The vulnerability of the Mattermost instant messaging application, related to an incorrect restriction on the path to the restricted catalog, allows a intruder to gain unauthorized access to protected information.

The vulnerability of the Mattermost instant messaging application is related to an incorrect restriction on the path name to the restricted directory. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...

The vulnerability of the unZipJarFilestoLocation method in the network management system allows a intruder to gain unauthorized access to file recording and execute arbitrary code. This vulnerability is present in Siemens SINEC NMS systems used for monitoring industrial networks.

The vulnerability of the unZipJarFilestoLocation method in the network management system for monitoring industrial networks of Siemens SINEC NMS is related to an incorrect limitation on the path name to the restricted directory. Exploiting this vulnerability could allow a malicious actor, operati...

The vulnerability of the uploadFWBinary method in the network management system for monitoring industrial networks of Siemens SINEC NMS allows a intruder to gain unauthorized access to file writing and execute arbitrary code.

The vulnerability of the uploadFWBinary method in the network management system for monitoring industrial networks of Siemens SINEC NMS is related to an incorrect restriction on the path name to the restricted directory. Exploiting this vulnerability could allow a malicious actor, operating...

The vulnerability of the Booco business automation platform lies in the improper limitation of the path name to the restricted access catalog. This allows attackers to create or overwrite files in the file system’s directories and execute arbitrary code.

The vulnerability of the Booco business automation platform is related to an incorrect restriction on the path name for restricted access catalogs. Exploiting this vulnerability allows a malicious actor to create or re-record files in file system catalogs and execute arbitrary code...

The vulnerability of the automated system for emulating intruder actions in Caldera, related to an incorrect restriction on the path name to the restricted catalog, allows an intruder to execute arbitrary code.

The vulnerability of the automated system for emulating intruder actions in Caldera is related to an incorrect restriction on the path name to the restricted catalog. Exploiting this vulnerability allows an intruder operating remotely to execute arbitrary code by sending a specially crafted HTTP...

The vulnerability of the setuptools project’s packaging simplification library arises from an incorrect limitation on the path to the restricted-access directory. This allows a malicious actor to compromise the vulnerable system.

The vulnerability of the setuptools project’s packaging simplification library is related to an incorrect restriction on the path name for the restricted access directory. Exploiting this vulnerability could allow a malicious actor to compromise the vulnerable system remotely...

The vulnerability of the NetMRI network monitoring program lies in the improper restriction of the path name to the restricted access directory, allowing attackers to read arbitrary files.

The vulnerability of the NetMRI network monitoring program lies in the improper restriction of the path name to the restricted-access directory. Exploiting this vulnerability allows a malicious actor to read arbitrary files...

The vulnerability of the PHP Snappy library relates to incorrect restrictions on the path to the restricted directory. This allows attackers to gain unauthorized access to local files and directories.

The vulnerability of the PHP Snappy library is related to an incorrect limitation on the path name for the restricted access directory. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to local files and directories on the server when...

The vulnerability of the graphical SFTP and SCP client for the Windows operating system, WinSCP, arises from incorrect path name restrictions for access-controlled directories. This allows attackers to create a special file and control its path on a remote server.

The vulnerability of the graphical SFTP and SCP client programs for the Windows operating system is related to incorrect path name restrictions for access to restricted directories. Exploiting this vulnerability allows an attacker to create a special file and control its path on a remote server...

WordPress plugin SureForms 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

ROS-20250630-01

A vulnerability in the pgAdmin 4 database management tool exists due to an incorrect restriction of the name of the of the path to a restricted directory. Exploitation of the vulnerability could allow an attacker, acting remotely, to execute arbitrary code...

The vulnerability of the Golang programming language lies in the improper limitation of path names to restricted access directories, allowing attackers to gain unauthorized access to protected information.

The vulnerability of the Golang programming language is related to input validation errors when processing directory traversals in file names. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

The vulnerability in the ZendTo web application for transferring files involves an incorrect restriction on the path to the restricted directory. This allows a malicious actor to gain read and write access to data, or cause a service failure.

The vulnerability in the web application for transferring files via ZendTo is related to an incorrect restriction on the path to the restricted directory during the processing of the tmpname parameter. Exploiting this vulnerability can allow an attacker to gain read and modify access to data, or...

The vulnerability of the SSLVPN microprogramming system for network interfaces from SonicWall SMA 100 allows a hacker to bypass security restrictions.

The vulnerability of the SSLVPN microprogramming system for network interfaces from SonicWall SMA 100 relates to an incorrect restriction on the path name to the restricted access directory. Exploiting this vulnerability could allow a malicious actor to bypass security restrictions remotely...

The vulnerability of the Thunderbird email client, related to incorrect restrictions on the path to the restricted catalog, allows attackers to disclose protected information.

The vulnerability of the Thunderbird email client is related to incorrect restrictions on the path to the restricted catalog. Exploiting this vulnerability can allow a malicious actor, operating remotely, to disclose protected information...

The vulnerability of the TarFile.extractall() and TarFile.extract() functions in the tarfile module of the Python programming language interpreter (CPython) allows attackers to write arbitrary files.

The vulnerability of the TarFile.extractall and TarFile.extract functions in the tarfile module of the CPython interpreter is related to an incorrect path name limitation for restricted access directories when processing the filter= parameter with a value of data or tar. Exploiting this...

The vulnerability of the getServerPayload method in the HPE StoreOnce VSA storage virtualized system allows a attacker to disclose protected information.

The vulnerability of the getServerPayload method in the HPE StoreOnce VSA storage virtualized environment is related to an incorrect restriction on the path name to the restricted-access directory. Exploiting this vulnerability could allow a malicious actor to disclose protected information from ...

The vulnerability of the deletePackages method in the HPE StoreOnce VSA virtual storage system allows a attacker to gain access to read and delete any files they desire.

The vulnerability of the deletePackages method in the HPE StoreOnce VSA virtual storage system is related to an incorrect restriction on the path name to the restricted-access directory. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain access to read and...

The vulnerability of Siemens Scalance LPE9403 industrial switches’ microprogramming software lies in the improper limitation of the path name in the restricted access catalog, which allows attackers to restore backup copies within the system.

The vulnerability of Siemens Scalance LPE9403 industrial switches’ microprogramming software is related to incorrect restrictions on the name of the path to the restricted-access catalog. Exploiting this vulnerability could allow an attacker to restore backup copies within the system...

CVE-2022-36889

Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the application path of the applications when configuring a deployment, allowing attackers with Item/Configure permission to upload arbitrary files from the Jenkins controller file system to the selected service...