The vulnerability of the Jorani employee leave management software lies in the incorrect restriction on the path to the restricted catalog. This allows a hacker to execute arbitrary code.

The vulnerability of the Jorani application for Windows is related to an incorrect limitation on the path to the restricted access directory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

The vulnerability of the SolarWinds Access Rights Manager software lies in the incorrect restriction of the path name to the restricted directory. This allows a violator to execute arbitrary code.

The vulnerability of the SolarWinds Access Rights Manager software relates to incorrect restrictions on the path to the restricted directory. Exploiting this vulnerability could allow a malicious actor, operating remotely, to execute arbitrary code...

The vulnerability of the SolarWinds Access Rights Manager software lies in the incorrect restriction of the path name to the restricted directory. This allows a violator to execute arbitrary code.

The vulnerability of the SolarWinds Access Rights Manager software relates to incorrect restrictions on the path to the restricted directory. Exploiting this vulnerability could allow a malicious actor, operating remotely, to execute arbitrary code...

The vulnerability of the Suricata intrusion detection and prevention system arises from an improper limitation on the path name to the restricted access catalog. This allows intruders to write arbitrary files into the file system.

The vulnerability of the Suricata intrusion detection and prevention system lies in the incorrect restriction on the path name to the restricted-access catalog. Exploiting this vulnerability allows a malicious actor to write arbitrary files into the file system...

The vulnerability of the web interface of the administration and service portal of Atos Unify OpenScape Common Management Platform allows a perpetrator to bypass security restrictions and execute arbitrary codes.

The vulnerability of the web interface of the Atos Unify OpenScape Common Management Platform’s administration and service portal is related to an incorrect restriction on the path to the catalog. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and execute...

The vulnerability of the OpenRefine software for extracting and cleaning tabular data lies in the incorrect limitation of the path name to the restricted-access catalog, allowing a violator to execute arbitrary code.

The vulnerability of the OpenRefine software for extracting and cleaning tabular data is related to an incorrect restriction on the path to the restricted-access catalog. Exploiting this vulnerability could allow a attacker to execute arbitrary code using a specially created tar file...

The vulnerability of the WS_FTP Server server, related to incorrect path name restrictions for the restricted access directory, allows attackers to circumvent security restrictions, gain unauthorized read, modify, or delete access to data, and execute arbitrary commands.

The vulnerability of the WSFTP Server server is related to incorrect restrictions on the path name to the restricted directory. Exploiting this vulnerability allows an attacker to bypass security restrictions, gain unauthorized read, edit, or delete access to data, and execute arbitrary commands...

The vulnerability of the Watchkit application development framework of the HarmonyOS operating system, which allows a hacker to compromise data confidentiality and integrity.

The vulnerability of the Watchkit framework for application development in the HarmonyOS operating system is related to an incorrect restriction on the path name to the restricted-access directory. Exploiting this vulnerability could allow a malicious actor to compromise data confidentiality and...

CVE-2023-38344

An issue was discovered in Ivanti Endpoint Manager before 2022 SU4. A file disclosure vulnerability exists in the GetFileContents SOAP action exposed via /landesk/managementsuite/core/core.secure/OsdScript.asmx. The application does not sufficiently restrict user-supplied paths, allowing for an...

The vulnerability of the declarative delivery tool for GitOps on Kubernetes Argo CD, related to deficiencies in pathname restrictions for directories, allows attackers to gain unauthorized access to protected information.

The vulnerability of GitOps’ continuous delivery tool for Kubernetes Argo CD is related to shortcomings in pathname restrictions for directories. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to protected information...

ROS-20230911-09

A vulnerability in the XML document merge mechanism XInclude of the vector graphics rendering library librsvg is related to incorrect restriction of path name to restricted directory when processing element xi:include. Exploitation of the vulnerability may allow an intruder to gain unauthorized...

The vulnerability in the Splunk Web interface of the Splunk Enterprise operating analysis platform allows a perpetrator to execute arbitrary code.

The vulnerability in the Splunk Web interface of the Splunk Enterprise operating analysis platform is related to an incorrect restriction on the path to the restricted directory. Exploiting this vulnerability allows a attacker to execute arbitrary code using the runshellscript.py script...

The vulnerability of ScrutisWeb banknote monitoring software arises from an incorrect path limitation for the access to the restricted directory. This allows a hacker to gain direct access to any file outside of the root directory.

The vulnerability of ScrutisWeb banknote monitoring software exists due to an incorrect pathname limitation for the restricted access directory. Exploiting this vulnerability could allow a malicious actor to gain direct access to any file outside of the root directory...

The vulnerability of Moxa TN-4900 and TN-5900 router microprogramming software allows a hacker to create or overwrite critical files and execute arbitrary code.

The vulnerability of Moxa TN-4900 and TN-5900 router microprogramming software lies in the incorrect limitation on the path name to the restricted access catalog. Exploiting this vulnerability allows an attacker to create or overwrite critical files remotely, and execute arbitrary code...

The vulnerability of the VulnDownloader class in the Network Configuration Manager (NCM) software allows a hacker to execute arbitrary code.

The vulnerability of the VulnDownloader class in the Network Configuration Manager NCM software is related to an incorrect restriction on the path to the restricted directory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the SYSTEM context remotely...

The vulnerability in the SCADA web interface of TelWin SCADA allows a hacker to read arbitrary files.

The vulnerability of the SCADA interface of TelWin SCADA is related to an incorrect restriction on the path name to the restricted access catalog. Exploiting this vulnerability allows a malicious actor to read arbitrary files remotely...

The vulnerability of the Ivanti Endpoint Manager Mobile (EPMM) application for managing the lifecycle of mobile devices and mobile applications (formerly known as MobileIron Core) lies in the improper restriction of the path name to the restricted directory. This allows a malicious user to write arbitrary files.

The vulnerability of the Ivanti Endpoint Manager Mobile EPMM application for managing the lifecycle of mobile devices and mobile applications formerly known as MobileIron Core is related to an incorrect restriction on the path name to the restricted directory. Exploiting this vulnerability could...

The vulnerability of the SAP NetWeaver software integration platform lies in the incorrect limitation of the path name to the restricted access catalog, which allows a hacker to re-record arbitrary files.

The vulnerability of the SAP NetWeaver software integration platform is related to incorrect restrictions on the path name to the restricted access catalog. Exploiting this vulnerability allows a malicious actor to re-record arbitrary files remotely...

The vulnerability of the command-line utility for converting HTML files into PDF format, wkhtmltopdf, arises from an incorrect limitation on the path to the restricted directory. This allows a malicious individual to disclose confidential information.

The vulnerability of the command-line utility for converting HTML files into PDF format, wkhtmltopdf, is related to an incorrect limitation on the path to the restricted directory. Exploiting this vulnerability could allow a malicious actor to disclose confidential information remotely...

The vulnerability of the SonicWall Analytics analytical service and the SonicWall Global Management System’s global network gateways, related to incorrect path name restrictions, allows attackers to read arbitrary files.

The vulnerability of the SonicWall Analytics analytical service and the SonicWall Global Management System’s global network gateways is related to an incorrect limitation on the path name to the directory. Exploiting this vulnerability allows a malicious actor to read arbitrary files through the...