The vulnerability of the ColdFusion software platform arises from incorrect restrictions on the path to the restricted access catalog. This allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the ColdFusion software platform exists due to an incorrect limitation on the path name to the restricted access catalog. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility of the protected information...

The vulnerability of the goiscsi and gobrick libraries of the Dell Container Storage Module allows a perpetrator to execute arbitrary commands.

The vulnerability of the goiscsi and gobrick libraries in the Dell Container Storage Module system exists due to an incorrect limitation on the path name to the restricted access catalog. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...

The vulnerability in the setup.php script of the software installer for managing medical organizations like OpenEMR allows a malicious individual to gain unauthorized access to protected information.

The vulnerability in the setup.php script of the software for managing medical organizations like OpenEMR relates to an incorrect restriction on the path to the restricted catalog. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...

SUSE CVE-2019-3696

A Improper Limitation of a Pathname to a Restricted Directory vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise...

The vulnerability of the Grafana data visualization web tool lies in the incorrect limitation of the path name to the restricted directory, allowing attackers to read arbitrary files.

The vulnerability of the Grafana data processing web tool is related to an incorrect restriction on the path name to the restricted directory. Exploiting this vulnerability allows a malicious actor to read arbitrary files using a specially created HTTP request...

The vulnerability of the CachingResourceDownloadRewriteRule implementation in the Jira bug tracking system allows a hacker to access files in the root directory.

The vulnerability of the CachingResourceDownloadRewriteRule implementation in the Jira bug tracking system is related to an incorrect limitation on the path to the restricted access directory. Exploiting this vulnerability could allow a malicious actor to gain access to files in the root director...

CVE-2023-24449

CVE-2023-24449 refers to the PWauth Security Realm Plugin for Jenkins (version 0.4 and earlier). The issue is a path traversal-like flaw where file-name restrictions are not applied in form-validation code, enabling attackers with Overall/Read permission to check for the existence of an attacker-...

The vulnerability in the web interface of the software for managing SINEC INS network infrastructure allows a perpetrator to execute arbitrary code.

The vulnerability in the web interface for managing software for managing network infrastructure SINEC INS exists due to an incorrect restriction on the path name to the restricted access catalog. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by loading arbitrar...

PT-2023-1098 · Zoom · Zoom

Name of the Vulnerable Software and Affected Versions: Zoom for Android versions prior to 5.13.0 Description: The issue is related to incorrect restriction of the path name to a directory with limited access, allowing a third-party app to exploit this and read and write to the Zoom application da...

The vulnerability of the FortiSandbox threat detection and mitigation system lies in its improper restriction on the path to the restricted access catalog. This allows a violator to gain unauthorized access to protected information.

The vulnerability of the FortiSandbox threat detection and mitigation system is related to an incorrect restriction on the path name to the restricted catalog. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

The vulnerability of Huawei FusionCube’s supervisor, related to incorrect restrictions on the path name to the restricted access catalog, allows a intruder to disclose protected information.

The vulnerability of Huawei FusionCube relates to an incorrect limitation on the path name to the restricted access catalog. Exploiting this vulnerability can allow a malicious actor, operating remotely, to disclose protected information through a specially crafted HTTP request...

The vulnerability of the Huawei PCManager file transfer application lies in the incorrect limitation of the path name for the restricted access directory. This allows a perpetrator to move files along a specified path.

The vulnerability of the Huawei PCManager file transfer application lies in improper restrictions on the path to the restricted directory. Exploiting this vulnerability allows a malicious actor to transfer files through a specified path...

Alist 路径遍历漏洞

Alist is a file listing program with multi-storage support from the individual developer Xhofe in China. A security vulnerability exists in Alist version v3.4.0, which can be exploited by attackers to bypass the base path restriction...

CVE-2022-46255

An improper limitation of a pathname to a restricted directory vulnerability was identified in GitHub Enterprise Server that enabled remote code execution. A check was added within Pages to ensure the working directory is clean before unpacking new content to prevent an arbitrary file overwrite...

The vulnerability of the command-line interface (CLI) of Fortinet FortiAP-U micro-programming system allows a malicious actor to gain unauthorized access to read, modify, and delete files, as well as execute arbitrary commands.

The vulnerability of the command-line interface CLI of Fortinet FortiAP-U micro-programming system lies in incorrect restrictions on the path name to the restricted directory. Exploiting this vulnerability can allow an attacker to gain unauthorized access to read, modify, and delete files, as wel...

The vulnerability of the local disk management function of the Cisco Identity Services Engine (ISE) allows a attacker to load files into arbitrary locations within the system.

The vulnerability of the local disk management function of the Cisco Identity Services Engine ISE is related to an incorrect limitation on the path name to the restricted access directory. Exploiting this vulnerability could allow a malicious actor to upload files to arbitrary locations in the...

PT-2022-6015

Name of the Vulnerable Software and Affected Versions Cisco SD-WAN Software affected versions not specified Cisco SD-WAN vBond Orchestrator Cisco SD-WAN vEdge Cloud Routers Cisco SD-WAN vEdge Routers Cisco SD-WAN vSmart Controller Cisco SD-WAN vManage Description A flaw exists in the Command Line...

Security Bulletin: Lack of path restriction may allow access to sensitive data stored on Information Server Engine (CVE-2012-4818)

Abstract Security Bulletin: Lack of path restriction may allow access to sensitive data stored on Information Server Engine CVE-2012-4818 Content VULNERABILITY DETAILS: CVE ID: CVE-2012-4818 DESCRIPTION: Whenever an Information Server client application such as InfoSphere DataStage and QualitySta...

The vulnerability in the web interface of the commutable managed distribution power supply PDU (iBoot-PDU), which allows a attacker to write a file to the root web directory.

The vulnerability in the web interface of the commutable managed distribution power unit PDU iBoot-PDU is related to an incorrect limitation on the path name to the restricted access catalog. Exploiting this vulnerability could allow a malicious actor to write a file to the root web catalog...

The vulnerability of the Passwork password manager, related to incorrect restrictions on the path to the restricted catalog, allows a violator to upload any files into the system.

The vulnerability of the Passwork password manager is related to incorrect restrictions on the path to the restricted catalog. Exploiting this vulnerability allows a malicious actor to upload arbitrary files into the system remotely...