CVE-2022-22392

IBM Planning Analytics Local 2.0 could allow an attacker to upload arbitrary executable files which, when executed by an unsuspecting victim could result in code execution. IBM X-Force ID: 222066...

CVE-2021-39040

IBM Planning Analytics Workspace 2.0 could be vulnerable to malicious file upload by not validating the file types or sizes. Attackers can make use of this weakness and upload malicious executable files into the system and it can be sent to victim for performing further attacks. IBM X-Force ID:...

CVE-2021-39040

IBM Planning Analytics Workspace 2.0 could be vulnerable to malicious file upload by not validating the file types or sizes. Attackers can make use of this weakness and upload malicious executable files into the system and it can be sent to victim for performing further attacks. IBM X-Force ID:...

Design/Logic Flaw

IBM Planning Analytics Workspace 2.0 could be vulnerable to malicious file upload by not validating the file types or sizes. Attackers can make use of this weakness and upload malicious executable files into the system and it can be sent to victim for performing further attacks. IBM X-Force ID:...

CVE-2022-22392

IBM Planning Analytics Local 2.0 could allow an attacker to upload arbitrary executable files which, when executed by an unsuspecting victim could result in code execution. IBM X-Force ID: 222066...

CVE-2021-39040

IBM Planning Analytics Workspace 2.0 could be vulnerable to malicious file upload by not validating the file types or sizes. Attackers can make use of this weakness and upload malicious executable files into the system and it can be sent to victim for performing further attacks. IBM X-Force ID:...

Security Bulletin: IBM Planning Analytics is affected by security vulnerabilities.

Summary This Security Bulletin addresses multiple vulnerabilities that have been remediated in IBM Planning Analytics Workspace 2.0.75. Vulnerability Details CVEID: CVE-2021-39040 DESCRIPTION: IBM Planning Analytics could be vulnerable to malicious file upload by not validating the file types or...

CVE-2022-29281

Notable before 1.9.0-beta.8 doesn't effectively prevent the opening of executable files when clicking on a link. There is improper validation of the file URI scheme. A hyperlink to an SMB share could lead to execution of an arbitrary program or theft of NTLM credentials via an SMB relay attack,...

CVE-2022-29281

Notable before 1.9.0-beta.8 doesn't effectively prevent the opening of executable files when clicking on a link. There is improper validation of the file URI scheme. A hyperlink to an SMB share could lead to execution of an arbitrary program or theft of NTLM credentials via an SMB relay attack,...

Input validation

Notable before 1.9.0-beta.8 doesn't effectively prevent the opening of executable files when clicking on a link. There is improper validation of the file URI scheme. A hyperlink to an SMB share could lead to execution of an arbitrary program or theft of NTLM credentials via an SMB relay attack,...

CVE-2022-29281

Notable (Notable-insiders) contains a vulnerability tracked as CVE-2022-29281, affecting versions prior to 1.9.0-beta.8. The issue stems from improper validation of the file URI scheme, allowing executable files to be opened when clicking a link and potentially enabling UNC/SMB path abuse. Impact...

CVE-2022-26839

Delta Electronics DIAEnergie All versions prior to 1.8.02.004 is vulnerable to an incorrect default permission in the DIAEnergie application, which may allow an attacker to plant new files such as DLLs or replace existing executable files...

Default configuration

Delta Electronics DIAEnergie All versions prior to 1.8.02.004 is vulnerable to an incorrect default permission in the DIAEnergie application, which may allow an attacker to plant new files such as DLLs or replace existing executable files...

CVE-2022-26839 Delta Electronics DIAEnergie Incorrect Default Permissions

Delta Electronics DIAEnergie All versions prior to 1.8.02.004 is vulnerable to an incorrect default permission in the DIAEnergie application, which may allow an attacker to plant new files such as DLLs or replace existing executable files...

CVE-2022-26839

CVE-2022-26839 affects Delta Electronics DIAEnergie (all versions before 1.8.02.004). The flaw is an incorrect default permission in the DIAEnergie application that may allow an attacker to plant new files (e.g., DLLs) or replace existing executables. ICS advisory Update C notes fixes in version ...

PT-2022-2512 · Dotcms · Dotcms

Name of the Vulnerable Software and Affected Versions: dotCMS versions 3.0 through 22.02 Description: An issue was discovered in the ContentResource API, allowing attackers to craft a multipart form request to post a file whose filename is not initially sanitized. This allows directory traversal,...

CVE-2021-45040

The Spatie media-library-pro library through 1.17.10 and 2.x through 2.1.6 for Laravel allows remote attackers to upload executable files via the uploads route...

Design/Logic Flaw

The Spatie media-library-pro library through 1.17.10 and 2.x through 2.1.6 for Laravel allows remote attackers to upload executable files via the uploads route...

CVE-2021-45040

CVE-2021-45040 affects Spatie Laravel Media Library Pro (versions up to 1.17.10 and 2.x up to 2.1.6) and allows remote attackers to upload executable files via the uploads route. Multiple connected sources corroborate an Arbitrary File Upload vulnerability that can be exploited unauthenticated, e...

CVE-2021-45040

The Spatie media-library-pro library through 1.17.10 and 2.x through 2.1.6 for Laravel allows remote attackers to upload executable files via the uploads route...