5215 matches found
BYOB Unauthenticated RCE via Arbitrary File Write and Command Injection (CVE-2024-45256, CVE-2024-45257)
This module exploits two vulnerabilities in the BYOB Build Your Own Botnet web GUI: 1. CVE-2024-45256: Unauthenticated arbitrary file write that allows modification of the SQLite database, adding a new admin user. 2. CVE-2024-45257: Authenticated command injection in the payload generation page...
Arbitrary File Write And Delete
open-webui is vulnerable to Arbitrary File write and delete. The vulnerability is due to unsanitized file.filename concatenation with CACHEDIR, allowing attackers to overwrite and delete system files...
BIT-MLFLOW-2024-0520 Remote Code Execution due to Full Controlled File Write in mlflow/mlflow
A vulnerability in mlflow/mlflow version 8.2.1 allows for remote code execution due to improper neutralization of special elements used in an OS command 'Command Injection' within the mlflow.data.httpdatasetsource.py module. Specifically, when loading a dataset from a source URL with an HTTP...
JetBrains TeamCity < 2024.7.3 Multiple Vulnerabilities
The version of JetBrains TeamCity installed on the remote host is prior to 2024.7.3. It is, therefore, affected by multiple vulnerabilities: - In JetBrains TeamCity before 2024.07.3 password could be exposed via Sonar runner REST API CVE-2024-47161 - In JetBrains TeamCity before 2024.07.3 path...
GHSA-54F4-V6V9-9Q82 open-webui allows writing and deleting arbitrary files
In version v0.3.8 of open-webui/open-webui, the endpoint /api/pipelines/upload is vulnerable to arbitrary file write and delete due to unsanitized file.filename concatenation with CACHEDIR. This vulnerability allows attackers to overwrite and delete system files, potentially leading to remote cod...
CVE-2024-7037
In version v0.3.8 of open-webui/open-webui, the endpoint /api/pipelines/upload is vulnerable to arbitrary file write and delete due to unsanitized file.filename concatenation with CACHEDIR. This vulnerability allows attackers to overwrite and delete system files, potentially leading to remote cod...
CVE-2024-7037
In version v0.3.8 of open-webui/open-webui, the endpoint /api/pipelines/upload is vulnerable to arbitrary file write and delete due to unsanitized file.filename concatenation with CACHEDIR. This vulnerability allows attackers to overwrite and delete system files, potentially leading to remote cod...
CVE-2024-7037 Arbitrary File Write/Delete Leading to RCE in open-webui/open-webui
In version v0.3.8 of open-webui/open-webui, the endpoint /api/pipelines/upload is vulnerable to arbitrary file write and delete due to unsanitized file.filename concatenation with CACHEDIR. This vulnerability allows attackers to overwrite and delete system files, potentially leading to remote cod...
CVE-2024-7037
Open WebUI project (open-webui) v0.3.8 has a path traversal/Arbitrary File Write and Delete vulnerability in the /api/pipelines/upload endpoint caused by unsanitized file.filename concatenation with CACHE_DIR. This allows an attacker to overwrite or delete system files and could lead to remote co...
Open WebUI 路径遍历漏洞
Open WebUI is an extensible, feature-rich, user-friendly self-hosted WebUI from Open WebUI open source. A path traversal vulnerability exists in Open WebUI version v0.3.8 that stems from vulnerability to arbitrary file write and delete attacks, allowing an attacker to overwrite and delete system...
PT-2024-38039 · Unknown · Open-Webui
Name of the Vulnerable Software and Affected Versions: open-webui/open-webui version 0.3.8 Description: The /api/pipelines/upload endpoint is susceptible to arbitrary file write and deletion due to improper sanitization of the file.filename variable when concatenated with CACHE DIR. This allows...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the LocalMode's openlocalfile method, which allows an authenticated user with adequate permissions to download any .txt via the ScreensControllershow on the web server. Details A Directory Traversal attack also...
Backdoor.Win32.Amatu.a MVID-2024-0698 Arbitrary File Write
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/1e2d0b90ffc23e00b743c41064bdcc6b.txt Contact: [email protected] Media: x.com/malvuln Threat: Backdoor.Win32.Amatu.a Vulnerability: Remote Arbitrary File Write RCE Family: Amatu Type: PE32...
CVE-2024-44825
Directory Traversal vulnerability in Centro de Tecnologia da Informaco Renato Archer InVesalius3 v3.1.99995 allows attackers to write arbitrary files unto the system via a crafted .inv3 file...
DEBIAN-CVE-2024-44825
Directory Traversal vulnerability in Centro de Tecnologia da Informaco Renato Archer InVesalius3 v3.1.99995 allows attackers to write arbitrary files unto the system via a crafted .inv3 file...
CVE-2024-44825
Directory Traversal vulnerability in Centro de Tecnologia da Informaco Renato Archer InVesalius3 v3.1.99995 allows attackers to write arbitrary files unto the system via a crafted .inv3 file...
PT-2024-31270 · Unknown · Invesalius3
Name of the Vulnerable Software and Affected Versions: InVesalius3 version 3.1.99995 Description: The issue allows attackers to write arbitrary files unto the system via a crafted .inv3 file, exploiting a Directory Traversal vulnerability. Recommendations: For InVesalius3 version 3.1.99995,...
PouchContainer 安全漏洞
PouchContainer is an efficient enterprise container engine open-sourced by Aliyun Container Service. A security vulnerability exists in PouchContainer v1.3.1. An attacker exploited the vulnerability to elevate privileges and write arbitrary files...
PT-2024-29313 · Alibaba · Aliyuncontainerservice Pouch
Name of the Vulnerable Software and Affected Versions: AliyunContainerService pouch version 1.3.1 Description: A symlink following vulnerability in the pouch cp function of AliyunContainerService pouch allows attackers to escalate privileges and write arbitrary files. Recommendations: For...
Invesalius 3.1 Arbitrary File Write / Directory Traversal
Exploit Title: Invesalius 3.1 - Arbitrary File Write using Directory Traversal Discovered By: Riccardo Degli Esposti partywave Exploit Author: Riccardo Degli Esposti partywave Vendor Homepage: https://invesalius.github.io/ Software Link:...