Lucene search
+L

324 matches found

bdu_fstec
bdu_fstec
added 2024/03/27 12:0 a.m.6 views

The vulnerability of the phpMyFAQ web application, related to the unlimited download of dangerous types of files, allows a hacker to execute arbitrary code.

The vulnerability of the phpMyFAQ web application is related to the unlimited loading of dangerous files. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using specially created .php files...

8.3CVSS6.6AI score0.01476EPSS
Exploits1References4Affected Software1
bdu_fstec
bdu_fstec
added 2024/03/18 12:0 a.m.7 views

The vulnerability of the software file loading function of the Cisco AppDynamics Controller allows a perpetrator to gain access to protected information.

The vulnerability of the software file loading function of the Cisco AppDynamics Controller is related to deficiencies in path name checking for the directory. Exploiting this vulnerability could allow an attacker operating remotely to gain access to protected information...

6.8CVSS6.6AI score0.02155EPSS
Exploits0References2Affected Software1
osv
osv
added 2024/03/06 11:12 a.m.17 views

BIT-MOODLE-2020-14322

In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, yuicombo needed to limit the amount of files it can load to help mitigate the risk of denial of service...

7.5CVSS7.5AI score0.00804EPSS
Exploits0References2
bdu_fstec
bdu_fstec
added 2024/03/05 12:0 a.m.12 views

The vulnerability of the application software interface for backup/restore services provided by the Apache Solr search server allows a hacker to execute arbitrary code within the system.

The vulnerability of the application programming interface for backup/restore services provided by the Apache Solr search server lies in the lack of restrictions on the loading of files. Exploiting this vulnerability allows a malicious actor to execute arbitrary code within the system remotely...

9CVSS7.8AI score0.8384EPSS
Exploits4References3Affected Software1
bdu_fstec
bdu_fstec
added 2024/03/05 12:0 a.m.16 views

The vulnerability of the Apache InLong data integration platform lies in its reliance on files and directories accessible from external parties, allowing attackers to execute arbitrary code.

The vulnerability of the Apache InLong data integration platform lies in the use of files and directories accessible to external parties due to incorrect restrictions on the path to the restricted directory during file loading. Exploiting this vulnerability allows a malicious actor to execute...

7.8CVSS7.6AI score0.01247EPSS
Exploits0References3Affected Software1
bdu_fstec
bdu_fstec
added 2024/03/04 12:0 a.m.7 views

The vulnerability of the SCP utility for access control and remote authentication, as well as software such as BIG-IP Advanced Firewall Manager, BIG-IP Advanced Web Application Firewall, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security Manager, BIG-IP Application Visibility and Reporting (AVR), BIG-IP Camer-Grade NAT (CGNAT), BIG-IP DDos Hybrid Defender, BIG-IP Domain Name System, BIG-IP Edge Gateway, BIG-IP Fraud Protection Service, BIG-IP Global Traffic Manager, BIG-IP Link Controller, BIG-IP Local Traffic Manager, BIG-IP Policy Inforcement Manager, BIG-IP SSL Orchestrator, BIG-IP Webaccelerator, and BIG-IP WebSafe—is related to unlimited resource distribution. This allows attackers to execute arbitrary commands.

The vulnerability of the SCP utility for access control and remote authentication, as well as software such as BIG-IP Advanced Firewall Manager, BIG-IP Advanced Web Application Firewall, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security Manager, BIG-IP...

6.7CVSS7AI score0.00178EPSS
Exploits0References3Affected Software20
bdu_fstec
bdu_fstec
added 2024/02/29 12:0 a.m.12 views

The vulnerability of the File Transfer Protocol (FTP) implementation in the microprogrammed networking devices of ZyXEL USG FLEX, USG FLEX 50(W)/USG20(W)-VPN, USG FLEX H, and ATP allows a perpetrator to execute arbitrary commands.

The vulnerability of the File Transfer Protocol FTP implementation in microprogrammed network devices such as ZyXEL USG FLEX, USG FLEX 50W/USG20W-VPN, USG FLEX H, and ATP lies in the lack of measures to neutralize special elements used in operating system commands during the loading of binary...

8.3CVSS7.5AI score0.01333EPSS
Exploits0References3
bdu_fstec
bdu_fstec
added 2024/02/26 12:0 a.m.8 views

The vulnerability of the core.mediamanager component in the SCHLIX CMS content management system allows a hacker to execute arbitrary code.

The vulnerability of the core.mediamanager component in the SCHLIX CMS content management system is related to the unlimited loading of dangerous files. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

8.3CVSS7.5AI score0.01158EPSS
Exploits1References3Affected Software1
bdu_fstec
bdu_fstec
added 2024/02/20 12:0 a.m.12 views

The vulnerability of the microprogrammed control units Saho ADM100 and ADM-100FP lies in the possibility of unlimited loading of dangerous files, allowing a intruder to execute arbitrary commands.

The vulnerability of the microprogrammed control units Saho ADM100 and ADM-100FP lies in the ability to download files of a malicious nature without limitation. Exploiting this vulnerability allows an attacker to execute arbitrary commands remotely by introducing specially crafted files...

