20 matches found
CVE-2026-21422
Dell PowerScale OneFS, versions 9.10.0.0 through 9.10.1.5 and versions 9.11.0.0 through 9.12.0.1, contains an external control of system or configuration setting vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to protection mechani...
PT-2026-22909
Dell PowerScale OneFS, versions 9.10.0.0 through 9.10.1.5 and versions 9.11.0.0 through 9.12.0.1, contains an external control of system or configuration setting vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to protection mechani...
CVE-2019-7194
This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP recommend updating Photo Station to their latest versions...
EUVD-2019-13316
Malware in sbrugna...
EUVD-2018-1924
Malware in sbrugna...
EUVD-2025-25498
Malicious code in bioql PyPI...
EUVD-2024-32782
Malicious code in bioql PyPI...
EUVD-2023-39020
Malicious code in bioql PyPI...
EUVD-2023-0816
Malicious code in bioql PyPI...
Microsoft Windows External Control of File Name or Path Vulnerability
Microsoft Windows contains an external control of file name or path vulnerability that could allow an attacker to execute code from a remote WebDAV location specified by the WorkingDirectory attribute of Internet Shortcut files...
CVE-2024-10210 Path traversal in APROL Web Portal
An External Control of File Name or Path vulnerability in the APROL Web Portal used in B&R APROL 4.4-005P may allow an authenticated network-based attacker to access data from the file system...
CVE-2023-40721
A use of externally-controlled format string vulnerability CWE-134 vulnerability in Fortinet allows a privileged attacker to execute arbitrary code or commands via specially crafted requests...
Siemens RUGGEDCOM CROSSBOW File Name or Path External Control Vulnerability (CNVD-2024-27530)
Siemens RUGGEDCOM CROSSBOW is a proven secure access management solution from Siemens, Germany. Siemens RUGGEDCOM CROSSBOW suffers from a File Name or Path External Control vulnerability due to an affected system allowing a privileged user to upload generic files to the root installation director...
Siemens RUGGEDCOM CROSSBOW File Name or Path External Control Vulnerability
Siemens RUGGEDCOM CROSSBOW is a proven secure access management solution from Siemens, Germany. Siemens RUGGEDCOM CROSSBOW suffers from a filename or path external control vulnerability due to a bulk import feature on the affected system that allows a privileged user to upload files to the root...
CVE-2024-31492
An external control of file name or path vulnerability CWE-73 in FortiClientMac version 7.2.3 and below, version 7.0.10 and below installer may allow a local attacker to execute arbitrary code or commands via writing a malicious configuration file in /tmp before starting the installation process...
Xxe
This external control vulnerability, if exploited, could allow a local OS-authenticated user with standard privileges to delete files with System privilege on the machine where these products are installed, resulting in denial of service...
CVE-2023-34982
CVE-2023-34982 affects AVEVA Operations Control Logger (external control of file name or path). A local OS-authenticated user with standard privileges could delete files with System privileges, leading to denial of service. The CVE is discussed across multiple sources (NVD entry and AVEVA/ICS adv...
icms security breach
iCMS is a software application. An efficient and simple content management system built with PHP and MySQL. A security vulnerability exists in icms version 2.16.1-git, which is caused by an External Control of System or Configuration Setting vulnerability...
Xxe
An external control of filename vulnerability in the SD WAN component of Palo Alto Networks PAN-OS Panorama allows an authenticated administrator to send a request that results in the creation and write of an arbitrary file on all firewalls managed by the Panorama. In some cases this results in...
Multiple Advantech Product File Name or Path External Control Vulnerabilities
Advantech WebAccess is an Advantech product. Advantech WebAccess is a browser-based HMI/SCADA software that supports dynamic graphical display and real-time data control, and provides remote control and management of automation devices. The software supports dynamic graphical display and real-tim...