CVE-2023-3330

Improper Limitation of a Pathname to a Restricted Directory vulnerability in NEC Corporation Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a...

The vulnerability of the C-Bus Toolkit software exists due to an incorrect limitation on the path name to the restricted access directory, allowing a perpetrator to execute arbitrary code.

The vulnerability of the C-Bus Toolkit software exists due to an incorrect limitation on the path name to the restricted access directory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

PT-2023-3650 · Unknown · Spidercontrol Scada Web Server

Name of the Vulnerable Software and Affected Versions: SpiderControl SCADA Webserver versions 2.08 and prior Description: The issue exists due to incorrect restriction of the path name to a directory with limited access. Exploitation of this issue may allow a remote attacker to cause a...

The vulnerability of the dialog/select_media.php implementation in the DedeCMS content management system allows attackers to read arbitrary files.

The vulnerability of the dialog/selectmedia.php implementation in the DedeCMS content management system is related to an incorrect restriction on the path to the restricted catalog. Exploiting this vulnerability could allow a malicious actor to read arbitrary files...

The vulnerability of the uploadMib function in the D-View 8 network device management platform allows a hacker to delete any files they desire.

The vulnerability of the uploadMib function in the D-View 8 network device management platform is related to an incorrect limitation on the path name to the restricted access catalog. Exploiting this vulnerability could allow a malicious actor to delete any files they desire...

The vulnerability of the uploadFile function in the D-View 8 network device management platform allows a hacker to create arbitrary files.

The vulnerability of the uploadFile function in the D-View 8 network device management platform is related to an incorrect restriction on the path name to the restricted directory. Exploiting this vulnerability could allow a malicious actor to create arbitrary files remotely...

The vulnerability of the TftpReceiveFileHandler component in the D-View 8 network device management platform allows a hacker to execute arbitrary code within the kernel context.

The vulnerability of the TftpReceiveFileHandler component in the D-View 8 network device management platform is related to an incorrect limitation on the path to the restricted access directory. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code within the kerne...

The vulnerability of the Git-based software platform for collaborative code development on GitLab arises from an incorrect limitation on the path name for the restricted access directory. This allows a malicious actor to gain unauthorized access to protected information.

The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to an incorrect restriction on the path name of the restricted directory. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to...

The vulnerability of the C-Bus Toolkit software exists due to an incorrect limitation on the path name to the restricted access directory. This allows a perpetrator to execute arbitrary code.

The vulnerability of the C-Bus Toolkit software exists due to an incorrect limitation on the path name to the restricted access directory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the WEB_DisplayPage() function in D-Link’s wireless access points DAP-2020 and DAP-1360 allows a intruder to gain unauthorized access to protected information.

The vulnerability of the WEBDisplayPage function in D-Link’s wireless access points DAP-2020 and DAP-1360 is related to an incorrect limitation on the path name to the restricted catalog. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected...

The vulnerability of the getLocalePrefix function in ResourceManager.java of the Eclipse Mojarra library, as a implementation of EE4J Eclipse for the Jakarta Faces specification, allows an attacker to gain unauthorized access to protected information.

The vulnerability of the getLocalePrefix function in the ResourceManager.java file of the Eclipse Mojarra library, as a implementation of EE4J Eclipse for the Jakarta Faces specification, is related to an incorrect restriction on the path name to the restricted directory. Exploiting this...

CVE-2023-32985

The CVE-2023-32985 issue affects the Jenkins Sidebar Link Plugin (version 2.2.1 and earlier). It allows path traversal by not properly restricting the path of files during a form-validation operation, enabling attackers with Overall/Read permission to check whether an attacker-specified file path...

PT-2023-7454 · Aruba · Aruba Edgeconnect Enterprise

Name of the Vulnerable Software and Affected Versions: Aruba EdgeConnect Enterprise affected versions not specified Description: The issue is related to vulnerabilities in the command line interface of the Aruba EdgeConnect Enterprise platform. These vulnerabilities allow remote authenticated use...

Directory traversal

PyMdown Extensions is a set of extensions for the Python-Markdown markdown project. In affected versions an arbitrary file read is possible when using include file syntax. By using the syntax --8--"/etc/passwd" or --8--"/proc/self/environ" the content of these files will be rendered in the...

CVE-2023-31476

An issue was discovered on GL.iNet devices running firmware before 3.216. There is an arbitrary file write in which an empty file can be created almost anywhere on the filesystem, as long as the filename and path is no more than 6 characters the working directory is /www...

The vulnerability of Hitachi Vantara Pentaho Business Analytics Server’s server lies in the incorrect restriction on the path to the restricted-access catalog, which allows attackers to gain unauthorized access to protected information.

The vulnerability of Hitachi Vantara Pentaho Business Analytics Server relates to an incorrect restriction on the path name to the restricted access catalog. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

The vulnerability of the command-line interface of ArubaOS systems allows a hacker to delete any files they desire.

The vulnerability of the command-line interface of ArubaOS systems is related to incorrect restrictions on the path name to the restricted-access directory. Exploiting this vulnerability could allow a remote attacker to delete any files they desire...

The vulnerability of the ZoneMinder video surveillance software lies in the improper restriction of the path name to the restricted access catalog, allowing a intruder to execute arbitrary code.

The vulnerability of the ZoneMinder video surveillance software relates to incorrect restrictions on the path name to the restricted access catalog. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending a specially created file to the server...

The vulnerability of the SAPRSBRO component in SAP NetWeaver AS ABAP and SAP NetWeaver ABAP software integration platforms allows attackers to re-record arbitrary files.

The vulnerability of the SAPRSBRO component in SAP NetWeaver AS ABAP and SAP NetWeaver ABAP software integration platforms is related to an incorrect restriction on the path name to the restricted access catalog. Exploiting this vulnerability could allow a malicious actor to re-record arbitrary...

The vulnerability of the FortiOS operating systems arises from incorrect restrictions on path names to restricted directories, allowing attackers to read and write arbitrary files.

The vulnerability of the FortiOS operating systems is related to incorrect restrictions on path names to restricted directories. Exploiting this vulnerability allows an attacker to read and write arbitrary files by executing commands in the command line interface...