170 matches found
CVE-2024-25965
Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 contains an external control of file name or path vulnerability. A local high privilege attacker could potentially exploit this vulnerability, leading to denial of service...
Dell PowerScale OneFS 安全漏洞
Dell PowerScale OneFS is a proprietary operating system developed by Dell for its PowerScale horizontally scalable NAS network attached storage solution. Dell PowerScale OneFS has an external control of file name or path vulnerability that can be exploited by an attacker to cause a denial of...
Siemens RUGGEDCOM CROSSBOW 安全漏洞
Siemens RUGGEDCOM CROSSBOW is a proven secure access management solution from Siemens, Germany. Siemens RUGGEDCOM CROSSBOW suffers from a filename or path external control vulnerability due to a bulk import feature on the affected system that allows a privileged user to upload files to the root...
CVE-2024-26263
Summary: CVE-2024-26263 pertains to EBM Technologies RISWEB where a URL path is not properly controlled by permissions, enabling attackers to browse specific pages and query sensitive data without login. The core issue is improper access control affecting RISWEB’s URL paths; exploitation details ...
CVE-2024-24000
jshERP v3.3 is vulnerable to Arbitrary File Upload. The jshERP-boot/systemConfig/upload interface does not check the uploaded file type, and the biz parameter can be spliced into the upload path, resulting in arbitrary file uploads with controllable paths...
CVE-2023-5247
Malicious Code Execution Vulnerability due to External Control of File Name or Path in multiple Mitsubishi Electric FA Engineering Software Products allows a malicious attacker to execute a malicious code by having legitimate users open a specially crafted project file, which could result in...
GHSA-XVV9-5J67-3RPQ zola Path Traversal vulnerability
An issue was discovered in zola 0.13.0 through 0.17.2. The custom implementation of a web server, available via the "zola serve" command, allows directory traversal. The handlerequest function, used by the server to process HTTP requests, does not account for sequences of special path control...
Directory traversal
An issue was discovered in zola 0.13.0 through 0.17.2. The custom implementation of a web server, available via the "zola serve" command, allows directory traversal. The handlerequest function, used by the server to process HTTP requests, does not account for sequences of special path control...
VulnCheck KEV: CVE-2022-39952
A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via...
CVE-2023-1105
CVE-2023-1105 affects FlatPress prior to v1.3 in the flatpressblog/flatpress repository. The root cause is external control of file names or paths, enabling manipulation of file targets. Impact is described as the ability to influence filenames/paths; exploitation status is not provided in the do...
Xxe
External Control of File Name or Path in GitHub repository nilsteampassnet/teampass prior to 3.0.0.22...
CVE-2023-1070 External Control of File Name or Path in nilsteampassnet/teampass
External Control of File Name or Path in GitHub repository nilsteampassnet/teampass prior to 3.0.0.22...
CVE-2023-1070
CVE-2023-1070 affects TeamPass (nilsteampassnet/teampass) prior to version 3.0.0.22. The issue is described as External Control of File Name or Path, enabling an attacker to delete arbitrary files through manipulation of file names/paths. The root cause is a vulnerability in how file names/paths ...
CVE-2022-39952
A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via...
CVE-2022-39952
A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via...
PT-2023-1417 · Fortinet · Fortinac
Name of the Vulnerable Software and Affected Versions: FortiNAC versions 8.3.7, 8.5.0 through 8.5.4, 8.6.0 through 8.6.5, 8.7.0 through 8.7.6, 8.8.0 through 8.8.11, 9.1.0 through 9.1.7, 9.2.0 through 9.2.5, 9.4.0 Description: The issue is related to incorrect external control of file name or path...
SUSE CVE-2018-1000532
beep version 1.3 and up contains a External Control of File Name or Path vulnerability in --device option that can result in Local unprivileged user can inhibit execution of arbitrary programs by other users, allowing DoS. This attack appear to be exploitable via The system must allow local users...
The vulnerability in the web interface of the security, automation, and response platform Cortex XSOAR allows a attacker to read arbitrary files.
The vulnerability of the web interface of the security, automation, and response platform Cortex XSOAR is related to improper external control of the file name or file path. Exploiting this vulnerability allows a malicious actor to read arbitrary files...
CVE-2022-46660
An unauthorized user could alter or write files with full control over the path and content of the file...
CVE-2022-45918
ILIAS before 7.16 allows External Control of File Name or Path...