10CVSS8.1AI score0.00771EPSS
Exploits0References2Affected Software1
bdu_fstec
bdu_fstec
added 2024/02/20 12:0 a.m.12 views

The vulnerability of the file loading function of the corporate cloud storage system HGiga OAKlouds allows a attacker to execute arbitrary code.

The vulnerability of the file loading function of the corporate cloud storage system HGiga OAKlouds relates to the unlimited loading of dangerous types of files. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code by sending a specially crafted file...

10CVSS8.2AI score0.00942EPSS
Exploits0References2Affected Software1
bdu_fstec
bdu_fstec
added 2024/01/24 12:0 a.m.6 views

The vulnerability of the file loading component of the Oracle Web Applications Desktop Integrator software allows a attacker to compromise the confidentiality and integrity of the protected information.

The vulnerability of the file loading component of the Oracle Web Applications Desktop Integrator software relates to insufficient validation of input data. Exploiting this vulnerability allows an attacker to compromise the confidentiality and integrity of protected information through the use of...

6.4CVSS6.8AI score0.00327EPSS
Exploits0References4Affected Software1
bdu_fstec
bdu_fstec
added 2024/01/24 12:0 a.m.8 views

The vulnerability of PMB electronic document management software lies in its ability to download files of a malicious nature without limitation. This allows attackers to execute arbitrary code and increase their privileges.

The vulnerability of PMB electronic document management software is related to the unlimited loading of dangerous types of files. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely and increase their privileges through a specially created PHP file...

9CVSS7.5AI score0.21034EPSS
Exploits1References2Affected Software1
nessus
nessus
added 2024/01/16 12:0 a.m.27 views

EulerOS Virtualization 3.0.6.0 : php (EulerOS-SA-2023-3445)

According to the versions of the php packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In PHP versions 8.0. before 8.0.29, 8.1. before 8.1.20, 8.2. before 8.2.7 when using SOAP HTTP Digest Authentication, random value...

9.8CVSS7.7AI score0.08003EPSS
Exploits3References3
bdu_fstec
bdu_fstec
added 2024/01/12 12:0 a.m.8 views

The vulnerability of the BMP Logo Handler component in the BIOS AMI AptioV configuration tool allows a hacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the BMP Logo Handler component in the BIOS AMI AptioV setup tool involves the unlimited loading of dangerous files. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

7.8CVSS7.2AI score0.00623EPSS
Exploits0References4
bdu_fstec
bdu_fstec
added 2023/12/21 12:0 a.m.7 views

The vulnerability of the Custom Includes module in the Nagios XI monitoring tool allows a hacker to execute arbitrary code and gain unauthorized access to protected information.

The vulnerability of the Custom Includes module in Nagios XI is related to the unlimited loading of files of a dangerous type. Exploiting this vulnerability allows a malicious actor to execute arbitrary code and gain unauthorized access to protected information...

8.2CVSS6AI score
Exploits1References3Affected Software1
bdu_fstec
bdu_fstec
added 2023/12/11 12:0 a.m.8 views

The vulnerability of the ACEManager component in the ALEOS operating system of Sierra Wireless’ wireless routers—MP70, RV50x, RV55, LX40, LX60 ES450, GX450—allows a hacker to execute arbitrary scripts and trigger a system reboot.

The vulnerability of the ACEManager component in the ALEOS operating system of Sierra Wireless’ wireless routers—MP70, RV50x, RV55, LX40, LX60 ES450, GX450—is related to the ability to load files of a malicious nature without limitation. Exploiting this vulnerability allows an attacker to execute...

7.5CVSS6.2AI score0.00482EPSS
Exploits0References4Affected Software1
bdu_fstec
bdu_fstec
added 2023/12/11 12:0 a.m.7 views

The vulnerability of the Apache Struts software platform, related to the use of files and directories accessible from external parties, allows a hacker to execute arbitrary code.

The vulnerability of the Apache Struts software platform is related to the use of files and directories accessible from external parties due to incorrect restrictions on the path to the restricted directory during file loading. Exploiting this vulnerability allows a remote attacker to execute...

10CVSS8.4AI score0.80819EPSS
Exploits15References5Affected Software1
bdu_fstec
bdu_fstec
added 2023/11/30 12:0 a.m.6 views

The vulnerability of the file loading function of Cisco Firepower Management Center (FMC) software allows a hacker to load any desired files.

The vulnerability of the file loading function of Cisco Firepower Management Center FMC software lies in insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to load any desired files...

6.5CVSS6.5AI score0.00505EPSS
Exploits0References4Affected Software1
bdu_fstec
bdu_fstec
added 2023/11/27 12:0 a.m.5 views

The vulnerability in the web interface of the Cisco Identity Services Engine (ISE) management platform allows a perpetrator to load arbitrary files.

The vulnerability in the web interface of the Cisco Identity Services Engine ISE management platform relates to the unlimited loading of dangerous files. Exploiting this vulnerability allows a malicious actor to load any desired files...

6CVSS7.1AI score0.0057EPSS
Exploits0References3Affected Software1
osv
osv
added 2023/11/22 1:15 a.m.26 views

CVE-2021-22151

It was discovered that Kibana was not validating a user supplied path, which would load .pbf files. Because of this, a malicious user could arbitrarily traverse the Kibana host to load internal files ending in the .pbf extension...

4.3CVSS6.7AI score
Exploits0References2
Rows per page
Query Builder