Lucene search
+L

267 matches found

Positive Technologies
Positive Technologies
added 2025/04/29 12:0 a.m.5 views

PT-2025-29480 · Gnu · Snappy

Уязвимость библиотеки PHP Snappy связана с неверным ограничением имени пути к каталогу с ограниченным доступом. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, получить несанкционированный доступ к локальным файлам и директориям на сервере при обработке параметров...

7.8CVSS7.3AI score
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2025/04/28 12:0 a.m.9 views

The vulnerability of the software for Hitachi Energy’s equipment control and management systems, Hitachi Energy MicroSCADA X SYS600 and Pro SYS600, arises from incorrect restrictions on the path name to the restricted-access catalog. This allows attackers to gain access to read, modify, and delete system files.

The vulnerability of the software for controlling and managing equipment in Hitachi Energy’s MicroSCADA X SYS600 and Pro SYS600 systems lies in improper restrictions on the path name to the restricted-access catalog. Exploiting this vulnerability could allow a malicious actor to gain read, modify...

9.9CVSS8AI score0.00611EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/04/23 12:0 a.m.8 views

The vulnerability of the PHP library TCPDF, related to incorrect pathname restrictions for restricted access directories, allows attackers to gain unauthorized access to protected information.

The vulnerability of the PHP library TCPDF lies in the incorrect path limitation for the access to the restricted directory. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

6.8CVSS5.5AI score
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/04/23 12:0 a.m.24 views

The vulnerability of the PHP library TCPDF, related to incorrect pathname restrictions for restricted access directories, allows attackers to gain unauthorized access to protected information.

The vulnerability of the PHP library TCPDF lies in the incorrect path limitation for the access to the restricted directory. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

6.8CVSS5.5AI score
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/04/09 12:0 a.m.9 views

The vulnerability of the ColdFusion software platform arises from incorrect restrictions on the path to the restricted catalog, allowing attackers to bypass security restrictions.

The vulnerability of the ColdFusion software platform is related to incorrect restrictions on the path to the restricted catalog. Exploiting this vulnerability allows a malicious actor to bypass security restrictions remotely...

8.7CVSS7.9AI score0.17908EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2025/04/09 12:0 a.m.8 views

The vulnerability of Websoft HCM’s automation software for HR processes stems from incorrect restrictions on the path to the restricted catalog. This allows attackers to disclose protected information.

The vulnerability of Websoft HCM’s automation software for HR processes is related to incorrect restrictions on the path to the restricted-access catalog. Exploiting this vulnerability allows a malicious actor to disclose protected information...

6.8CVSS5.5AI score
Exploits0
CNNVD
CNNVD
added 2025/04/01 12:0 a.m.7 views

WordPress plugin Include URL 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...

6.5CVSS8.5AI score0.00488EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2025/04/01 12:0 a.m.10 views

The vulnerability of the API component of FortiWeb’s web applications allows a hacker to execute arbitrary code or commands.

The vulnerability of the API component of FortiWeb web applications relates to incorrect restrictions on the path name to the restricted directory. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code or commands remotely...

7.5CVSS6.4AI score0.00535EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/03/17 12:0 a.m.7 views

The vulnerability of video surveillance cameras for monitoring and surveillance systems, including IntelBras IP cameras, allows a intruder to gain unauthorized access to devices and protected information.

The vulnerability of video surveillance cameras for monitoring and surveillance systems related to incorrect restrictions on the path name to the restricted catalog. Exploiting this vulnerability can allow an intruder to gain unauthorized access to devices and protected information...

4.3CVSS5.5AI score0.00567EPSS
Exploits0References5Affected Software4
BDU FSTEC
BDU FSTEC
added 2025/03/06 12:0 a.m.14 views

The vulnerability of the ArcGIS Server server, related to incorrect restrictions on the path to the restricted catalog, allows attackers to gain unauthorized access to protected information.

The vulnerability of ArcGIS Server is related to incorrect restrictions on the path name to the restricted catalog. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

6.8CVSS5.5AI score0.00562EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2025/03/05 10:36 a.m.9 views

Arbitrary File Upload

mautic/core is vulnerable to Arbitrary File Upload. The vulnerability is due to improper input validation and insufficient path restrictions, allowing users to upload files to unintended directories outside the designated temporary directory...

