Lucene search
K

413 matches found

OSV
OSV
added 2022/12/14 6:15 p.m.4 views

CVE-2022-46255

An improper limitation of a pathname to a restricted directory vulnerability was identified in GitHub Enterprise Server that enabled remote code execution. A check was added within Pages to ensure the working directory is clean before unpacking new content to prevent an arbitrary file overwrite...

9.8CVSS6.2AI score0.01449EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2022/12/07 12:0 a.m.7 views

The vulnerability of the command-line interface (CLI) of Fortinet FortiAP-U micro-programming system allows a malicious actor to gain unauthorized access to read, modify, and delete files, as well as execute arbitrary commands.

The vulnerability of the command-line interface CLI of Fortinet FortiAP-U micro-programming system lies in incorrect restrictions on the path name to the restricted directory. Exploiting this vulnerability can allow an attacker to gain unauthorized access to read, modify, and delete files, as wel...

7.8CVSS6.9AI score0.00224EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/11/15 12:0 a.m.10 views

The vulnerability of the local disk management function of the Cisco Identity Services Engine (ISE) allows a attacker to load files into arbitrary locations within the system.

The vulnerability of the local disk management function of the Cisco Identity Services Engine ISE is related to an incorrect limitation on the path name to the restricted access directory. Exploiting this vulnerability could allow a malicious actor to upload files to arbitrary locations in the...

9CVSS7.7AI score0.00952EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2022/09/28 12:0 a.m.5 views

PT-2022-6015

Name of the Vulnerable Software and Affected Versions Cisco SD-WAN Software affected versions not specified Cisco SD-WAN vBond Orchestrator Cisco SD-WAN vEdge Cloud Routers Cisco SD-WAN vEdge Routers Cisco SD-WAN vSmart Controller Cisco SD-WAN vManage Description A flaw exists in the Command Line...

7.8CVSS7.5AI score0.12475EPSS
Exploits2References61
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/25 11:13 p.m.30 views

Security Bulletin: Lack of path restriction may allow access to sensitive data stored on Information Server Engine (CVE-2012-4818)

Abstract Security Bulletin: Lack of path restriction may allow access to sensitive data stored on Information Server Engine CVE-2012-4818 Content VULNERABILITY DETAILS: CVE ID: CVE-2012-4818 DESCRIPTION: Whenever an Information Server client application such as InfoSphere DataStage and QualitySta...

6.5CVSS0.01395EPSS
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/09/23 12:0 a.m.7 views

The vulnerability in the web interface of the commutable managed distribution power supply PDU (iBoot-PDU), which allows a attacker to write a file to the root web directory.

The vulnerability in the web interface of the commutable managed distribution power unit PDU iBoot-PDU is related to an incorrect limitation on the path name to the restricted access catalog. Exploiting this vulnerability could allow a malicious actor to write a file to the root web catalog...

10CVSS8AI score0.11626EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/08/17 12:0 a.m.8 views

The vulnerability of the Passwork password manager, related to incorrect restrictions on the path to the restricted catalog, allows a violator to upload any files into the system.

The vulnerability of the Passwork password manager is related to incorrect restrictions on the path to the restricted catalog. Exploiting this vulnerability allows a malicious actor to upload arbitrary files into the system remotely...

10CVSS7.7AI score0.01443EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/08/15 12:0 a.m.6 views

The vulnerability of the application development environment for ISaGRAF Workbench programmable logic controllers arises from incorrect restrictions on the path name to the restricted access directory. This allows attackers to escalate their privileges.

The vulnerability in the development environment for ISaGRAF Workbench programmable logic controllers is related to an incorrect limitation on the path name to the restricted access directory. Exploiting this vulnerability can allow attackers to enhance their privileges using a specially created...

7.7CVSS7.2AI score0.00267EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/08/10 12:0 a.m.10 views

The vulnerability of the Jenkins CLIF Performance Testing Plugin lies in the incorrect path limitation for the restricted access directory, allowing attackers to create or replace any files in the file system.

The vulnerability of the Jenkins CLIF Performance Testing Plugin is related to an incorrect restriction on the path to the restricted directory. Exploiting this vulnerability allows a malicious actor to create or replace any files in the file system remotely...

6.8CVSS6.5AI score0.00674EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/08/10 12:0 a.m.7 views

The vulnerability of the Jenkins Deployer Framework Plugin involves incorrect path name restrictions for restricted directories, allowing attackers to load arbitrary files.

The vulnerability of the Jenkins Deployer Framework Plugin is related to an incorrect limitation on the path to the restricted directory. Exploiting this vulnerability allows a malicious actor to download arbitrary files remotely...

