Lucene search
+L

267 matches found

BDU FSTEC
BDU FSTEC
added 2025/07/11 12:0 a.m.10 views

The vulnerability of the Jenkins continuous integration server’s HTML plugin arises from incorrect path name restrictions for the catalog directory, allowing attackers to gain unauthorized access to protected information.

The vulnerability of the Jenkins automation server plugin is related to an incorrect restriction on the path to the catalog. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...

6.5CVSS5.5AI score0.00413EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/07/09 12:0 a.m.7 views

The vulnerability of the software tool for collecting network performance and Cisco ThousandEyes Endpoint Agent application data on Windows operating systems arises from incorrect path name restrictions for restricted access directories. This allows attackers to delete any files they desire.

The vulnerability of the software tool for collecting network performance data and the Cisco ThousandEyes Endpoint Agent for Windows operating systems is related to an incorrect path limitation in the access control list. Exploiting this vulnerability could allow a malicious individual to delete...

5.3CVSS5.5AI score0.0014EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2025/07/07 10:44 a.m.2 views

Directory Traversal

Overview llama-index-readers-obsidian is a llama-index readers obsidian integration Affected versions of this package are vulnerable to Directory Traversal via the loaddata method in the ObsidianReader class. An attacker can access sensitive system files by exploiting hardlinks to bypass path...

6.9CVSS7.7AI score0.0029EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2025/07/04 12:0 a.m.8 views

The vulnerability of the OAM service of the Nokia Single RAN network management platform allows a hacker to enhance their privileges.

The vulnerability of the OAM service of the Nokia Single RAN network management platform is related to incorrect restrictions on the path name to the catalog, leading to errors in privilege management. Exploiting this vulnerability can allow attackers to enhance their privileges...

6.4CVSS5.5AI score0.00135EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2025/07/02 7:26 p.m.5 views

CVE-2025-34074

An authenticated remote code execution vulnerability exists in Lucee’s administrative interface due to insecure design in the scheduled task functionality. An administrator with access to /lucee/admin/web.cfm can configure a scheduled job to retrieve a remote .cfm file from an attacker-controlled...

9.4CVSS6.7AI score0.01134EPSS
Exploits1References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/06/26 12:0 a.m.9 views

The vulnerability of the software deployment plugin and the GLPI Inventory network is related to incorrect restrictions on the path to the restricted-access catalog, allowing attackers to gain access to protected information.

The vulnerability of the software deployment and GLPI Inventory network component relates to incorrect restrictions on the path name to the restricted access catalog. Exploiting this vulnerability could allow an attacker to gain access to protected information...

8.2CVSS5.5AI score0.00408EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/06/23 12:0 a.m.7 views

The vulnerability of the pam_namespace module of the Linux-PAM authentication module allows a hacker to increase their privileges.

The vulnerability of the pamnamespace module in the Linux-PAM authentication module arises from a race condition caused by an incorrect restriction on the path to the restricted directory. Exploiting this vulnerability can allow an attacker to increase their privileges...

7.8CVSS7.3AI score0.00399EPSS
Exploits0References12Affected Software9
BDU FSTEC
BDU FSTEC
added 2025/06/23 12:0 a.m.9 views

The vulnerability of the SLNX PC Client of the embedded application and document management tool RICOH Streamline NX allows a perpetrator to execute arbitrary code.

The vulnerability of the SLNX PC Client of the embedded application and document management tool RICOH Streamline NX lies in the deletion of files due to incorrect path restrictions for access to restricted directories. Exploiting this vulnerability allows an attacker to execute arbitrary code...

10CVSS8.1AI score0.00776EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/06/20 12:0 a.m.9 views

Vulnerability of Microsoft Office packages and 365 Apps for Enterprise, related to incorrect path name restrictions for restricted access directories, allows attackers to execute arbitrary code.

The vulnerability of Microsoft Office packages and 365 Apps for Enterprise is related to incorrect path name restrictions in the restricted access catalog. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

7.8CVSS5.8AI score0.00648EPSS
Exploits2References2
BDU FSTEC
BDU FSTEC
added 2025/06/17 12:0 a.m.10 views

The vulnerability in the web interface of the risk management platforms IBM OpenPages and IBM OpenPages with Watson allows a perpetrator to write or re-write any files as desired.

The vulnerability of the IBM OpenPages and IBM OpenPages with Watson web interfaces relates to incorrect restrictions on the path name to the restricted catalog. Exploitation of this vulnerability could allow a malicious actor to write to or re-write any files remotely...

