414 matches found
PT-2024-41133 · Ооо "Вебсофт Девелопмент" · Websoft Hcm
Уязвимость программного обеспечения автоматизации HR-процессов Websoft HCM связана с неверным ограничением имени пути к каталогу с ограниченным доступом. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, раскрыть защищаемую информацию...
The vulnerability of the AWS S3 platform’s module for developer portals allows attackers to bypass security restrictions and gain unauthorized access to protected information.
The vulnerability of the AWS S3 platform’s module for developer portals developed by Backstage relates to an incorrect restriction on the path name to the restricted catalog. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and gain unauthorized access to...
The vulnerability of the sub_1DF14 function in the mainfunction.cgi web interface of the DrayTek Vigor router software allows a hacker to gain unauthorized access to confidential system files.
The vulnerability of the sub1DF14 function in the mainfunction.cgi web interface of the DrayTek Vigor router software is related to an incorrect restriction on the path name to the restricted directory. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to...
The vulnerability of the res.download() function in the template.js script (located at backend/src/routes/template.js), a documentation generation tool from PwnDoc, allows a hacker to read arbitrary files.
The vulnerability of the res.download function in the template.js script located at backend/src/routes/template.js, a tool for automating report document formatting by PwnDoc, is related to an incorrect restriction on the path to the restricted directory. Exploiting this vulnerability could allow...
The vulnerability of Veeam Backup & Replication’s virtual and physical systems arises from the limited ability to restrict the path name to the restricted access directory. This allows attackers to compromise the integrity and accessibility of the protected information.
The vulnerability of Veeam Backup & Replication virtual and physical systems is related to the limited ability to access the directory. Exploiting this vulnerability can allow a malicious actor to influence the integrity and accessibility of the protected information...
The vulnerability of the One-Time Password function of the operating system for managing Synology Router Manager devices allows a hacker to delete any files they want.
The vulnerability of the One-Time Password function in the operating system for managing Synology Router Manager devices is related to an incorrect restriction on the path to the restricted directory. Exploiting this vulnerability could allow a malicious actor to delete any files they want...
The vulnerability of the CLI command-line interface of the GitHub collaborative development platform involves an incorrect restriction on the path name to the restricted directory. This allows a malicious user to gain read, modify, or delete access to files.
The vulnerability of the CLI command-line interface of the GitHub collaborative development platform relates to incorrect path name restrictions for restricted directories when processing the artifact name and the --dir flag. Exploiting this vulnerability may allow a malicious actor to gain read,...
PT-2024-9451 · Microsoft · Windows Ip Routing Management Snapin +1
Name of the Vulnerable Software and Affected Versions: Windows IP Routing Management Snapin affected versions not specified Description: The issue is related to a remote code execution vulnerability in the Windows IP Routing Management Snapin. It is caused by incorrect restriction of the path nam...
The vulnerability of the 2N Access Commander access control tool lies in the incorrect limitation of the path name for the restricted access catalog, allowing a intruder to execute arbitrary code.
The vulnerability of the 2N Access Commander access control system lies in the incorrect limitation of the path name to the restricted catalog. Exploiting this vulnerability allows a malicious actor, operating remotely, to execute arbitrary code...
The vulnerability of the application programming interface of the Trellix Enterprise Security Manager (ESM) system, which allows a threat actor to circumvent security restrictions.
The vulnerability of the application programming interface of the Trellix Enterprise Security Manager ESM system for monitoring, analyzing, and managing security threats is related to an incorrect restriction on the path name to the restricted directory. Exploiting this vulnerability could allow ...
The vulnerability of Kanboard project management software lies in the improper restriction of the path name to the restricted access directory. This allows a hacker to execute arbitrary PHP code on the server and write to files.
The vulnerability of Kanboard project management software relates to incorrect restrictions on the path name to the restricted access catalog. Exploiting this vulnerability allows a malicious actor to execute arbitrary PHP code on the server and write data to files...
The vulnerability in the web interface for managing Zyxel ZLD microprogramming software’s network interface allows a perpetrator to execute file uploads or downloads.
The vulnerability in the web interface for managing Zyxel ZLD microprogramming software lies in incorrect restrictions on the path name to the restricted directory. Exploiting this vulnerability allows a malicious actor to perform file uploads or downloads through a specially crafted URL address...
CVE-2024-54004
Jenkins Filesystem List Parameter Plugin 0.0.14 and earlier does not restrict the path used for the File system objects list Parameter, allowing attackers with Item/Configure permission to enumerate file names on the Jenkins controller file system...
PT-2024-36011 · Jenkins · Jenkins Filesystem List Parameter Plugin
Name of the Vulnerable Software and Affected Versions: Jenkins Filesystem List Parameter Plugin versions 0.0.14 and earlier Description: The issue allows attackers with Item/Configure permission to enumerate file names on the Jenkins controller file system due to a lack of restriction on the path...
The vulnerability of the executable file promecefpluginhost.exe in the Prome CEF SubProcess subsystem of the WPS Office office software package on Windows operating systems allows a hacker to execute arbitrary code.
The vulnerability of the executable file promecefpluginhost.exe from the Prome CEF SubProcess subsystem of the WPS Office office software package on Windows operating systems is related to an incorrect path limitation for accessing the restricted directory. Exploiting this vulnerability could all...
The vulnerability of the Manager component in the Wowza Streaming Engine server software allows a hacker to gain access to and read files.
The vulnerability of the Manager component in the Wowza Streaming Engine server software is related to an incorrect restriction on the path to the restricted directory. Exploiting this vulnerability could allow a malicious actor to gain read access to files in the target directory, provided that...
The vulnerability of the Intel Extension for Transformers tool set arises from incorrect name restrictions for paths to the restricted catalog. This allows attackers to escalate their privileges.
The vulnerability of the Intel Extension for Transformers tool set is related to an incorrect name restriction for the path to the restricted access catalog. Exploiting this vulnerability can allow attackers to enhance their privileges...
PT-2024-41081 · Spring · Spring Framework
Name of the Vulnerable Software and Affected Versions: Spring Framework affected versions not specified Description: The issue is related to the org.springframework.web.multipart package of the Spring Web module in the Spring Framework, which is associated with incorrect restriction of the path...
The vulnerability of the Consul service configuration tool lies in the incorrect limitation of the path name to the restricted catalog, allowing attackers to circumvent security restrictions.
The vulnerability of the Consul service configuration tool is related to incorrect restrictions on the path name to the restricted catalog. Exploiting this vulnerability allows a malicious actor to bypass security restrictions through a specially created HTTP request...
The vulnerability in the web interface of the Cisco Identity Services Engine (ISE) management platform allows a perpetrator to gain read, modify, or delete access to data.
The vulnerability in the web interface of the Cisco Identity Services Engine ISE management platform relates to an incorrect restriction on the path name to the restricted catalog. Exploiting this vulnerability could allow a malicious actor to gain read, modify, or delete access to data by sendin...