Lucene search
K

170 matches found

OSV
OSV
added 2024/05/14 4:16 p.m.6 views

CVE-2024-25965

Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 contains an external control of file name or path vulnerability. A local high privilege attacker could potentially exploit this vulnerability, leading to denial of service...

4.4CVSS5.8AI score0.00218EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/05/14 12:0 a.m.4 views

Dell PowerScale OneFS 安全漏洞

Dell PowerScale OneFS is a proprietary operating system developed by Dell for its PowerScale horizontally scalable NAS network attached storage solution. Dell PowerScale OneFS has an external control of file name or path vulnerability that can be exploited by an attacker to cause a denial of...

6.1CVSS6.7AI score0.00218EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/05/14 12:0 a.m.8 views

Siemens RUGGEDCOM CROSSBOW 安全漏洞

Siemens RUGGEDCOM CROSSBOW is a proven secure access management solution from Siemens, Germany. Siemens RUGGEDCOM CROSSBOW suffers from a filename or path external control vulnerability due to a bulk import feature on the affected system that allows a privileged user to upload files to the root...

7.2CVSS8AI score0.01352EPSS
Exploits0References3
CVE
CVE
added 2024/02/15 2:56 a.m.34 views

CVE-2024-26263

Summary: CVE-2024-26263 pertains to EBM Technologies RISWEB where a URL path is not properly controlled by permissions, enabling attackers to browse specific pages and query sensitive data without login. The core issue is improper access control affecting RISWEB’s URL paths; exploitation details ...

7.5CVSS5.2AI score0.0042EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/02/06 12:0 a.m.31 views

CVE-2024-24000

jshERP v3.3 is vulnerable to Arbitrary File Upload. The jshERP-boot/systemConfig/upload interface does not check the uploaded file type, and the biz parameter can be spliced into the upload path, resulting in arbitrary file uploads with controllable paths...

9.7AI score0.0064EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/11/30 3:57 a.m.17 views

CVE-2023-5247

Malicious Code Execution Vulnerability due to External Control of File Name or Path in multiple Mitsubishi Electric FA Engineering Software Products allows a malicious attacker to execute a malicious code by having legitimate users open a specially crafted project file, which could result in...

7.8CVSS7.4AI score0.00261EPSS
Exploits0References2
OSV
OSV
added 2023/08/14 3:30 a.m.15 views

GHSA-XVV9-5J67-3RPQ zola Path Traversal vulnerability

An issue was discovered in zola 0.13.0 through 0.17.2. The custom implementation of a web server, available via the "zola serve" command, allows directory traversal. The handlerequest function, used by the server to process HTTP requests, does not account for sequences of special path control...

7.5CVSS7.4AI score0.00921EPSS
Exploits1References4
Prion
Prion
added 2023/08/14 1:15 a.m.15 views

Directory traversal

An issue was discovered in zola 0.13.0 through 0.17.2. The custom implementation of a web server, available via the "zola serve" command, allows directory traversal. The handlerequest function, used by the server to process HTTP requests, does not account for sequences of special path control...

5CVSS7.5AI score0.00921EPSS
Exploits1References2Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2023/07/05 12:0 a.m.7 views

VulnCheck KEV: CVE-2022-39952

A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via...

9.8CVSS7.5AI score0.99815EPSS
Exploits7References1
CVE
CVE
added 2023/03/01 12:0 a.m.51 views

CVE-2023-1105

CVE-2023-1105 affects FlatPress prior to v1.3 in the flatpressblog/flatpress repository. The root cause is external control of file names or paths, enabling manipulation of file targets. Impact is described as the ability to influence filenames/paths; exploitation status is not provided in the do...

8.1CVSS7.9AI score0.00711EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2023/02/27 4:15 p.m.13 views

Xxe

External Control of File Name or Path in GitHub repository nilsteampassnet/teampass prior to 3.0.0.22...

5.5CVSS6.9AI score0.00823EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2023/02/27 12:0 a.m.16 views

CVE-2023-1070 External Control of File Name or Path in nilsteampassnet/teampass

External Control of File Name or Path in GitHub repository nilsteampassnet/teampass prior to 3.0.0.22...

7.1CVSS7AI score0.00823EPSS
Exploits1References4
CVE
CVE
added 2023/02/27 12:0 a.m.76 views

CVE-2023-1070

CVE-2023-1070 affects TeamPass (nilsteampassnet/teampass) prior to version 3.0.0.22. The issue is described as External Control of File Name or Path, enabling an attacker to delete arbitrary files through manipulation of file names/paths. The root cause is a vulnerability in how file names/paths ...

7.1CVSS6.9AI score0.00823EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2023/02/16 6:6 p.m.57 views

CVE-2022-39952

A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via...

9.8CVSS9.9AI score0.99815EPSS
Exploits7References1
Vulnrichment
Vulnrichment
added 2023/02/16 6:6 p.m.30 views

CVE-2022-39952

A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via...

9.8CVSS7.8AI score0.99815EPSS
Exploits7References1
Positive Technologies
Positive Technologies
added 2023/02/16 12:0 a.m.8 views

PT-2023-1417 · Fortinet · Fortinac

Name of the Vulnerable Software and Affected Versions: FortiNAC versions 8.3.7, 8.5.0 through 8.5.4, 8.6.0 through 8.6.5, 8.7.0 through 8.7.6, 8.8.0 through 8.8.11, 9.1.0 through 9.1.7, 9.2.0 through 9.2.5, 9.4.0 Description: The issue is related to incorrect external control of file name or path...

9.8CVSS9.1AI score0.99815EPSS
Exploits7References28
SUSE CVE
SUSE CVE
added 2023/02/15 4:19 a.m.4 views

SUSE CVE-2018-1000532

beep version 1.3 and up contains a External Control of File Name or Path vulnerability in --device option that can result in Local unprivileged user can inhibit execution of arbitrary programs by other users, allowing DoS. This attack appear to be exploitable via The system must allow local users...

4.7CVSS4.9AI score0.0035EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2023/02/15 12:0 a.m.7 views

The vulnerability in the web interface of the security, automation, and response platform Cortex XSOAR allows a attacker to read arbitrary files.

The vulnerability of the web interface of the security, automation, and response platform Cortex XSOAR is related to improper external control of the file name or file path. Exploiting this vulnerability allows a malicious actor to read arbitrary files...

6.8CVSS6.7AI score0.0116EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/01/18 12:15 a.m.3 views

CVE-2022-46660

An unauthorized user could alter or write files with full control over the path and content of the file...

6.5CVSS5.8AI score0.00556EPSS
Exploits0References2
OSV
OSV
added 2022/12/07 1:15 a.m.23 views

CVE-2022-45918

ILIAS before 7.16 allows External Control of File Name or Path...

6.5CVSS6.9AI score
Exploits0References3
Rows per page
Query Builder