5.3CVSS5.5AI score0.00525EPSS
Exploits0References2Affected Software2
BDU FSTEC
BDU FSTEC
added 2025/06/16 12:0 a.m.10 views

The vulnerability of the M-Files Server platform’s interface allows a perpetrator to read arbitrary files.

The vulnerability of the M-Files Server platform’s automation interface is related to incorrect restrictions on the path name to the restricted catalog during the processing of the final point. Exploiting this vulnerability allows a malicious actor to remotely read arbitrary files...

7.7CVSS5.6AI score0.1109EPSS
Exploits1References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/06/16 12:0 a.m.24 views

The vulnerabilities of MobileHMI and IoTWorX Visualizer SCADA systems from GENESIS64 allow a intruder to gain unauthorized access to protected information.

The vulnerability of MobileHMI and IoTWorX Visualizer SCADA systems from GENESIS64 is related to incorrect restrictions on the path name to the restricted-access catalog. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...

7.8CVSS7.2AI score0.01549EPSS
Exploits0References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/06/16 12:0 a.m.8 views

The vulnerability of the “Termide Virtual Desktops Connection Manager” software server arises from incorrect restrictions on the path to the restricted access catalog. This allows attackers to execute attacks by bypassing the specified path.

The vulnerability of the "Termide Virtual Desktops Connection Manager" software server is related to an incorrect limitation on the path to the restricted access catalog. Exploitation of this vulnerability allows a malicious actor to perform attacks by bypassing the specified path...

9CVSS5.5AI score
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/06/15 12:0 a.m.10 views

The vulnerability in the web-based software modeling tool, Visual Composer, of the SAP NetWeaver software integration platform allows a hacker to gain access to and modify data.

The vulnerability of the Visual Composer web tool, a software modeling tool within the SAP NetWeaver integration platform, is related to an incorrect restriction on the path to the restricted access catalog. Exploiting this vulnerability could allow an attacker to gain read and modify access to...

7.6CVSS5.5AI score0.00594EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/06/11 12:0 a.m.9 views

The vulnerability of the EVLink WallBox software lies in the incorrect limitation of the path name to the restricted access catalog, allowing a violator to write arbitrary files.

The vulnerability of the EVLink WallBox software is related to incorrect restrictions on the path name to the restricted access catalog. Exploiting this vulnerability could allow a remote attacker to write arbitrary files...

10CVSS5.7AI score0.00643EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2025/05/30 12:0 a.m.5 views

The vulnerability of microprogrammed software in telephones and audio conferencing systems, related to incorrect restrictions on path names to the restricted access catalog, allows attackers to disclose protected information.

The vulnerability of microprogrammed software in telephones and audio conferencing systems relates to incorrect restrictions on the path to the restricted access catalog. Exploiting this vulnerability can allow a malicious actor to disclose protected information...

6.7CVSS5.5AI score0.00265EPSS
Exploits0References2Affected Software3
RedhatCVE
RedhatCVE
added 2025/05/23 6:9 a.m.5 views

CVE-2023-25621

Privilege Escalation vulnerability in Apache Software Foundation Apache Sling. Any content author is able to create i18n dictionaries in the repository in a location the author has write access to. As these translations are used across the whole product, it allows an author to change any text or...

6.5CVSS7AI score0.01148EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:53 a.m.9 views

CVE-2011-1584

The updateFile function in inc/core/class.dc.media.php in the Media Manager in Dotclear before 2.2.3 does not properly restrict pathnames, which allows remote authenticated users to upload and execute arbitrary PHP code via the mediapath or mediafile parameter. NOTE: some of these details are...

6.5CVSS7.6AI score0.01691EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2025/05/18 12:0 a.m.10 views

The vulnerability of the ColdFusion software platform arises from incorrect restrictions on path names to restricted catalogs. This allows attackers to circumvent security restrictions and gain unauthorized access to protected information.

The vulnerability of the ColdFusion software platform is related to incorrect restrictions on the path name to the restricted directory. Exploiting this vulnerability allows an attacker to bypass security restrictions and gain unauthorized access to protected information...

6.8CVSS5.5AI score0.40174EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2025/05/13 12:0 a.m.8 views

The vulnerability of the Ace Editor web interactive query editor in Hue allows a hacker to read arbitrary files.

The vulnerability of the Ace Editor web interactive query editor in Hue is related to an incorrect restriction on the path name to the restricted directory. Exploiting this vulnerability allows a malicious actor to read arbitrary files by sending specially crafted HTTP requests...

7.8CVSS7.3AI score0.0163EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder