CVE-2024-1961 Path Traversal leading to Arbitrary File Write and RCE in vertaai/modeldb

vertaai/modeldb is vulnerable to a path traversal attack due to improper sanitization of user-supplied file paths in its file upload functionality. Attackers can exploit this vulnerability to write arbitrary files anywhere in the file system by manipulating the 'artifactpath' parameter. This flaw...

DocsGPT 安全漏洞

DocsGPT is a cutting edge open source solution from Arc53 Open Source. It simplifies the process of finding information in project documentation. A security vulnerability exists in DocsGPT version v0.5.0, which stems from a restricted file write vulnerability in routes.py...

PT-2024-5388 · Duckdb +2 · Duckdb +2

Name of the Vulnerable Software and Affected Versions: Vanna version 0.3.4 Description: The issue is related to the Vanna framework's web interface, specifically with its integration of DuckDB and Flask Web APIs. It allows for SQL injection, enabling attackers to inject malicious SQL training dat...

ModelDB 路径遍历漏洞

ModelDB is an open source system for machine learning model version control, metadata and experiment management open source by VertaAI. ModelDB suffers from a path traversal vulnerability that arises from improper cleaning of user-supplied file paths in the file upload function. This vulnerabilit...

CVE-2024-31462

stable-diffusion-webui is a web interface for Stable Diffusion, implemented using Gradio library. Stable-diffusion-webui 1.7.0 is vulnerable to a limited file write affecting Windows systems. The createui method Backup/Restore tab in modules/uiextensions.py takes user input into the configsavenam...

CVE-2024-31462 Limited file write in Stable-diffusion-webui - GHSL-2024-010

stable-diffusion-webui is a web interface for Stable Diffusion, implemented using Gradio library. Stable-diffusion-webui 1.7.0 is vulnerable to a limited file write affecting Windows systems. The createui method Backup/Restore tab in modules/uiextensions.py takes user input into the configsavenam...

CVE-2024-31462

The CVE-2024-31462 entry concerns stable-diffusion-webui (v1.7.0) with a limited file write vulnerability. The root cause is in the create_ui function (Backup/Restore tab) within modules/ui_extensions.py, where user input is captured into config_save_name and later used to form a file path that i...

CVE-2024-31462 Limited file write in Stable-diffusion-webui - GHSL-2024-010

stable-diffusion-webui is a web interface for Stable Diffusion, implemented using Gradio library. Stable-diffusion-webui 1.7.0 is vulnerable to a limited file write affecting Windows systems. The createui method Backup/Restore tab in modules/uiextensions.py takes user input into the configsavenam...

CVE-2024-31462 Limited file write in Stable-diffusion-webui - GHSL-2024-010

stable-diffusion-webui is a web interface for Stable Diffusion, implemented using Gradio library. Stable-diffusion-webui 1.7.0 is vulnerable to a limited file write affecting Windows systems. The createui method Backup/Restore tab in modules/uiextensions.py takes user input into the configsavenam...

Exploit for CVE-2024-31771

CVE-2024-31771 TotalAV Arbitrary File Write TotalAV version...

CVE-2024-22178

A file write vulnerability exists in the OAS Engine Save Security Configuration functionality of Open Automation Software OAS Platform V19.00.0057. A specially crafted series of network requests can lead to arbitrary file creation or overwrite. An attacker can send a sequence of requests to trigg...

CVE-2024-22178

A file write vulnerability exists in the OAS Engine Save Security Configuration functionality of Open Automation Software OAS Platform V19.00.0057. A specially crafted series of network requests can lead to arbitrary file creation or overwrite. An attacker can send a sequence of requests to trigg...

CVE-2024-21870

A file write vulnerability exists in the OAS Engine Tags Configuration functionality of Open Automation Software OAS Platform V19.00.0057. A specially crafted series of network requests can lead to arbitrary file creation or overwrite. An attacker can send a sequence of requests to trigger this...

CVE-2024-21870

A file write vulnerability exists in the OAS Engine Tags Configuration functionality of Open Automation Software OAS Platform V19.00.0057. A specially crafted series of network requests can lead to arbitrary file creation or overwrite. An attacker can send a sequence of requests to trigger this...

CVE-2024-22178

Open Automation Software OAS Platform (V19.00.0057) has a file-write vulnerability in the OAS Engine Save Security Configuration feature. A crafted sequence of network requests can create or overwrite arbitrary files. TALOS confirms CVE-2024-22178 (CWE-73) affects OAS Platform V19.00.0057; impact...

CVE-2024-31011

Arbitrary file write vulnerability in beescms v.4.0, allows a remote attacker to execute arbitrary code via a file path that was not isolated and the suffix was not verified in admintemplate.php...

CVE-2024-31011

Arbitrary file write vulnerability in beescms v.4.0, allows a remote attacker to execute arbitrary code via a file path that was not isolated and the suffix was not verified in admintemplate.php...

beescms 安全漏洞

BEESCMS is a PHP and MySQL based, scalable Content Management System CMS. A security vulnerability exists in beescms version v.4.0, which originates from an arbitrary file write vulnerability in admintemplate.php...

CVE-2024-31011

Arbitrary file write vulnerability in beescms v.4.0, allows a remote attacker to execute arbitrary code via a file path that was not isolated and the suffix was not verified in admintemplate.php...

CVE-2024-31011

CVE-2024-31011 affects beescms v4.0, where an Arbitrary file write vulnerability exists in admin_template.php due to a file path that was not isolated and an unverified suffix. This allows a remote attacker to write arbitrary files and, as described, execute arbitrary code. The impact is consiste...