132 matches found
CVE-2024-8952 SSRF in composiohq/composio
A Server-Side Request Forgery SSRF vulnerability exists in composiohq/composio version v0.4.2, specifically in the /api/actions/execute/WEBTOOLSCRAPEWEBSITECONTENT endpoint. This vulnerability allows an attacker to read files, access AWS metadata, and interact with local services on the system...
CVE-2024-8955
Affected product: composiohq/composio v0.4.4. Vulnerability type: Server-Side Request Forgery (SSRF) via BROWSERTOOL_GOTO_PAGE and BROWSERTOOL_GET_PAGE_DETAILS actions. Root cause / impact: insufficient validation/handling of user-supplied URLs enables an attacker to read files from the system; i...
Linux Distros Unpatched Vulnerability : CVE-2010-2239
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Red Hat libvirt, possibly 0.6.0 through 0.8.2, creates new images without setting the user-defined backing-store format, which allows guest OS users to read...
CVE-2024-12058
CVE-2024-12058 affects Ivanti Connect Secure (ICS) and Ivanti Policy Secure (IPS). The issue arises from external control of a file name in the admin portal, allowing a remote authenticated attacker with admin privileges to read arbitrary files. Impact is limited to reading sensitive data from th...
CVE-2024-1558
A path traversal vulnerability exists in the createmodelversion function within server/handlers.py of the mlflow/mlflow repository, due to improper validation of the source parameter. Attackers can exploit this vulnerability by crafting a source parameter that bypasses the...
CVE-2024-28247
The Pi-hole is a DNS sinkhole that protects your devices from unwanted content without installing any client-side software. A vulnerability has been discovered in Pihole that allows an authenticated user on the platform to read internal server files arbitrarily, and because the application runs...
BIT-MLFLOW-2024-1558 Path Traversal Vulnerability in mlflow/mlflow
A path traversal vulnerability exists in the createmodelversion function within server/handlers.py of the mlflow/mlflow repository, due to improper validation of the source parameter. Attackers can exploit this vulnerability by crafting a source parameter that bypasses the...
CVE-2024-12429
An attacker who successfully exploited these vulnerabilities could grant read access to files. A vulnerability exists in the AC500 V3 version mentioned. A successfully authenticated attacker can use this vulnerability to read system wide files and configuration All AC500 V3 products PM5xxx with...
changedetection.io 路径遍历漏洞
changedetection.io is a website change detection, monitoring, and notification application from the individual developers at dgtlmoon. A path traversal vulnerability exists in changedetection.io prior to version 0.47.06, which stems from inadequate validation of the file URI scheme. An attacker...
Palo Alto Networks Expedition 安全漏洞
Palo Alto Networks Expedition is a tool from Palo Alto Networks, Inc. that helps with configuration migration, tuning, and enrichment. A security vulnerability exists in Palo Alto Networks Expedition. An attacker could create and read arbitrary files by exploiting the vulnerability...
PT-2024-5999 · Adobe · Commerce +1
Name of the Vulnerable Software and Affected Versions: Adobe Commerce versions 2.4.7-p1 through 2.4.4-p9 and earlier Magento Open Source versions 2.4.7-p1 through 2.4.4-p9 and earlier Description: The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known a...
Path Traversal
mlflow/mlflow is vulnerable to a Path Traversal. The vulnerability is due to improper validation of the source parameter within handlers.py, allowing attackers to craft a parameter that bypasses checks, leading to arbitrary file read access on the server...
GHSA-G9CJ-CFPP-4G2X gradio vulnerable to Path Traversal
An issue was discovered in gradio-app/gradio, where the /componentserver endpoint improperly allows the invocation of any method on a Component class with attacker-controlled arguments. Specifically, by exploiting the moveresourcetoblockcache method of the Block class, an attacker can copy any fi...
mlflow vulnerable to Path Traversal
A path traversal vulnerability exists in the createmodelversion function within server/handlers.py of the mlflow/mlflow repository, due to improper validation of the source parameter. Attackers can exploit this vulnerability by crafting a source parameter that bypasses the...
CVE-2024-1558
A path traversal vulnerability exists in the createmodelversion function within server/handlers.py of the mlflow/mlflow repository, due to improper validation of the source parameter. Attackers can exploit this vulnerability by crafting a source parameter that bypasses the...
CVE-2024-1561
Gradio 4.3–4.12 contains a local file read vulnerability by abusing the /component_server endpoint to invoke methods on a Component (via move_resource_to_block_cache), enabling an attacker to copy and read files on the host. Impact includes potential exposure of secrets (API keys, env vars) espec...
CVE-2024-1558 Path Traversal Vulnerability in mlflow/mlflow
A path traversal vulnerability exists in the createmodelversion function within server/handlers.py of the mlflow/mlflow repository, due to improper validation of the source parameter. Attackers can exploit this vulnerability by crafting a source parameter that bypasses the...
CVE-2024-1558
CVE-2024-1558 (mlflow/mlflow) describes a path traversal vulnerability in the function _create_model_version() in server/handlers.py due to improper validation of the source parameter. Attackers can bypass the check in _validate_non_local_source_contains_relative_paths(source) and gain arbitrary ...
Nokia NFM-T Security Vulnerability
Nokia NFM-T is a transport network function manager from Nokia of Finland. A security vulnerability exists in Nokia NFM-T version R19.9, which originates from an absolute path traversal vulnerability that could allow an authenticated, remote attacker to read arbitrary files...
South River Technologies Titan MFT and Titan SFTP Path Traversal Vulnerabilities
South River Technologies Titan MFT and South River Technologies Titan SFTP are both products of South River Technologies.South River Technologies Titan MFT is a popular file transfer solution for managing and encrypting file transfers.South River Technologies Titan SFTP is a solution for A securi...