Lucene search
+L

324 matches found

BDU FSTEC
BDU FSTEC
added 2023/05/30 12:0 a.m.21 views

The vulnerability of the built-in software of the ARIS controller lies in the ability to load files of a harmful type without limitation, allowing a perpetrator to execute arbitrary code or cause a service failure.

The vulnerability of the built-in software of the ARIS controller is related to the unlimited loading of dangerous files. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause service failures...

9CVSS6AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2023/05/29 12:0 a.m.8 views

The vulnerability of the interactive graphical SCADA system, Interactive Graphical SCADA System (IGSS), arises from the possibility of unlimited loading of dangerous files, allowing a intruder to execute arbitrary code.

The vulnerability of the interactive graphical SCADA system, Interactive Graphical SCADA System IGSS, lies in its ability to load files of a dangerous type without limitation. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

10CVSS8.1AI score0.01943EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2023/05/17 9:15 a.m.36 views

CVE-2023-2745

WordPress Core is vulnerable to Directory Traversal in versions up to, and including, 6.2, via the ‘wplang’ parameter. This allows unauthenticated attackers to access and load arbitrary translation files. In cases where an attacker is able to upload a crafted translation file onto the site, such ...

6.1CVSS5.5AI score0.79527EPSS
Exploits7References7
BDU FSTEC
BDU FSTEC
added 2023/04/04 12:0 a.m.8 views

The vulnerability of the file loading function of the Cisco Webex App, which allows a attacker to carry out cross-site scripting attacks

The vulnerability of the file loading function of the Cisco Webex App exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out a cross-site scripting attack remotely...

6.4CVSS5.9AI score0.00481EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:19 a.m.5 views

SUSE CVE-2005-0141

Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to load local files via links "with a custom getter and toString method" that are middle-clicked by the user to be opened in a new tab...

2.6CVSS6.6AI score0.01199EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:14 a.m.5 views

SUSE CVE-2006-3812

Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to reference remote files and possibly load chrome: URLs by tricking the user into copying or dragging links...

2.6CVSS8.8AI score0.03093EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2023/01/25 12:0 a.m.12 views

The vulnerability of the MSO protocol implementation in the GE Proficy Historian industrial data management platform allows a perpetrator to gain access to read, modify, or delete files.

The vulnerability of the MSO protocol implementation in the GE Proficy Historian industrial data management platform is related to the unlimited loading of dangerous files. Exploiting this vulnerability could allow a malicious actor to gain read, modify, or delete access to files by executing the...

7.8CVSS6.6AI score0.00556EPSS
Exploits0References7Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/01/05 12:0 a.m.11 views

The vulnerability of the packet handler in the centralized video surveillance equipment management system of Dahua DSS Professional and DSS Express, as well as the DHI-DSS4004-S2/DHI-DSS7016D-S2/DHI-DSS7016DR-S2 video surveillance management servers, allows a intruder to load arbitrary files into the system.

The vulnerability of the packet handler in the centralized video surveillance equipment management system of Dahua DSS Professional and DSS Express, as well as the DHI-DSS4004-S2/DHI-DSS7016D-S2/DHI-DSS7016DR-S2 video surveillance management servers, is related to the ability to load unlimited...

8.7CVSS7.1AI score0.007EPSS
Exploits0References3Affected Software5
Cvelist
Cvelist
added 2022/12/22 12:0 a.m.30 views

CVE-2022-0517

Mozilla VPN can load an OpenSSL configuration file from an unsecured directory. A user or attacker with limited privileges could leverage this to launch arbitrary code with SYSTEM privilege. This vulnerability affects Mozilla VPN 2.7.1...

7.8AI score0.00185EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2022/12/22 12:0 a.m.11 views

The vulnerability of the APC Easy UPS Online Monitoring Software lies in its ability to allow the loading of arbitrary files, which enables a intruder to execute arbitrary code.

The vulnerability of the APC Easy UPS Online Monitoring Software relates to the ability to load any arbitrary file. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by loading any JSP file remotely...