9CVSS7.7AI score0.01453EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/07/29 12:0 a.m.8 views

The vulnerability of the Illumina Local Run Manager software exists due to an incorrect limitation on the path to the restricted access directory. This allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the Illumina Local Run Manager software exists due to an incorrect limitation on the path to the restricted access directory. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility of the protected information...

10CVSS8AI score0.01506EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2022/07/27 3:15 p.m.34 views

CVE-2022-36889

Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the application path of the applications when configuring a deployment, allowing attackers with Item/Configure permission to upload arbitrary files from the Jenkins controller file system to the selected service...

8.8CVSS0.01453EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/07/27 12:0 a.m.5 views

PT-2022-4017 · Jenkins · Jenkins Deployer Framework Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Deployer Framework Plugin versions 85.v1d1888e8c021 and earlier Description: The issue is related to the incorrect restriction of the application path when configuring a deployment, allowing attackers with Item/Configure permission to...

9CVSS8.4AI score0.01453EPSS
Exploits0References8
BDU FSTEC
BDU FSTEC
added 2022/07/20 12:0 a.m.7 views

The vulnerability in the ASoft CRM system for managing customer relationships exists due to an incorrect limitation on the path name to the restricted catalog. This allows a malicious actor to read any file they desire.

The vulnerability of the ASoft CRM system for managing customer relationships exists due to an incorrect limitation on the path name to the restricted catalog. Exploiting this vulnerability allows a malicious actor to read arbitrary files...

7.8CVSS5.6AI score
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/07/13 12:0 a.m.8 views

The vulnerability of the OpenSSL library in the TYCHON network endpoint management tool allows a hacker to execute arbitrary code with SYSTEM privileges.

The vulnerability of the OpenSSL library used by the TYCHON network endpoint management tool is related to an incorrect restriction on the path name to the restricted access directory. Exploiting this vulnerability allows a attacker to execute arbitrary code with SYSTEM privileges using a special...

7.8CVSS8.5AI score0.00764EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/07/11 12:0 a.m.10 views

The software for configuring, testing, and deploying Schneider Electric EcoStruxure Power Commission is vulnerable due to incorrect restrictions on the path to the restricted access catalog. This allows attackers to create or overwrite critical files and execute arbitrary code.

The vulnerability of the software used for configuring, testing, and deploying Schneider Electric EcoStruxure Power Commission involves incorrect restrictions on the path name to the restricted access catalog. Exploiting this vulnerability could allow a malicious actor to create or re-record...

7.8CVSS8.1AI score0.00776EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/07/11 12:0 a.m.9 views

The vulnerability in the web interfaces of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME), as well as Cisco Unified Communications Manager IM & Presence Service, the integrated messaging system Cisco Unity Connection, allows a attacker to perform XSS attacks.

The vulnerability in the web interfaces of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition SME, as well as Cisco Unified Communications Manager IM & Presence Service, and the integrated messaging system Cisco Unity Connection, exists due to...

6.4CVSS6.2AI score0.00714EPSS
Exploits0References2Affected Software3
BDU FSTEC
BDU FSTEC
added 2022/07/11 12:0 a.m.14 views

The software for configuring, testing, and deploying Schneider Electric EcoStruxure Power Commission is vulnerable due to incorrect restrictions on the path to the restricted access catalog. This allows attackers to create or overwrite critical files and execute arbitrary code.

The vulnerability of the software used for configuring, testing, and deploying Schneider Electric EcoStruxure Power Commission involves incorrect restrictions on the path name to the restricted access catalog. Exploiting this vulnerability could allow a malicious actor to create or re-record...

7.8CVSS8.1AI score0.00782EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/06/29 12:0 a.m.5 views

The vulnerability of the HTTP File Server (+WebDAV) file server for operating systems based on Android allows a hacker to gain access to read, modify, or delete files.

The vulnerability of the HTTP File Server +WebDAV file server for Android operating systems is related to incorrect path name restrictions for restricted access directories. Exploiting this vulnerability can allow an attacker to gain read, modify, or delete file access rights...

8.5CVSS7.5AI score0.01148EPSS
Exploits1References6Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/06/08 12:0 a.m.8 views

The vulnerability of HID Mercury programmable logic controllers’ microprogramming software lies in the improper limitation of the path name to the restricted access directory. This allows a malicious actor to load any file into any directory of the file system.

The vulnerability of HID Mercury programmable logic controllers’ microprogramming software is related to an incorrect limitation on the path name to the restricted access directory. Exploiting this vulnerability allows a malicious actor to download any file into any directory of the file system b...

9.1CVSS7.8AI score0.01627EPSS
Exploits0References7Affected Software9
Rows per page
Query Builder