174 matches found
PT-2024-33482 · Zimaos · Zimaos
Name of the Vulnerable Software and Affected Versions: ZimaOS versions 1.2.4 and earlier Description: The issue allows authenticated users to perform a directory traversal attack via the API endpoint http:///v2 1/file, enabling access to sensitive system directories such as /etc. This could expos...
ZimaOS 安全漏洞
ZimaOS is an open source operating system project from IceWhaleTech designed to provide a lightweight, high-performance, secure operating system environment. A security vulnerability exists in ZimaOS prior to version 1.2.4, which stems from improper input validation and leaves the API endpoint...
CVE-2024-10101 Stored XSS in binary-husky/gpt_academic
A stored cross-site scripting XSS vulnerability exists in binary-husky/gptacademic version 3.83. The vulnerability occurs at the /file endpoint, which renders HTML files. Malicious HTML files containing XSS payloads can be uploaded and stored in the backend, leading to the execution of the payloa...
CVE-2024-10101 Stored XSS in binary-husky/gpt_academic
A stored cross-site scripting XSS vulnerability exists in binary-husky/gptacademic version 3.83. The vulnerability occurs at the /file endpoint, which renders HTML files. Malicious HTML files containing XSS payloads can be uploaded and stored in the backend, leading to the execution of the payloa...
PT-2024-37828 · Nanjing Xingyuantu Technology · Sparkshop
Name of the Vulnerable Software and Affected Versions: Nanjing Xingyuantu Technology SparkShop versions up to 1.1.6 Description: A critical issue affects the processing of the file "/api/Common/uploadFile". The manipulation of the file argument leads to unrestricted upload. The attack can be...
CVE-2024-6250
Summary (fact-grounded): CVE-2024-6250 affects parisneo/lollms-webui version 9.6. The vulnerability is an absolute path traversal in the open_file endpoint of lollms_advanced.py, where the sanitize_path function with allow_absolute_path=True enables reading arbitrary files and listing directories...
PT-2024-37482
Name of the Vulnerable Software and Affected Versions: parisneo/lollms-webui version 9.6 Description: An absolute path traversal issue exists, specifically in the "open file" endpoint of "lollms advanced.py". The sanitize path function with allow absolute path=True allows an attacker to access...
CVE-2024-3153
CVE-2024-3153 affects mintplex-labs/anything-llm. An uncontrolled resource consumption vulnerability exists in the upload file endpoint, enabling a denial of service by sending an invalid upload request. Documented impact is DOS with availability impact described; no official fix/version is provi...
CVE-2024-3153 Uncontrolled Resource Consumption in mintplex-labs/anything-llm
mintplex-labs/anything-llm is affected by an uncontrolled resource consumption vulnerability in its upload file endpoint, leading to a denial of service DOS condition. Specifically, the server can be shut down by sending an invalid upload request. An attacker with the ability to upload documents...
PT-2024-33521 · Gradio App · Gradio
Name of the Vulnerable Software and Affected Versions: gradio-app/gradio version 4.25 Description: A local file inclusion issue exists due to improper input validation in the postprocess function within gradio/components/json component.py. This allows a user-controlled string to be parsed as JSON...
PT-2024-36068 · Unknown · Phpmybackuppro
Name of the Vulnerable Software and Affected Versions: PhpMyBackupPro version 2.3 Description: A vulnerability has been discovered that could allow an attacker to execute XSS through the "/phpmybackuppro/get file.php" API endpoint, using the view parameter. This could allow an attacker to create ...
CVE-2024-3194
A vulnerability was found in MailCleaner up to 2023.03.14 and classified as problematic. Affected by this issue is some unknown functionality of the component Log File Endpoint. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to...
CVE-2024-3194
A vulnerability was found in MailCleaner up to 2023.03.14 and classified as problematic. Affected by this issue is some unknown functionality of the component Log File Endpoint. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to...
CVE-2024-3194 MailCleaner Log File Endpoint cross site scripting
A vulnerability was found in MailCleaner up to 2023.03.14 and classified as problematic. Affected by this issue is some unknown functionality of the component Log File Endpoint. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to...
CVE-2024-3194 MailCleaner Log File Endpoint cross site scripting
A vulnerability was found in MailCleaner up to 2023.03.14 and classified as problematic. Affected by this issue is some unknown functionality of the component Log File Endpoint. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to...
CVE-2024-2604
A vulnerability was found in SourceCodester File Manager App 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /endpoint/update-file.php. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit...
PT-2024-21287 · Sourcecodester · Sourcecodester File Manager App
Name of the Vulnerable Software and Affected Versions: SourceCodester File Manager App version 1.0 Description: A critical issue has been found in the SourceCodester File Manager App, affecting the /endpoint/update-file.php file. The manipulation of the file argument leads to unrestricted upload...
PT-2024-15455 · Youke365 · Youke365
Name of the Vulnerable Software and Affected Versions: Youke365 versions up to 1.5.3 Description: A critical issue has been found in Youke365, affecting an unknown functionality of the file /app/api/controller/collect.php. The manipulation of the url argument leads to server-side request forgery...
Path Traversal
Gradio is vulnerable for Path Traversal. The vulnerability is due to improper file path validation within the /file endpoint. An attacker can access arbitrary files on the server by requesting a filepath starting with...
Gradio Path Traversal Vulnerability
Gradio is an open source Python library that is a way to demonstrate machine learning models through a friendly web interface. A path traversal vulnerability exists in Gradio versions prior to 4.11.0, which stems from a path traversal vulnerability in /file...