413 matches found
CVE-2022-46255
An improper limitation of a pathname to a restricted directory vulnerability was identified in GitHub Enterprise Server that enabled remote code execution. A check was added within Pages to ensure the working directory is clean before unpacking new content to prevent an arbitrary file overwrite...
The vulnerability of the command-line interface (CLI) of Fortinet FortiAP-U micro-programming system allows a malicious actor to gain unauthorized access to read, modify, and delete files, as well as execute arbitrary commands.
The vulnerability of the command-line interface CLI of Fortinet FortiAP-U micro-programming system lies in incorrect restrictions on the path name to the restricted directory. Exploiting this vulnerability can allow an attacker to gain unauthorized access to read, modify, and delete files, as wel...
The vulnerability of the local disk management function of the Cisco Identity Services Engine (ISE) allows a attacker to load files into arbitrary locations within the system.
The vulnerability of the local disk management function of the Cisco Identity Services Engine ISE is related to an incorrect limitation on the path name to the restricted access directory. Exploiting this vulnerability could allow a malicious actor to upload files to arbitrary locations in the...
PT-2022-6015
Name of the Vulnerable Software and Affected Versions Cisco SD-WAN Software affected versions not specified Cisco SD-WAN vBond Orchestrator Cisco SD-WAN vEdge Cloud Routers Cisco SD-WAN vEdge Routers Cisco SD-WAN vSmart Controller Cisco SD-WAN vManage Description A flaw exists in the Command Line...
Security Bulletin: Lack of path restriction may allow access to sensitive data stored on Information Server Engine (CVE-2012-4818)
Abstract Security Bulletin: Lack of path restriction may allow access to sensitive data stored on Information Server Engine CVE-2012-4818 Content VULNERABILITY DETAILS: CVE ID: CVE-2012-4818 DESCRIPTION: Whenever an Information Server client application such as InfoSphere DataStage and QualitySta...
The vulnerability in the web interface of the commutable managed distribution power supply PDU (iBoot-PDU), which allows a attacker to write a file to the root web directory.
The vulnerability in the web interface of the commutable managed distribution power unit PDU iBoot-PDU is related to an incorrect limitation on the path name to the restricted access catalog. Exploiting this vulnerability could allow a malicious actor to write a file to the root web catalog...
The vulnerability of the Passwork password manager, related to incorrect restrictions on the path to the restricted catalog, allows a violator to upload any files into the system.
The vulnerability of the Passwork password manager is related to incorrect restrictions on the path to the restricted catalog. Exploiting this vulnerability allows a malicious actor to upload arbitrary files into the system remotely...
The vulnerability of the application development environment for ISaGRAF Workbench programmable logic controllers arises from incorrect restrictions on the path name to the restricted access directory. This allows attackers to escalate their privileges.
The vulnerability in the development environment for ISaGRAF Workbench programmable logic controllers is related to an incorrect limitation on the path name to the restricted access directory. Exploiting this vulnerability can allow attackers to enhance their privileges using a specially created...
The vulnerability of the Jenkins CLIF Performance Testing Plugin lies in the incorrect path limitation for the restricted access directory, allowing attackers to create or replace any files in the file system.
The vulnerability of the Jenkins CLIF Performance Testing Plugin is related to an incorrect restriction on the path to the restricted directory. Exploiting this vulnerability allows a malicious actor to create or replace any files in the file system remotely...
The vulnerability of the Jenkins Deployer Framework Plugin involves incorrect path name restrictions for restricted directories, allowing attackers to load arbitrary files.
The vulnerability of the Jenkins Deployer Framework Plugin is related to an incorrect limitation on the path to the restricted directory. Exploiting this vulnerability allows a malicious actor to download arbitrary files remotely...
The vulnerability of the Illumina Local Run Manager software exists due to an incorrect limitation on the path to the restricted access directory. This allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the Illumina Local Run Manager software exists due to an incorrect limitation on the path to the restricted access directory. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility of the protected information...
CVE-2022-36889
Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the application path of the applications when configuring a deployment, allowing attackers with Item/Configure permission to upload arbitrary files from the Jenkins controller file system to the selected service...
PT-2022-4017 · Jenkins · Jenkins Deployer Framework Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Deployer Framework Plugin versions 85.v1d1888e8c021 and earlier Description: The issue is related to the incorrect restriction of the application path when configuring a deployment, allowing attackers with Item/Configure permission to...
The vulnerability in the ASoft CRM system for managing customer relationships exists due to an incorrect limitation on the path name to the restricted catalog. This allows a malicious actor to read any file they desire.
The vulnerability of the ASoft CRM system for managing customer relationships exists due to an incorrect limitation on the path name to the restricted catalog. Exploiting this vulnerability allows a malicious actor to read arbitrary files...
The vulnerability of the OpenSSL library in the TYCHON network endpoint management tool allows a hacker to execute arbitrary code with SYSTEM privileges.
The vulnerability of the OpenSSL library used by the TYCHON network endpoint management tool is related to an incorrect restriction on the path name to the restricted access directory. Exploiting this vulnerability allows a attacker to execute arbitrary code with SYSTEM privileges using a special...
The software for configuring, testing, and deploying Schneider Electric EcoStruxure Power Commission is vulnerable due to incorrect restrictions on the path to the restricted access catalog. This allows attackers to create or overwrite critical files and execute arbitrary code.
The vulnerability of the software used for configuring, testing, and deploying Schneider Electric EcoStruxure Power Commission involves incorrect restrictions on the path name to the restricted access catalog. Exploiting this vulnerability could allow a malicious actor to create or re-record...
The vulnerability in the web interfaces of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME), as well as Cisco Unified Communications Manager IM & Presence Service, the integrated messaging system Cisco Unity Connection, allows a attacker to perform XSS attacks.
The vulnerability in the web interfaces of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition SME, as well as Cisco Unified Communications Manager IM & Presence Service, and the integrated messaging system Cisco Unity Connection, exists due to...
The software for configuring, testing, and deploying Schneider Electric EcoStruxure Power Commission is vulnerable due to incorrect restrictions on the path to the restricted access catalog. This allows attackers to create or overwrite critical files and execute arbitrary code.
The vulnerability of the software used for configuring, testing, and deploying Schneider Electric EcoStruxure Power Commission involves incorrect restrictions on the path name to the restricted access catalog. Exploiting this vulnerability could allow a malicious actor to create or re-record...
The vulnerability of the HTTP File Server (+WebDAV) file server for operating systems based on Android allows a hacker to gain access to read, modify, or delete files.
The vulnerability of the HTTP File Server +WebDAV file server for Android operating systems is related to incorrect path name restrictions for restricted access directories. Exploiting this vulnerability can allow an attacker to gain read, modify, or delete file access rights...
The vulnerability of HID Mercury programmable logic controllers’ microprogramming software lies in the improper limitation of the path name to the restricted access directory. This allows a malicious actor to load any file into any directory of the file system.
The vulnerability of HID Mercury programmable logic controllers’ microprogramming software is related to an incorrect limitation on the path name to the restricted access directory. Exploiting this vulnerability allows a malicious actor to download any file into any directory of the file system b...