5.4CVSS7.1AI score0.00549EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/03/05 12:0 a.m.6 views

The vulnerability of the bar files in the control panel of the software integration for IBM App Connect Enterprise allows a perpetrator to write any files into the file system.

The vulnerability of the bar files in the control panel of the IBM App Connect Enterprise software relates to incorrect path name restrictions for the restricted access directory. Exploiting this vulnerability could allow a malicious actor to write any files into the file system remotely...

6.8CVSS5.4AI score0.00479EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/03/05 12:0 a.m.7 views

The vulnerability of the add_dir() function in the nas.cgi script of the Wavlink AC3000 router’s microprogramming system allows a hacker to circumvent existing security restrictions.

The vulnerability of the adddir function in the nas.cgi script of the Wavlink AC3000 WL-WN533A8 router microprogramming system is related to an incorrect limitation on the path name to the restricted directory. Exploiting this vulnerability allows a malicious actor to bypass existing security...

9.1CVSS7.7AI score0.02472EPSS
Exploits1References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/03/03 12:0 a.m.7 views

The vulnerability of the application software interface of the Cisco Identity Services Engine (ISE) management platform allows a perpetrator to gain read, modify, or delete access to data.

The vulnerability of the application programming interface of the Cisco Identity Services Engine ISE management platform relates to incorrect restrictions on the path name to the restricted catalog. Exploiting this vulnerability could allow an attacker to gain read, modify, or delete access to da...

7.5CVSS5.5AI score0.00526EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/03/03 12:0 a.m.6 views

The vulnerability of the application software interface of the Cisco Identity Services Engine (ISE) platform allows a perpetrator to load files into any location within the operating system of the affected device.

The vulnerability of the application software interface of the Cisco Identity Services Engine ISE management platform is related to incorrect restrictions on the path name to the restricted catalog. Exploiting this vulnerability could allow a malicious actor to load files into any location within...

5.5CVSS5.5AI score0.00601EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/02/26 12:0 a.m.8 views

The vulnerability of the org.springframework.web.multipart package in the Spring Web framework allows attackers to re-write files stored in web server directories.

The vulnerability of the org.springframework.web.multipart package in the Spring Web framework is related to an incorrect restriction on the path to the restricted directory. Exploiting this vulnerability could allow a malicious actor to re-upload files stored in the web server’s directory from a...

7.8CVSS5.6AI score
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/02/18 12:0 a.m.10 views

The vulnerability of the WPLMS training management system, a content management system for WordPress websites, allows an attacker to gain access to read, modify, or delete data.

The vulnerability of the WPLMS training management system involves incorrect restrictions on the path to the restricted access catalog. Exploiting this vulnerability could allow an attacker to gain read, modify, or delete access to data...

10CVSS8.1AI score0.33856EPSS
Exploits2References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/02/06 12:0 a.m.8 views

The vulnerability of the Fortinet FortiManager software for centralized device management, as well as the FortiAnalyzer and FortiAnalyzer-BigData tools for security event monitoring and analysis, arises from incorrect restrictions on the path to the restricted-access directory. This allows an attacker to gain access to and read/write arbitrary files in the directory.

The vulnerability of the Fortinet FortiManager software for centralized device management, as well as the FortiAnalyzer and FortiAnalyzer-BigData security monitoring and analysis tools, is related to an incorrect limitation on the path name to the restricted access directory. Exploiting this...

7.5CVSS5.6AI score0.00234EPSS
Exploits0References3Affected Software3
BDU FSTEC
BDU FSTEC
added 2025/02/06 12:0 a.m.6 views

The vulnerability of the CMSimple content management system, related to incorrect restrictions on the path to the restricted access catalog, allows a intruder to gain unauthorized access to protected information.

The vulnerability of the CMSimple content management system is related to incorrect restrictions on the path to the restricted catalog. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information by sending a specially crafted GET request...

7.8CVSS5.5AI score0.00632EPSS
Exploits1References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/01/21 12:0 a.m.9 views

The vulnerability of the tarfile.extractall method in the TrueNAS CORE operating system allows a hacker to execute arbitrary code.

The vulnerability of the tarfile.extractall method in the TrueNAS CORE operating system is related to an incorrect limitation on the path name for the restricted access directory. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

7.5CVSS7.6AI score0.01599EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder