /api/upload component in the zdir application exists due to an incorrect restriction on the path name to the restricted directory. Exploiting this vulnerability could allow a malicious actor, operating remotely, to execute arbitrary code using a specially created .ssh fil...

The vulnerability of the Learning Module component of the ILIAS learning management and support system allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the Learning Module component of the ILIAS learning management and support system exists due to an incorrect restriction on the path name to the restricted access catalog. Exploiting this vulnerability could allow a malicious actor to compromise the confidentiality, integrity...