PT-2024-38040 · Unknown · Open-Webui

Name of the Vulnerable Software and Affected Versions: open-webui version 0.3.8 Description: An information disclosure issue exists related to the embedding model update feature under admin settings. When a user updates the model path, the system checks if the file exists and provides different...

CVE-2023-46170

IBM DS8900F HMC 89.21.19.0, 89.21.31.0, 89.30.68.0, 89.32.40.0, and 89.33.48.0 could allow an authenticated user to arbitrarily read files after enumerating file names...

IBM DS8900F HMC 日志信息泄露漏洞

The IBM DS8900F HMC is an enterprise-class disk storage system from International Business Machines IBM for storing and managing large-scale enterprise data. The IBM DS8900F HMC suffers from a log information disclosure vulnerability that can be exploited by an attacker to view sensitive log...

OPSWAT MetaDefender Core 安全漏洞

OPSWAT MetaDefender Core OPSWAT MDCore is a multi-engine anti-malware software from OPSWAT, Inc. It prevents the upload of malicious files on web applications that bypass sandboxing and other detection-based security solutions. A security vulnerability exists in OPSWAT MetaDefender Core versions...

Factlink: File name/folder enumeration.

Hello, an attacker may be able to map your server and find configuration file names by the following method: Valid attempt Not found: https://staging.factlink.com/%5C../%5C../%5C../%5C../%5C../%5C../etc/passwd Invalid attempt 404...

HackerOne: File Name Enumeration

Hi guys, I am kind of surprised no one hast reported this issue yet. or maybe they have and due to the severity it was never patched? An example of this behavior would be: https://hackerone.com//%5C../%5C../%5C../%5C../%5C../%5C../etc/passwd which is a valid attempt even though we get an error...