267 matches found
The vulnerability of the Jenkins continuous integration server’s HTML plugin arises from incorrect path name restrictions for the catalog directory, allowing attackers to gain unauthorized access to protected information.
The vulnerability of the Jenkins automation server plugin is related to an incorrect restriction on the path to the catalog. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...
The vulnerability of the software tool for collecting network performance and Cisco ThousandEyes Endpoint Agent application data on Windows operating systems arises from incorrect path name restrictions for restricted access directories. This allows attackers to delete any files they desire.
The vulnerability of the software tool for collecting network performance data and the Cisco ThousandEyes Endpoint Agent for Windows operating systems is related to an incorrect path limitation in the access control list. Exploiting this vulnerability could allow a malicious individual to delete...
Directory Traversal
Overview llama-index-readers-obsidian is a llama-index readers obsidian integration Affected versions of this package are vulnerable to Directory Traversal via the loaddata method in the ObsidianReader class. An attacker can access sensitive system files by exploiting hardlinks to bypass path...
The vulnerability of the OAM service of the Nokia Single RAN network management platform allows a hacker to enhance their privileges.
The vulnerability of the OAM service of the Nokia Single RAN network management platform is related to incorrect restrictions on the path name to the catalog, leading to errors in privilege management. Exploiting this vulnerability can allow attackers to enhance their privileges...
CVE-2025-34074
An authenticated remote code execution vulnerability exists in Lucee’s administrative interface due to insecure design in the scheduled task functionality. An administrator with access to /lucee/admin/web.cfm can configure a scheduled job to retrieve a remote .cfm file from an attacker-controlled...
The vulnerability of the software deployment plugin and the GLPI Inventory network is related to incorrect restrictions on the path to the restricted-access catalog, allowing attackers to gain access to protected information.
The vulnerability of the software deployment and GLPI Inventory network component relates to incorrect restrictions on the path name to the restricted access catalog. Exploiting this vulnerability could allow an attacker to gain access to protected information...
The vulnerability of the pam_namespace module of the Linux-PAM authentication module allows a hacker to increase their privileges.
The vulnerability of the pamnamespace module in the Linux-PAM authentication module arises from a race condition caused by an incorrect restriction on the path to the restricted directory. Exploiting this vulnerability can allow an attacker to increase their privileges...
The vulnerability of the SLNX PC Client of the embedded application and document management tool RICOH Streamline NX allows a perpetrator to execute arbitrary code.
The vulnerability of the SLNX PC Client of the embedded application and document management tool RICOH Streamline NX lies in the deletion of files due to incorrect path restrictions for access to restricted directories. Exploiting this vulnerability allows an attacker to execute arbitrary code...
Vulnerability of Microsoft Office packages and 365 Apps for Enterprise, related to incorrect path name restrictions for restricted access directories, allows attackers to execute arbitrary code.
The vulnerability of Microsoft Office packages and 365 Apps for Enterprise is related to incorrect path name restrictions in the restricted access catalog. Exploiting this vulnerability could allow an attacker to execute arbitrary code...
The vulnerability in the web interface of the risk management platforms IBM OpenPages and IBM OpenPages with Watson allows a perpetrator to write or re-write any files as desired.
The vulnerability of the IBM OpenPages and IBM OpenPages with Watson web interfaces relates to incorrect restrictions on the path name to the restricted catalog. Exploitation of this vulnerability could allow a malicious actor to write to or re-write any files remotely...
The vulnerability of the M-Files Server platform’s interface allows a perpetrator to read arbitrary files.
The vulnerability of the M-Files Server platform’s automation interface is related to incorrect restrictions on the path name to the restricted catalog during the processing of the final point. Exploiting this vulnerability allows a malicious actor to remotely read arbitrary files...
The vulnerabilities of MobileHMI and IoTWorX Visualizer SCADA systems from GENESIS64 allow a intruder to gain unauthorized access to protected information.
The vulnerability of MobileHMI and IoTWorX Visualizer SCADA systems from GENESIS64 is related to incorrect restrictions on the path name to the restricted-access catalog. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...
The vulnerability of the “Termide Virtual Desktops Connection Manager” software server arises from incorrect restrictions on the path to the restricted access catalog. This allows attackers to execute attacks by bypassing the specified path.
The vulnerability of the "Termide Virtual Desktops Connection Manager" software server is related to an incorrect limitation on the path to the restricted access catalog. Exploitation of this vulnerability allows a malicious actor to perform attacks by bypassing the specified path...
The vulnerability in the web-based software modeling tool, Visual Composer, of the SAP NetWeaver software integration platform allows a hacker to gain access to and modify data.
The vulnerability of the Visual Composer web tool, a software modeling tool within the SAP NetWeaver integration platform, is related to an incorrect restriction on the path to the restricted access catalog. Exploiting this vulnerability could allow an attacker to gain read and modify access to...
The vulnerability of the EVLink WallBox software lies in the incorrect limitation of the path name to the restricted access catalog, allowing a violator to write arbitrary files.
The vulnerability of the EVLink WallBox software is related to incorrect restrictions on the path name to the restricted access catalog. Exploiting this vulnerability could allow a remote attacker to write arbitrary files...
The vulnerability of microprogrammed software in telephones and audio conferencing systems, related to incorrect restrictions on path names to the restricted access catalog, allows attackers to disclose protected information.
The vulnerability of microprogrammed software in telephones and audio conferencing systems relates to incorrect restrictions on the path to the restricted access catalog. Exploiting this vulnerability can allow a malicious actor to disclose protected information...
CVE-2023-25621
Privilege Escalation vulnerability in Apache Software Foundation Apache Sling. Any content author is able to create i18n dictionaries in the repository in a location the author has write access to. As these translations are used across the whole product, it allows an author to change any text or...
CVE-2011-1584
The updateFile function in inc/core/class.dc.media.php in the Media Manager in Dotclear before 2.2.3 does not properly restrict pathnames, which allows remote authenticated users to upload and execute arbitrary PHP code via the mediapath or mediafile parameter. NOTE: some of these details are...
The vulnerability of the ColdFusion software platform arises from incorrect restrictions on path names to restricted catalogs. This allows attackers to circumvent security restrictions and gain unauthorized access to protected information.
The vulnerability of the ColdFusion software platform is related to incorrect restrictions on the path name to the restricted directory. Exploiting this vulnerability allows an attacker to bypass security restrictions and gain unauthorized access to protected information...
The vulnerability of the Ace Editor web interactive query editor in Hue allows a hacker to read arbitrary files.
The vulnerability of the Ace Editor web interactive query editor in Hue is related to an incorrect restriction on the path name to the restricted directory. Exploiting this vulnerability allows a malicious actor to read arbitrary files by sending specially crafted HTTP requests...