The software uses external input to construct a pathname that
is intended to identify a file or directory that is located underneath a
restricted parent directory, but the software does not properly neutralize
special elements within the pathname that can cause the pathname to resolve to a
location that is outside of the restricted directory.
The product processes an XML document that can contain XML
entities with URLs that resolve to documents outside of the intended sphere of
control, causing the product to embed incorrect documents into its
An untrusted search path vulnerability in IBM i Access for Windows versions 7.1 and earlier on Windows can allow arbitrary code execution via a Trojan horse DLL in the current working directory, related to use of the LoadLibrary function. IBM X-Force ID: 152079.
In version from 3.5.Beta1 to 3.5.3 of Eclipse Vert.x, the OpenAPI XML type validator creates XML parsers without taking appropriate defense against XML attacks. This mechanism is exclusively when the developer uses the Eclipse Vert.x OpenAPI XML type validator to validate a provided schema.
A vulnerability has been identified in SIMATIC S7-1200 CPU family version 4 (All versions < V4.2.3). The web interface could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires user interaction by a legitimate user, who must be authenticated to the web interface. A successful attack could allow an att ...