324 matches found
The vulnerability of the built-in software of the ARIS controller lies in the ability to load files of a harmful type without limitation, allowing a perpetrator to execute arbitrary code or cause a service failure.
The vulnerability of the built-in software of the ARIS controller is related to the unlimited loading of dangerous files. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause service failures...
The vulnerability of the interactive graphical SCADA system, Interactive Graphical SCADA System (IGSS), arises from the possibility of unlimited loading of dangerous files, allowing a intruder to execute arbitrary code.
The vulnerability of the interactive graphical SCADA system, Interactive Graphical SCADA System IGSS, lies in its ability to load files of a dangerous type without limitation. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...
CVE-2023-2745
WordPress Core is vulnerable to Directory Traversal in versions up to, and including, 6.2, via the ‘wplang’ parameter. This allows unauthenticated attackers to access and load arbitrary translation files. In cases where an attacker is able to upload a crafted translation file onto the site, such ...
The vulnerability of the file loading function of the Cisco Webex App, which allows a attacker to carry out cross-site scripting attacks
The vulnerability of the file loading function of the Cisco Webex App exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out a cross-site scripting attack remotely...
SUSE CVE-2005-0141
Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to load local files via links "with a custom getter and toString method" that are middle-clicked by the user to be opened in a new tab...
SUSE CVE-2006-3812
Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to reference remote files and possibly load chrome: URLs by tricking the user into copying or dragging links...
The vulnerability of the MSO protocol implementation in the GE Proficy Historian industrial data management platform allows a perpetrator to gain access to read, modify, or delete files.
The vulnerability of the MSO protocol implementation in the GE Proficy Historian industrial data management platform is related to the unlimited loading of dangerous files. Exploiting this vulnerability could allow a malicious actor to gain read, modify, or delete access to files by executing the...
The vulnerability of the packet handler in the centralized video surveillance equipment management system of Dahua DSS Professional and DSS Express, as well as the DHI-DSS4004-S2/DHI-DSS7016D-S2/DHI-DSS7016DR-S2 video surveillance management servers, allows a intruder to load arbitrary files into the system.
The vulnerability of the packet handler in the centralized video surveillance equipment management system of Dahua DSS Professional and DSS Express, as well as the DHI-DSS4004-S2/DHI-DSS7016D-S2/DHI-DSS7016DR-S2 video surveillance management servers, is related to the ability to load unlimited...
CVE-2022-0517
Mozilla VPN can load an OpenSSL configuration file from an unsecured directory. A user or attacker with limited privileges could leverage this to launch arbitrary code with SYSTEM privilege. This vulnerability affects Mozilla VPN 2.7.1...
The vulnerability of the APC Easy UPS Online Monitoring Software lies in its ability to allow the loading of arbitrary files, which enables a intruder to execute arbitrary code.
The vulnerability of the APC Easy UPS Online Monitoring Software relates to the ability to load any arbitrary file. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by loading any JSP file remotely...
CVE-2022-44789
A logical issue in OgetOwnPropertyDescriptor in Artifex MuJS 1.0.0 through 1.3.x before 1.3.2 allows an attacker to achieve Remote Code Execution through memory corruption, via the loading of a crafted JavaScript file...
Denial Of Service (DoS)
moodle/moodle is vulnerable to denial of service. The vulnerability exists because the yuicombo.php does not properly limit the path length, allowing an attacker to crash the application by loading a large number of files...
CVE-2020-14322
In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, yuicombo needed to limit the amount of files it can load to help mitigate the risk of denial of service...
The vulnerability of the Jenkins Deployer Framework Plugin involves incorrect path name restrictions for restricted directories, allowing attackers to load arbitrary files.
The vulnerability of the Jenkins Deployer Framework Plugin is related to an incorrect limitation on the path to the restricted directory. Exploiting this vulnerability allows a malicious actor to download arbitrary files remotely...
SUSE-SU-2022:2592-1 Security update for rubygem-tzinfo
This update for rubygem-tzinfo fixes the following issues: - CVE-2022-31163: Fixed relative path traversal vulnerability that allows TZInfo::Timezone.get to load arbitrary files bsc1201835...
CVE-2022-31163
TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using time zone rules. Versions prior to 0.36.1, as well as those prior to 1.2.10 when used with the Ruby data source tzinfo-data, are vulnerable to relative path traversal. With the Ruby data source,...
UBUNTU-CVE-2022-31163
TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using time zone rules. Versions prior to 0.36.1, as well as those prior to 1.2.10 when used with the Ruby data source tzinfo-data, are vulnerable to relative path traversal. With the Ruby data source,...
The vulnerability of the file loading mechanism of the CivetWeb web server, related to errors in processing the relative path to the directory, allows a hacker to execute arbitrary code.
The vulnerability of the file loading mechanism of the CivetWeb web server is related to errors in processing the relative path to the directory. Exploiting this vulnerability allows a malicious actor, operating remotely, to execute arbitrary code by sending a specially crafted HTTP request...
CVE-2022-31163 TZInfo relative path traversal vulnerability allows loading of arbitrary files
TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using time zone rules. Versions prior to 0.36.1, as well as those prior to 1.2.10 when used with the Ruby data source tzinfo-data, are vulnerable to relative path traversal. With the Ruby data source,...
PT-2022-20578 · Tzinfo +3 · Tzinfo +3
Name of the Vulnerable Software and Affected Versions: TZInfo versions prior to 0.3.61 TZInfo versions 1.0.0 to 1.2.9 when used with the Ruby data source TZInfo version 0.3.60 and earlier Description: The issue is related to relative path traversal in the TZInfo Ruby library, which provides acces...