13 matches found
CVE-2026-20175
A vulnerability in Cisco Finesse could allow an unauthenticated, remote attacker to load arbitrary files from remote locations into an active user session on an affected device, possibly leading to browser-based attacks. This vulnerability is due to insufficient validation of user-supplied input...
EUVD-2020-11414
Malware in sbrugna...
The vulnerability of the microprogramming-based power supply systems of Galaxy VL and Galaxy VS lies in the improper limitation of the path name to the restricted access catalog. This allows attackers to load arbitrary files into the system.
The vulnerability of the microprogramming-based power supply systems of Galaxy VL and Galaxy VS is related to an incorrect limitation on the path name to the restricted access catalog. Exploiting this vulnerability could allow a malicious actor to load arbitrary files into the system...
Medium: babel
Issue Overview: Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary locale .dat files containing serialized Python objects via directory traversal, leading to code execution. CVE-2021-42771 Affected Packages: babel Note: This advisory is applicable to Amazon Linux 2 AL2 Core...
The vulnerability of the software update function of Cisco Enterprise NFV Infrastructure Software (NFVIS) allows a attacker to load any file onto a vulnerable device.
The vulnerability of the Cisco Enterprise NFV Infrastructure Software’s software update function NFVIS is related to errors during file signature verification. Exploiting this vulnerability could allow a attacker to load any file onto a vulnerable device...
GHSA-WJP3-4XCQ-598P Apache Sling JCR ContentLoader XmlReader Arbitrary File Load
The Apache Sling JCR ContentLoader 2.1.4 XmlReader used in the Sling JCR content loader module makes it possible to import arbitrary files in the content repository, including local files, causing potential information leaks. Users should upgrade to version 2.1.6 of the JCR ContentLoader...
The vulnerability of the Node.js module for processing tar archives, Node-tar, is related to vulnerabilities in the pathname limitation of the directory. This allows attackers to load arbitrary files and execute arbitrary code.
The vulnerability of the Node.js module for processing tar archives with the Node-tar module is related to deficiencies in pathname restrictions for directories. Exploiting this vulnerability could allow an attacker to load arbitrary files and execute arbitrary code...
CVE-2020-19510
Textpattern 4.7.3 contains an aribtrary file load via the fileinsert function in include/txpfile.php...
CVE-2020-19510
Textpattern 4.7.3 contains an aribtrary file load via the fileinsert function in include/txpfile.php...
Design/Logic Flaw
Textpattern 4.7.3 contains an aribtrary file load via the fileinsert function in include/txpfile.php...
CVE-2020-19510
CVE-2020-19510 affects Textpattern 4.7.3, where an arbitrary file load/upload is possible through the file_insert function in include/txp_file.php. The connected sources consistently describe this vulnerability as an arbitrary file upload issue in Textpattern; no exploit details are provided in t...
CVE-2020-19510
Textpattern 4.7.3 contains an aribtrary file load via the fileinsert function in include/txpfile.php...
VMware vMA不明细节本地权限提升漏洞
BUGTRAQ ID: 53697 CVE ID: CVE-2012-2752 vSphere Management Assistant vMA是允许管理员和开发者运行脚本和代理以管理ESXi主机和vCenter服务器系统的虚拟计算机。 VMWare vMA 4.0、4.1、5.0.0.1 之前版本在实现上存在加载任意文件导致的本地权限提升漏洞,攻击者可利用此漏洞以提升的权限执行任意代码。 0 VMWare vMA 5.0.0.1 VMWare vMA 4.1 VMWare vMA 4.0 厂商补丁: VMWare ------...