7215 matches found
The vulnerability of the GetConfPath() function in the Nginx UI server’s user interface allows a hacker to write arbitrary files.
The vulnerability of the GetConfPath function in the Nginx UI server’s user interface is related to the improper handling of JSON fields, resulting in incorrect values being retrieved without proper validation. This issue arises due to a faulty restriction on the path to the restricted directory...
Plenti arbitrary file write vulnerability
Plenti, a static site generator, has an arbitrary file write vulnerability in versions prior to 0.7.2. The /postLocal endpoint is vulnerable to an arbitrary file write vulnerability when a plenti user serves their website. This issue may lead to Remote Code Execution. Version 0.7.2 fixes the...
GHSA-2P96-P7QH-4RGR Plenti arbitrary file write vulnerability
Plenti, a static site generator, has an arbitrary file write vulnerability in versions prior to 0.7.2. The /postLocal endpoint is vulnerable to an arbitrary file write vulnerability when a plenti user serves their website. This issue may lead to Remote Code Execution. Version 0.7.2 fixes the...
The vulnerability of the Splunk Enterprise operating analysis platform lies in the incorrect limitation of the path name to the restricted access directory, allowing a malicious user to write any file into the root directory of the Windows system.
The vulnerability of the Splunk Enterprise operating platform relates to an incorrect restriction on the path name to the restricted access directory. Exploiting this vulnerability could allow a malicious actor to write any file into the root directory of the Windows system...
CVE-2024-6868
mudler/LocalAI version 2.17.1 allows for arbitrary file write due to improper handling of automatic archive extraction. When model configurations specify additional files as archives e.g., .tar, these archives are automatically extracted after downloading. This behavior can be exploited to perfor...
CVE-2024-6868
mudler/LocalAI version 2.17.1 allows for arbitrary file write due to improper handling of automatic archive extraction. When model configurations specify additional files as archives e.g., .tar, these archives are automatically extracted after downloading. This behavior can be exploited to perfor...
PYSEC-2024-111
A path traversal vulnerability exists in the getFullPath method of langchain-ai/langchainjs version 0.2.5. This vulnerability allows attackers to save files anywhere in the filesystem, overwrite existing text files, read .txt files, and delete files. The vulnerability is exploited through the...
CVE-2024-6868 Arbitrary File Write in mudler/LocalAI
mudler/LocalAI version 2.17.1 allows for arbitrary file write due to improper handling of automatic archive extraction. When model configurations specify additional files as archives e.g., .tar, these archives are automatically extracted after downloading. This behavior can be exploited to perfor...
CVE-2024-6868 Arbitrary File Write in mudler/LocalAI
mudler/LocalAI version 2.17.1 allows for arbitrary file write due to improper handling of automatic archive extraction. When model configurations specify additional files as archives e.g., .tar, these archives are automatically extracted after downloading. This behavior can be exploited to perfor...
CVE-2024-6868
CVE-2024-6868 affects mudler/LocalAI (version 2.17.1). The issue is improper handling of automatic archive extraction when model configurations specify archives (for example, .tar), causing archives to be extracted after download and enabling a potentially destructive “tarslip” that can write fil...
CVE-2024-49771
CVE-2024-49771 affects the MPXJ library (used to read/write project plans). The issue is a path traversal vulnerability in the ZIP stream handling (InputStreamHelper/Packwood MPXJ code) that could allow writing files to arbitrary locations. It is addressed in MPXJ version 13.5.1. No exploitation ...
GO-2024-3213 Plenti arbitrary file write vulnerability in github.com/plentico/plenti
Plenti arbitrary file write vulnerability in github.com/plentico/plenti...
MPXJ 路径遍历漏洞
MPXJ is an open source library by Jon Iles Personal Developer. It is used to read and write project plans from various file formats and databases. MPXJ suffers from a path traversal vulnerability that stems from allowing an attacker to construct malicious paths to write files to arbitrary locatio...
CVE-2024-49380
Plenti, a static site generator, has an arbitrary file write vulnerability in versions prior to 0.7.2. The /postLocal endpoint is vulnerable to an arbitrary file write vulnerability when a plenti user serves their website. This issue may lead to Remote Code Execution. Version 0.7.2 fixes the...
CVE-2024-49380 Plenti arbitrary file write vulnerability
Plenti, a static site generator, has an arbitrary file write vulnerability in versions prior to 0.7.2. The /postLocal endpoint is vulnerable to an arbitrary file write vulnerability when a plenti user serves their website. This issue may lead to Remote Code Execution. Version 0.7.2 fixes the...
CVE-2024-49380 Plenti arbitrary file write vulnerability
Plenti, a static site generator, has an arbitrary file write vulnerability in versions prior to 0.7.2. The /postLocal endpoint is vulnerable to an arbitrary file write vulnerability when a plenti user serves their website. This issue may lead to Remote Code Execution. Version 0.7.2 fixes the...
CVE-2024-49380
CVE-2024-49380 affects Plenti (static site generator) prior to v0.7.2. Affected component: the /postLocal endpoint, which allows arbitrary file writes and may enable remote code execution. Impact is described as High/CRITICAL depending on metric source. The issue is fixed in v0.7.2. Remediation: ...
CVE-2024-49380 Plenti arbitrary file write vulnerability
Plenti, a static site generator, has an arbitrary file write vulnerability in versions prior to 0.7.2. The /postLocal endpoint is vulnerable to an arbitrary file write vulnerability when a plenti user serves their website. This issue may lead to Remote Code Execution. Version 0.7.2 fixes the...
PT-2024-33494 · Plenti +1 · Plenti +1
Name of the Vulnerable Software and Affected Versions: Plenti versions prior to 0.7.2 Description: The issue is related to an arbitrary file write vulnerability. The /postLocal endpoint is vulnerable, which may lead to Remote Code Execution when a Plenti user serves their website. Recommendations...
Unspecified Vulnerability in Siemens InterMesh Subscriber Devices (CNVD-2024-41573)
InterMesh is a wireless alarm reporting system that uses mesh wireless network technology to transmit alarm signals. A security vulnerability exists in Siemens InterMesh Subscriber Devices, which can be exploited by an attacker to write arbitrary files to the web server's DocumentRoot directory...