CVE-2024-7777

CVE-2024-7777 affects WordPress Bit Form plugin (2.0–2.13.9). Insufficient file-path validation in multiple functions allows authenticated Administrators+ to read and delete arbitrary server files (e.g., wp-config.php), potentially enabling remote code execution. Patch available in version 2.13.1...

WordPress plugin Contact Form by Bit Form 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in t...

ChuanhuChatGPT 安全漏洞

ChuanhuChatGPT is an application by the individual developer Chuan Hu. It provides a fast and easy-to-use web graphical interface and many additional features for many LLMs such as ChatGPT. A security vulnerability exists in ChuanhuChatGPT version 20240410, which stems from improper file path...

Docker Desktop Daemon CLI External Control of File Path Denial-of-Service Vulnerability

This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Docker Desktop. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

CVE-2024-6885

The MaxiBlocks: 2200+ Patterns, 190 Pages, 14.2K Icons & 100 Styles plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the maxiremovecustomimagesize and maxiaddcustomimagesize functions in all versions up to, and including, 1.9.2. This makes ...

USN-6888-2: Django vulnerabilities

USN-6888-1 fixed several vulnerabilities in Django. This update provides the corresponding update for Ubuntu 18.04 LTS. Original advisory details: Elias Myllymäki discovered that Django incorrectly handled certain inputs with a large number of brackets. A remote attacker could possibly use this...

Ubuntu 18.04 LTS : Django vulnerabilities (USN-6888-2)

The remote Ubuntu 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6888-2 advisory. USN-6888-1 fixed several vulnerabilities in Django. This update provides the corresponding update for Ubuntu 18.04 LTS. Tenable has extracted the precedi...

Ubuntu: Security Advisory (USN-6888-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : Django vulnerabilities (USN-6888-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6888-1 advisory. Elias Myllymki discovered that Django incorrectly handled certain inputs with a large number of brackets. A remote attack...

CVE-2024-39330

An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. Derived classes of the django.core.files.storage.Storage base class, when they override generatefilename without replicating the file-path validations from the parent class, potentially allow directory traversal via certain...

CVE-2024-2548

A path traversal vulnerability exists in the parisneo/lollms-webui application, specifically within the lollmscore/lollms/server/endpoints/lollmsbindingfilesserver.py and lollmscore/lollms/security.py files. Due to inadequate validation of file paths between Windows and Linux environments using...

WP Poll Maker < 3.4 - Authenticated (Subscriber+) Arbitrary File Deletion

Description The WP Poll Maker – Best WordPress Poll Plugin for Voting Contest plugin for WordPress is vulnerable to arbitrary file deletion due to a missing capability check on the itepollthemeactionuninstall function and insufficient file path validation in all versions up to, and including, 3.1...

LoLLMs 路径遍历漏洞

LoLLMs is a Web UI for a large language multimodal system by the individual developer Saifeddine ALOUI. A path traversal vulnerability exists in LoLLMs lollms-webui that stems from insufficient validation of user-supplied file paths...

CVE-2024-28222

In Veritas NetBackup before 8.1.2 and NetBackup Appliance before 3.1.2, the BPCD process inadequately validates the file path, allowing an unauthenticated attacker to upload and execute a custom file...

CVE-2024-28222

In Veritas NetBackup before 8.1.2 and NetBackup Appliance before 3.1.2, the BPCD process inadequately validates the file path, allowing an unauthenticated attacker to upload and execute a custom file...

Path Traversal

clearml is vulnerable to Path Traversal. The vulnerability is due to a lack of file path validation, which allows an attacker to craft a malicious dataset which writes files to arbitrary locations on the system...

Path Traversal

Atril is vulnerable to Path Traversal. The vulnerability is due to improper file path validation. The attacker can write arbitrary files anywhere on the filesystem to which the user opening a crafted document has access...

CVE-2023-5672

The WP Mail Log WordPress plugin before 1.1.3 does not properly validate file path parameters when attaching files to emails, leading to local file inclusion, and allowing an attacker to leak the contents of arbitrary files...

CVE-2023-5672

The WP Mail Log WordPress plugin before 1.1.3 does not properly validate file path parameters when attaching files to emails, leading to local file inclusion, and allowing an attacker to leak the contents of arbitrary files...

CVE-2023-5991

CVE-2023-5991 affects the Hotel Booking Lite WordPress plugin prior to 4.8.5. The issue arises from the plugin not validating user-supplied file paths and lacking proper CSRF/authorization checks, enabling unauthenticated attackers to download and delete arbitrary server files. Remediation is to ...