1649 matches found
onnx allows Arbitrary File Overwrite in download_model_with_test_data
A vulnerability in the downloadmodelwithtestdata function of the onnx/onnx framework, versions before 1.16.2, allow for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability enables attackers to overwrite any file on the system,...
GHSA-6RQ9-53C3-F7VJ onnx allows Arbitrary File Overwrite in download_model_with_test_data
A vulnerability in the downloadmodelwithtestdata function of the onnx/onnx framework, versions before 1.16.2, allow for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability enables attackers to overwrite any file on the system,...
DEBIAN-CVE-2024-5187
A vulnerability in the downloadmodelwithtestdata function of the onnx/onnx framework, version 1.16.0, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability enables attackers to overwrite any file on the system,...
UBUNTU-CVE-2024-5187
A vulnerability in the downloadmodelwithtestdata function of the onnx/onnx framework, version 1.16.0, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability enables attackers to overwrite any file on the system,...
CVE-2024-5187 Arbitrary File Overwrite in download_model_with_test_data in onnx/onnx
A vulnerability in the downloadmodelwithtestdata function of the onnx/onnx framework, version 1.16.0, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability enables attackers to overwrite any file on the system,...
CVE-2024-3322 Path Traversal in parisneo/lollms-webui
A path traversal vulnerability exists in the 'cybersecurity/codeguard' native personality of the parisneo/lollms-webui, affecting versions up to 9.5. The vulnerability arises from the improper limitation of a pathname to a restricted directory in the 'processfolder' function within...
CVE-2024-25975
The application implements an up- and downvote function which alters a value within a JSON file. The POST parameters are not filtered properly and therefore an arbitrary file can be overwritten. The file can be controlled by an authenticated attacker, the content cannot be controlled. It is...
CVE-2024-25975 Arbitrary File Overwrite
The application implements an up- and downvote function which alters a value within a JSON file. The POST parameters are not filtered properly and therefore an arbitrary file can be overwritten. The file can be controlled by an authenticated attacker, the content cannot be controlled. It is...
CVE-2024-25975 Arbitrary File Overwrite
The application implements an up- and downvote function which alters a value within a JSON file. The POST parameters are not filtered properly and therefore an arbitrary file can be overwritten. The file can be controlled by an authenticated attacker, the content cannot be controlled. It is...
CVE-2024-25975
CVE-2024-25975 affects the HAWKI application (Interaction Design Team, University of Applied Sciences) and is tied to a path-traversal in the up/downvote feature. The POST parameters are not properly filtered, allowing an authenticated attacker to write arbitrary files on the server by supplying ...
CVE-2023-5938
Multiple functions use archives without properly validating the filenames therein, rendering the application vulnerable to path traversal via 'zip slip' attacks. An administrator able to provide tampered archives to be processed by the affected versions of Arc may be able to have arbitrary files...
CVE-2023-5938
CVE-2023-5938 affects Arc up to versions prior to 1.6.0. The vulnerability arises because multiple functions process archives without validating contained filenames, enabling path traversal via zip slip. An administrator able to supply tampered archives to Arc could cause arbitrary files to be ex...
PT-2024-14847 · Arc · Arc
Name of the Vulnerable Software and Affected Versions: Arc affected versions not specified Description: The issue arises from multiple functions using archives without properly validating the filenames, making the application susceptible to path traversal via 'zip slip' attacks. An administrator...
CVE-2024-27946
A vulnerability has been identified in RUGGEDCOM CROSSBOW All versions V5.5. Downloading files overwrites files with the same name in the installation directory of the affected systems. The filename for the target file can be specified, thus arbitrary files can be overwritten by an attacker with...
RCE (Remote Code Execution) org.eclipse.jgit:org.eclipse.jgit Dependency in Bamboo Data Center and Server
This High severity org.eclipse.jgit:org.eclipse.jgit Dependency vulnerability was introduced in versions 9.0.0, 9.1.0, 9.2.1, 9.3.0, 9.4.0, and 9.5.0 of Bamboo Data Center and Server. The latest LTS Bamboo 9.6.0 is not impacted by this Vulnerability. This org.eclipse.jgit:org.eclipse.jgit...
CVE-2024-28072 Arbitrary File Overwrite Vulnerability
A highly privileged account can overwrite arbitrary files on the system with log output. The log file path tags were not sanitized properly...
RHEL 6 / 7 : rh-ruby22-ruby (RHSA-2018:0583)
The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:0583 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...
RHEL 6 / 7 : rh-ruby23-ruby (RHSA-2018:0585)
The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:0585 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...
RHEL 6 / 7 : rh-ruby24-ruby (RHSA-2017:3485)
The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:3485 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...
CVE-2024-2221
CVE-2024-2221 affects qdrant/qdrant. The vulnerability is a path traversal and arbitrary file upload via the /collections/{COLLECTION}/snapshots/upload endpoint, exploitable through the snapshot parameter, allowing an attacker to upload and overwrite any file on the filesystem and potentially ach...