Vulnerabilities > Incomplete Blacklist

DATE	CVE	VULNERABILITY TITLE	RISK
2024-03-05	CVE-2023-45593	Incomplete Blacklist vulnerability in Ailux Imx6 A CWE-184 “Incomplete List of Disallowed Inputs” vulnerability in the embedded Chromium browser (concerning the handling of alternative URLs, other than “ http://localhost” ) allows a physical attacker to read arbitrary files on the file system, alter the configuration of the embedded browser, and have other unspecified impacts to the confidentiality, integrity, and availability of the device. low complexity ailux CWE-184	6.8
2018-01-29	CVE-2018-6383	Incomplete Blacklist vulnerability in Monstra Monstra CMS through 3.0.4 has an incomplete "forbidden types" list that excludes .php (and similar) file extensions but not the .pht or .phar extension, which allows remote authenticated Admins or Editors to execute arbitrary PHP code by uploading a file, a different vulnerability than CVE-2017-18048. network low complexity monstra CWE-184	8.8
2017-08-07	CVE-2015-5946	Incomplete Blacklist vulnerability in Sugarcrm 6.5.22 Incomplete blacklist vulnerability in SuiteCRM 7.2.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension. local low complexity sugarcrm CWE-184	7.8
2017-02-17	CVE-2016-6189	Incomplete Blacklist vulnerability in Alinto Sogo Incomplete blacklist in SOGo before 2.3.12 and 3.x before 3.1.1 allows remote authenticated users to obtain sensitive information by reading the fields in the (1) ics or (2) XML calendar feeds. network low complexity alinto CWE-184	4.3

Vulnerabilities > Incomplete Blacklist {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Incomplete Blacklist"}]}

Vulnerabilities > Incomplete Blacklist