10CVSS8.2AI score0.01071EPSS
Exploits0References4Affected Software2
AlpineLinux
AlpineLinux
added 2022/11/23 9:15 p.m.34 views

CVE-2022-44789

A logical issue in OgetOwnPropertyDescriptor in Artifex MuJS 1.0.0 through 1.3.x before 1.3.2 allows an attacker to achieve Remote Code Execution through memory corruption, via the loading of a crafted JavaScript file...

8.8CVSS5.8AI score0.02248EPSS
Exploits1
Veracode
Veracode
added 2022/08/17 5:30 a.m.37 views

Denial Of Service (DoS)

moodle/moodle is vulnerable to denial of service. The vulnerability exists because the yuicombo.php does not properly limit the path length, allowing an attacker to crash the application by loading a large number of files...

7.5CVSS7AI score0.00804EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2022/08/16 9:15 p.m.26 views

CVE-2020-14322

In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, yuicombo needed to limit the amount of files it can load to help mitigate the risk of denial of service...

7.5CVSS6.8AI score
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2022/08/10 12:0 a.m.8 views

The vulnerability of the Jenkins Deployer Framework Plugin involves incorrect path name restrictions for restricted directories, allowing attackers to load arbitrary files.

The vulnerability of the Jenkins Deployer Framework Plugin is related to an incorrect limitation on the path to the restricted directory. Exploiting this vulnerability allows a malicious actor to download arbitrary files remotely...

9CVSS7.7AI score0.01453EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/07/29 11:34 a.m.7 views

SUSE-SU-2022:2592-1 Security update for rubygem-tzinfo

This update for rubygem-tzinfo fixes the following issues: - CVE-2022-31163: Fixed relative path traversal vulnerability that allows TZInfo::Timezone.get to load arbitrary files bsc1201835...

8.1CVSS8AI score0.01786EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2022/07/22 4:15 a.m.3 views

CVE-2022-31163

TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using time zone rules. Versions prior to 0.36.1, as well as those prior to 1.2.10 when used with the Ruby data source tzinfo-data, are vulnerable to relative path traversal. With the Ruby data source,...

8.1CVSS6.8AI score0.01786EPSS
Exploits1References8Affected Software1
OSV
OSV
added 2022/07/22 4:15 a.m.15 views

UBUNTU-CVE-2022-31163

TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using time zone rules. Versions prior to 0.36.1, as well as those prior to 1.2.10 when used with the Ruby data source tzinfo-data, are vulnerable to relative path traversal. With the Ruby data source,...

8.1CVSS6.8AI score0.01786EPSS
Exploits1References6
BDU FSTEC
BDU FSTEC
added 2022/07/22 12:0 a.m.11 views

The vulnerability of the file loading mechanism of the CivetWeb web server, related to errors in processing the relative path to the directory, allows a hacker to execute arbitrary code.

The vulnerability of the file loading mechanism of the CivetWeb web server is related to errors in processing the relative path to the directory. Exploiting this vulnerability allows a malicious actor, operating remotely, to execute arbitrary code by sending a specially crafted HTTP request...

10CVSS7.4AI score0.03138EPSS
Exploits1References7Affected Software3
Vulnrichment
Vulnrichment
added 2022/07/21 1:30 p.m.18 views

CVE-2022-31163 TZInfo relative path traversal vulnerability allows loading of arbitrary files

TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using time zone rules. Versions prior to 0.36.1, as well as those prior to 1.2.10 when used with the Ruby data source tzinfo-data, are vulnerable to relative path traversal. With the Ruby data source,...

7.5CVSS6.8AI score0.01786EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2022/07/21 12:0 a.m.6 views

PT-2022-20578 · Tzinfo +3 · Tzinfo +3

Name of the Vulnerable Software and Affected Versions: TZInfo versions prior to 0.3.61 TZInfo versions 1.0.0 to 1.2.9 when used with the Ruby data source TZInfo version 0.3.60 and earlier Description: The issue is related to relative path traversal in the TZInfo Ruby library, which provides acces...

8.1CVSS6.6AI score0.01786EPSS
Exploits1References39
Rows per page
Query Builder