The vulnerability of the application development environment for ISaGRAF Workbench programmable logic controllers arises from incorrect restrictions on the path name to the restricted access directory. This allows attackers to escalate their privileges.

The vulnerability in the development environment for ISaGRAF Workbench programmable logic controllers is related to an incorrect limitation on the path name to the restricted access directory. Exploiting this vulnerability can allow attackers to enhance their privileges using a specially created...

The vulnerability of the Jenkins Deployer Framework Plugin involves incorrect path name restrictions for restricted directories, allowing attackers to load arbitrary files.

The vulnerability of the Jenkins Deployer Framework Plugin is related to an incorrect limitation on the path to the restricted directory. Exploiting this vulnerability allows a malicious actor to download arbitrary files remotely...

The vulnerability of the Jenkins CLIF Performance Testing Plugin lies in the incorrect path limitation for the restricted access directory, allowing attackers to create or replace any files in the file system.

The vulnerability of the Jenkins CLIF Performance Testing Plugin is related to an incorrect restriction on the path to the restricted directory. Exploiting this vulnerability allows a malicious actor to create or replace any files in the file system remotely...

The vulnerability of the Illumina Local Run Manager software exists due to an incorrect limitation on the path to the restricted access directory. This allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the Illumina Local Run Manager software exists due to an incorrect limitation on the path to the restricted access directory. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility of the protected information...

CVE-2022-36889

Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the application path of the applications when configuring a deployment, allowing attackers with Item/Configure permission to upload arbitrary files from the Jenkins controller file system to the selected service...

PT-2022-4017 · Jenkins · Jenkins Deployer Framework Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Deployer Framework Plugin versions 85.v1d1888e8c021 and earlier Description: The issue is related to the incorrect restriction of the application path when configuring a deployment, allowing attackers with Item/Configure permission to...

The vulnerability in the ASoft CRM system for managing customer relationships exists due to an incorrect limitation on the path name to the restricted catalog. This allows a malicious actor to read any file they desire.

The vulnerability of the ASoft CRM system for managing customer relationships exists due to an incorrect limitation on the path name to the restricted catalog. Exploiting this vulnerability allows a malicious actor to read arbitrary files...

The vulnerability of the OpenSSL library in the TYCHON network endpoint management tool allows a hacker to execute arbitrary code with SYSTEM privileges.

The vulnerability of the OpenSSL library used by the TYCHON network endpoint management tool is related to an incorrect restriction on the path name to the restricted access directory. Exploiting this vulnerability allows a attacker to execute arbitrary code with SYSTEM privileges using a special...

The software for configuring, testing, and deploying Schneider Electric EcoStruxure Power Commission is vulnerable due to incorrect restrictions on the path to the restricted access catalog. This allows attackers to create or overwrite critical files and execute arbitrary code.

The vulnerability of the software used for configuring, testing, and deploying Schneider Electric EcoStruxure Power Commission involves incorrect restrictions on the path name to the restricted access catalog. Exploiting this vulnerability could allow a malicious actor to create or re-record...

The software for configuring, testing, and deploying Schneider Electric EcoStruxure Power Commission is vulnerable due to incorrect restrictions on the path to the restricted access catalog. This allows attackers to create or overwrite critical files and execute arbitrary code.

The vulnerability of the software used for configuring, testing, and deploying Schneider Electric EcoStruxure Power Commission involves incorrect restrictions on the path name to the restricted access catalog. Exploiting this vulnerability could allow a malicious actor to create or re-record...

The vulnerability in the web interfaces of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME), as well as Cisco Unified Communications Manager IM & Presence Service, the integrated messaging system Cisco Unity Connection, allows a attacker to perform XSS attacks.

The vulnerability in the web interfaces of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition SME, as well as Cisco Unified Communications Manager IM & Presence Service, and the integrated messaging system Cisco Unity Connection, exists due to...

The vulnerability of the HTTP File Server (+WebDAV) file server for operating systems based on Android allows a hacker to gain access to read, modify, or delete files.

The vulnerability of the HTTP File Server +WebDAV file server for Android operating systems is related to incorrect path name restrictions for restricted access directories. Exploiting this vulnerability can allow an attacker to gain read, modify, or delete file access rights...

The vulnerability of HID Mercury programmable logic controllers’ microprogramming software lies in the improper limitation of the path name to the restricted access directory. This allows a malicious actor to load any file into any directory of the file system.

The vulnerability of HID Mercury programmable logic controllers’ microprogramming software is related to an incorrect limitation on the path name to the restricted access directory. Exploiting this vulnerability allows a malicious actor to download any file into any directory of the file system b...

The vulnerability of the ffmpeg software for video surveillance management systems, ZoneMinder, exists due to an incorrect path name limitation for the restricted access directory. This allows attackers to execute arbitrary code.

The vulnerability of the ffmpeg software used by ZoneMinder involves incorrect restrictions on the path to the restricted directory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code on the host with the software running...

The vulnerability of the Citrix XenMobile Server, a system for managing corporate mobile devices, arises due to an incorrect restriction on the path to the restricted access catalog. This allows a malicious user to execute arbitrary code.

The vulnerability of the Citrix XenMobile Server, a system for managing corporate mobile devices, exists due to an incorrect restriction on the path name to the restricted directory. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

The vulnerability of the UnRAR decompression tool lies in the incorrect limitation of the path name for the restricted access directory, allowing a hacker to re-record any files.

The vulnerability of the UnRAR decompression tool is related to incorrect restrictions on the path name of the restricted directory. Exploiting this vulnerability allows a malicious actor to re-record arbitrary files using a specially created archive...

UberFire Framework Improperly Restricts Paths

The UberFire Framework 0.3.x does not properly restrict paths, which allows remote attackers to 1 execute arbitrary code by uploading crafted content to FileUploadServlet or 2 read arbitrary files via vectors involving FileDownloadServlet...

GHSA-6H58-C7R7-G2HW UberFire Framework Improperly Restricts Paths

The UberFire Framework 0.3.x does not properly restrict paths, which allows remote attackers to 1 execute arbitrary code by uploading crafted content to FileUploadServlet or 2 read arbitrary files via vectors involving FileDownloadServlet...

GHSA-5P59-V5WM-77V4 Improper Limitation of a Pathname to a Restricted Directory in Jenkins

Jenkins before 2.107 and Jenkins LTS before 2.89.4 did not properly prevent specifying relative paths that escape a base directory for URLs accessing plugin resource files. This allowed users with Overall/Read permission to download files from the Jenkins master they should not have access to. On...

Denial of Service in http-swagger

Impact Allows an attacker to perform a DOS attack consisting of memory exhaustion on the host system. Patches Yes. Please upgrade to v1.2.6. Workarounds A workaround is to restrict the path prefix to the "GET" method. As shown below func main r := mux.NewRouter...