Cisco FXOS Software Arbitrary File Write Vulnerability

A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to create a file or overwrite any file on the filesystem of an affected device, including system files. The vulnerability occurs because there is no validation of parameters when a specific CLI command ...

CVE-2023-25914

Due to improper restriction, authenticated attackers could retrieve and read system files of the underlying server through the XML interface. The information that can be read can lead to a full system compromise...

CVE-2023-25914

Due to improper restriction, authenticated attackers could retrieve and read system files of the underlying server through the XML interface. The information that can be read can lead to a full system compromise...

Input validation

Due to improper restriction, attackers could retrieve and read system files of the underlying server through the XML interface...

CVE-2023-25914 Authneticated Path Traversal in Danfoss AK-SM800A

Due to improper restriction, authenticated attackers could retrieve and read system files of the underlying server through the XML interface. The information that can be read can lead to a full system compromise...

CVE-2023-25914

CVE-2023-25914 describes a path-traversal flaw in the Danfoss AK-SM800A system manager. Authenticated attackers could read arbitrary server files via the product’s XML interface, potentially enabling full system compromise. Affected versions cited include 3.3 and earlier in multiple feeds; root c...

Remote Code Execution (RCE)

Firefox is vulnerable to Remote Code Execution. The vulnerability is due to a lack of validation when creating shortcuts, which could allow an attacker to trick a user into create a shortcut that points to local system files...

CVE-2023-31926

System files could be overwritten using the less command in Brocade Fabric OS before Brocade Fabric OS v9.1.1c and v9.2.0...

CVE-2023-31926

System files could be overwritten using the less command in Brocade Fabric OS before Brocade Fabric OS v9.1.1c and v9.2.0...

Command injection

System files could be overwritten using the less command in Brocade Fabric OS before Brocade Fabric OS v9.1.1c and v9.2.0...

CVE-2023-31926 Arbitrary File Overwrite using less command

System files could be overwritten using the less command in Brocade Fabric OS before Brocade Fabric OS v9.1.1c and v9.2.0...

SpiderControl SCADA Webserver Path Traversal Vulnerability

iniNet Solutions SpiderControl SCADA Webserver is a server from iniNet Solutions. A path traversal vulnerability exists in SpiderControl SCADA Webserver version 2.08 and prior versions, which can be exploited by an attacker with administrative privileges to overwrite files on a web server using t...

CVE-2023-35936

An arbitrary file write vulnerability was found in Haskell's Pandoc. This issue can be triggered by providing a specially crafted image element in the input when generating files using the --extract-media option or outputting to PDF format. This may allow an attacker to create or overwrite...

CVE-2023-32639

Applicant Programme Ver.7.06 and earlier improperly restricts XML external entity references XXE. By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker...

Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Symbolic Link Path Traversal (CVE-2019-1836)

A vulnerability in the system shell for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure ACI mode could allow an authenticated, local attacker to use symbolic links to overwrite system files. These system files may be sensitive and should not be overwritable by non-ro...

Server side request forgery (ssrf)

InfoDoc Document On-line Submission and Approval System lacks sufficient restrictions on the available tags within its HTML to PDF conversion function, and allowing an unauthenticated attackers to load remote or local resources through HTML tags such as iframe. This vulnerability allows...

CVE-2023-37290 InfoDoc Document On-line Submission and Approval System - Server-Side Request Forgery (SSRF)

InfoDoc Document On-line Submission and Approval System lacks sufficient restrictions on the available tags within its HTML to PDF conversion function, and allowing an unauthenticated attackers to load remote or local resources through HTML tags such as iframe. This vulnerability allows...

Xxe

XBRL data create application version 7.0 and earlier improperly restricts XML external entity references XXE. By processing a specially crafted XBRL file, arbitrary files on the system may be read by an attacker...

CVE-2023-32635

XBRL data create application version 7.0 and earlier improperly restricts XML external entity references XXE. By processing a specially crafted XBRL file, arbitrary files on the system may be read by an attacker...

CVE-2023-32635

XBRL data create application version 7.0 and earlier improperly restricts XML external entity references XXE. By processing a specially crafted XBRL file, arbitrary files on the system may be read by an attacker...