Arbitrary File Write And Delete

open-webui is vulnerable to Arbitrary File write and delete. The vulnerability is due to unsanitized file.filename concatenation with CACHEDIR, allowing attackers to overwrite and delete system files...

GHSA-54F4-V6V9-9Q82 open-webui allows writing and deleting arbitrary files

In version v0.3.8 of open-webui/open-webui, the endpoint /api/pipelines/upload is vulnerable to arbitrary file write and delete due to unsanitized file.filename concatenation with CACHEDIR. This vulnerability allows attackers to overwrite and delete system files, potentially leading to remote cod...

CVE-2024-7037 Arbitrary File Write/Delete Leading to RCE in open-webui/open-webui

In version v0.3.8 of open-webui/open-webui, the endpoint /api/pipelines/upload is vulnerable to arbitrary file write and delete due to unsanitized file.filename concatenation with CACHEDIR. This vulnerability allows attackers to overwrite and delete system files, potentially leading to remote cod...

Open WebUI 路径遍历漏洞

Open WebUI is an extensible, feature-rich, user-friendly self-hosted WebUI from Open WebUI open source. A path traversal vulnerability exists in Open WebUI version v0.3.8 that stems from vulnerability to arbitrary file write and delete attacks, allowing an attacker to overwrite and delete system...

ABB Cylon Aspect 3.08.01 calendarFileDelete.php Arbitrary File Deletion

ABB Cylon Aspect 3.08.01 calendarFileDelete.php Arbitrary File Deletion Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.01 Summary: ASPECT is an award-winning scalable building energy...

Saltcorn Server allows logged-in users to delete arbitrary files because of a path traversal vulnerability

Summary A logged-in user with any role can delete arbitrary files on the filesystem by calling the sync/cleansyncdir endpoint. The dirname POST parameter is not validated/sanitized and is used to construct the syncDir that is deleted by calling fs.rm. Details - file:...

ABB Cylon Aspect 3.08.01 Arbitrary File Deletion

ABB Cylon Aspect 3.08.01 databaseFileDelete.php Arbitrary File Delete Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.01 Summary: ASPECT is an award-winning scalable building energy...

ABB Cylon Aspect 3.08.01 (bigUpload.php) Remote Code Execution

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB BMS/BAS controller suffers from a remote code execution...

ABB Cylon Aspect 3.08.01 (databaseFileDelete.php) Arbitrary File Delete

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The BMS/BAS controller suffers from an arbitrary file deletion...

CVE-2024-8782

CVE-2024-8782 affects JFinalCMS up to version 1.0. The flaw is in the delete function of /admin/template/edit, where manipulating the name argument enables path traversal and remote deletion of arbitrary files. Multiple sources confirm the issue, with exploitation discussed publicly. Remediation ...

Novell File Reporter Agent Arbitrary File Delete

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Novell File Reporter Agent Arbitrary File Delete', 'Description' = %q NFRAgent.exe in Novell File Reporter allows remote attackers to delete...

Solaris LPD Arbitrary File Delete

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Solaris LPD Arbitrary File Delete', 'Description' = %q This module uses a vulnerability in the Solaris line printer daemon to delete arbitrary...

Axigen Arbitrary File Read And Delete

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Axigen Arbitrary File Read and Delete', 'Description' = %q This module exploits a directory traversal vulnerability in the WebAdmin interface of...

WordPress InPost PL plugin <= 1.4.4 - Unauthenticated Arbitrary File Read/Delete vulnerability

Unauthenticated Arbitrary File Read/Delete vulnerability discovered by 1337Wannabe in WordPress Plugin InPost PL versions = 1.4.4...

WordPress InPost for WooCommerce plugin <= 1.4.0 - Unauthenticated Arbitrary File Read/Delete vulnerability

Unauthenticated Arbitrary File Read/Delete vulnerability discovered by 1337Wannabe in WordPress Plugin InPost for WooCommerce versions = 1.4.0...

CVE-2024-34116

Creative Cloud Desktop versions 6.1.0.587 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to load and execute malicious libraries, leading to arbitrary file delete...

CVE-2024-34116

Adobe Creative Cloud Desktop (Windows/macOS) versions 6.1.0.587 and earlier are affected by an Uncontrolled Search Path Element vulnerability that can allow loading and executing malicious libraries, potentially resulting in arbitrary file deletion and a security feature bypass. Exploitation requ...

CVE-2024-5211 Path Traversal to Arbitrary File Read/Delete/Overwrite, DoS Attack, and Admin Account Takeover in mintplex-labs/anything-llm

A path traversal vulnerability in mintplex-labs/anything-llm allowed a manager to bypass the normalizePath function, intended to defend against path traversal attacks. This vulnerability enables the manager to read, delete, or overwrite the 'anythingllm.db' database file and other files stored in...

GHSA-G3HR-P86P-593H OpenAPI Generator Online - Arbitrary File Read/Delete

Impact Attackers can exploit the vulnerability to read and delete files and folders from an arbitrary, writable directory as anyone can set the output folder when submitting the request via the outputFolder option. Patches The issue was fixed via...

OpenAPI Generator Online - Arbitrary File Read/Delete

Impact Attackers can exploit the vulnerability to read and delete files and folders from an arbitrary, writable directory as anyone can set the output folder when submitting the request via the outputFolder option. Patches The issue was fixed via...