5215 matches found
CVE-2024-6868 Arbitrary File Write in mudler/LocalAI
mudler/LocalAI version 2.17.1 allows for arbitrary file write due to improper handling of automatic archive extraction. When model configurations specify additional files as archives e.g., .tar, these archives are automatically extracted after downloading. This behavior can be exploited to perfor...
CVE-2024-6868
CVE-2024-6868 affects mudler/LocalAI (version 2.17.1). The issue is improper handling of automatic archive extraction when model configurations specify archives (for example, .tar), causing archives to be extracted after download and enabling a potentially destructive “tarslip” that can write fil...
CVE-2024-6868 Arbitrary File Write in mudler/LocalAI
mudler/LocalAI version 2.17.1 allows for arbitrary file write due to improper handling of automatic archive extraction. When model configurations specify additional files as archives e.g., .tar, these archives are automatically extracted after downloading. This behavior can be exploited to perfor...
MPXJ 路径遍历漏洞
MPXJ is an open source library by Jon Iles Personal Developer. It is used to read and write project plans from various file formats and databases. MPXJ suffers from a path traversal vulnerability that stems from allowing an attacker to construct malicious paths to write files to arbitrary locatio...
CVE-2024-49380
Plenti, a static site generator, has an arbitrary file write vulnerability in versions prior to 0.7.2. The /postLocal endpoint is vulnerable to an arbitrary file write vulnerability when a plenti user serves their website. This issue may lead to Remote Code Execution. Version 0.7.2 fixes the...
CVE-2024-49380 Plenti arbitrary file write vulnerability
Plenti, a static site generator, has an arbitrary file write vulnerability in versions prior to 0.7.2. The /postLocal endpoint is vulnerable to an arbitrary file write vulnerability when a plenti user serves their website. This issue may lead to Remote Code Execution. Version 0.7.2 fixes the...
CVE-2024-49380 Plenti arbitrary file write vulnerability
Plenti, a static site generator, has an arbitrary file write vulnerability in versions prior to 0.7.2. The /postLocal endpoint is vulnerable to an arbitrary file write vulnerability when a plenti user serves their website. This issue may lead to Remote Code Execution. Version 0.7.2 fixes the...
CVE-2024-49380 Plenti arbitrary file write vulnerability
Plenti, a static site generator, has an arbitrary file write vulnerability in versions prior to 0.7.2. The /postLocal endpoint is vulnerable to an arbitrary file write vulnerability when a plenti user serves their website. This issue may lead to Remote Code Execution. Version 0.7.2 fixes the...
CVE-2024-49380
CVE-2024-49380 affects Plenti (static site generator) prior to v0.7.2. Affected component: the /postLocal endpoint, which allows arbitrary file writes and may enable remote code execution. Impact is described as High/CRITICAL depending on metric source. The issue is fixed in v0.7.2. Remediation: ...
PT-2024-33494 · Plenti +1 · Plenti +1
Name of the Vulnerable Software and Affected Versions: Plenti versions prior to 0.7.2 Description: The issue is related to an arbitrary file write vulnerability. The /postLocal endpoint is vulnerable, which may lead to Remote Code Execution when a Plenti user serves their website. Recommendations...
PT-2024-16180 · Ininet Solutions · Ininet Solutions Spidercontrol Scada Pc Hmi Editor
Name of the Vulnerable Software and Affected Versions: iniNet Solutions SpiderControl SCADA PC HMI Editor affected versions not specified Description: The issue is related to a path traversal vulnerability. When the software loads a malicious ems project template file created by an attacker, it c...
The vulnerability of the Jolokia Endpoint component of the Apache ActiveMQ Artemis software platform allows a hacker to write arbitrary files.
The vulnerability of the Jolokia Endpoint component of the Apache ActiveMQ software platform is related to improper authentication. Exploiting this vulnerability allows a malicious actor to write arbitrary files...
CVE-2024-47903
A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber All versions V8.2.12, InterMesh 7707 Fire Subscriber All versions V7.2.12 only if the IP interface is enabled which is not the default configuration. The web server of affected devices allows to write arbitrary files to t...
Siemens InterMesh 7177和Siemens InterMesh 7707 安全漏洞
InterMesh is a wireless alarm reporting system that uses mesh wireless network technology to transmit alarm signals. A security vulnerability exists in Siemens InterMesh Subscriber Devices, which can be exploited by an attacker to write arbitrary files to the web server's DocumentRoot directory...
BYOB Unauthenticated Remote Code Execution Exploit
This Metasploit module exploits two vulnerabilities in the BYOB Build Your Own Botnet web GUI. It leverages an unauthenticated arbitrary file write that allows modification of the SQLite database, adding a new admin user. It also uses an authenticated command injection in the payload generation...
CVE-2024-49366 Nginx UI's json field can construct a directory traversal payload, causing arbitrary files to be written
Nginx UI is a web user interface for the Nginx web server. Nginx UI v2.0.0-beta.35 and earlier gets the value from the json field without verification, and can construct a value value in the form of ../../. Arbitrary files can be written to the server, which may result in loss of permissions...
Nginx UI 路径遍历漏洞
Nginx UI is a WebUI for Nginx by Jacky Personal Developer. A path traversal vulnerability exists in Nginx UI 2.0.0-beta.35 and earlier versions, which originates from obtaining a value from a json field without authentication, writing an arbitrary file to the server, and leading to loss of...
Adobe Digital Editions < 4.5.11.187658 Multiple Vulnerabilities (APSB21-80) (macOS)
The version of Adobe Digital Editions installed on the remote macOS host is prior to 4.5.11.187658. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB21-80 advisory. - Adobe Digital Editions 4.5.11.187646 and earlier are affected by an arbitrary command execution...
CVE-2023-4782
...
BYOB Unauthenticated Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'sqlite3' class MetasploitModule 'BYOB Unauthenticated RCE via Arbitrary File Write and Command Injection CVE-2024-45256, CVE-2024-45257', 'Description' = %q Thi...