7281 matches found
Path traversal, lead to arbitrary file write, lead to remote code execution
Description Anythingllm use multer library to handle http multi-part file upload. Anything llm use the following code to handle non-ascii file name file.originalname = Buffer.fromfile.originalname, "latin1".toString "utf8" ; This way of manipulating filename is will lead to path traversal. multer...
multer(file upload middleware in express) misused, lead to remote code execution
Description Librechat use multer to handle multi-part file upload. multer library will deal with '../' kind of path traversal, then let the programmer decide the actual filename, then join the path to write the upload the file. this means, if '../' is provided by the user of librechat, multer wil...
CVE-2024-47253
In 2N Access Commander versions 3.1.1.2 and prior, a Path Traversal vulnerability could allow an attacker with administrative privileges to write files on the filesystem and potentially achieve arbitrary remote code execution. This vulnerability cannot be exploited by users with lower privilege...
SUSE CVE-2024-49380
Plenti, a static site generator, has an arbitrary file write vulnerability in versions prior to 0.7.2. The /postLocal endpoint is vulnerable to an arbitrary file write vulnerability when a plenti user serves their website. This issue may lead to Remote Code Execution. Version 0.7.2 fixes the...
The vulnerability of the GetConfPath() function in the Nginx UI server’s user interface allows a hacker to write arbitrary files.
The vulnerability of the GetConfPath function in the Nginx UI server’s user interface is related to the improper handling of JSON fields, resulting in incorrect values being retrieved without proper validation. This issue arises due to a faulty restriction on the path to the restricted directory...
Plenti arbitrary file write vulnerability
Plenti, a static site generator, has an arbitrary file write vulnerability in versions prior to 0.7.2. The /postLocal endpoint is vulnerable to an arbitrary file write vulnerability when a plenti user serves their website. This issue may lead to Remote Code Execution. Version 0.7.2 fixes the...
GHSA-2P96-P7QH-4RGR Plenti arbitrary file write vulnerability
Plenti, a static site generator, has an arbitrary file write vulnerability in versions prior to 0.7.2. The /postLocal endpoint is vulnerable to an arbitrary file write vulnerability when a plenti user serves their website. This issue may lead to Remote Code Execution. Version 0.7.2 fixes the...
The vulnerability of the Splunk Enterprise operating analysis platform lies in the incorrect limitation of the path name to the restricted access directory, allowing a malicious user to write any file into the root directory of the Windows system.
The vulnerability of the Splunk Enterprise operating platform relates to an incorrect restriction on the path name to the restricted access directory. Exploiting this vulnerability could allow a malicious actor to write any file into the root directory of the Windows system...
CVE-2024-6868
mudler/LocalAI version 2.17.1 allows for arbitrary file write due to improper handling of automatic archive extraction. When model configurations specify additional files as archives e.g., .tar, these archives are automatically extracted after downloading. This behavior can be exploited to perfor...
CVE-2024-6868
mudler/LocalAI version 2.17.1 allows for arbitrary file write due to improper handling of automatic archive extraction. When model configurations specify additional files as archives e.g., .tar, these archives are automatically extracted after downloading. This behavior can be exploited to perfor...
PYSEC-2024-111
A path traversal vulnerability exists in the getFullPath method of langchain-ai/langchainjs version 0.2.5. This vulnerability allows attackers to save files anywhere in the filesystem, overwrite existing text files, read .txt files, and delete files. The vulnerability is exploited through the...
CVE-2024-6868 Arbitrary File Write in mudler/LocalAI
mudler/LocalAI version 2.17.1 allows for arbitrary file write due to improper handling of automatic archive extraction. When model configurations specify additional files as archives e.g., .tar, these archives are automatically extracted after downloading. This behavior can be exploited to perfor...
CVE-2024-6868 Arbitrary File Write in mudler/LocalAI
mudler/LocalAI version 2.17.1 allows for arbitrary file write due to improper handling of automatic archive extraction. When model configurations specify additional files as archives e.g., .tar, these archives are automatically extracted after downloading. This behavior can be exploited to perfor...
CVE-2024-6868
CVE-2024-6868 affects mudler/LocalAI (version 2.17.1). The issue is improper handling of automatic archive extraction when model configurations specify archives (for example, .tar), causing archives to be extracted after download and enabling a potentially destructive “tarslip” that can write fil...
CVE-2024-49771
CVE-2024-49771 affects the MPXJ library (used to read/write project plans). The issue is a path traversal vulnerability in the ZIP stream handling (InputStreamHelper/Packwood MPXJ code) that could allow writing files to arbitrary locations. It is addressed in MPXJ version 13.5.1. No exploitation ...
GO-2024-3213 Plenti arbitrary file write vulnerability in github.com/plentico/plenti
Plenti arbitrary file write vulnerability in github.com/plentico/plenti...
MPXJ 路径遍历漏洞
MPXJ is an open source library by Jon Iles Personal Developer. It is used to read and write project plans from various file formats and databases. MPXJ suffers from a path traversal vulnerability that stems from allowing an attacker to construct malicious paths to write files to arbitrary locatio...
CVE-2024-49380
Plenti, a static site generator, has an arbitrary file write vulnerability in versions prior to 0.7.2. The /postLocal endpoint is vulnerable to an arbitrary file write vulnerability when a plenti user serves their website. This issue may lead to Remote Code Execution. Version 0.7.2 fixes the...
CVE-2024-49380 Plenti arbitrary file write vulnerability
Plenti, a static site generator, has an arbitrary file write vulnerability in versions prior to 0.7.2. The /postLocal endpoint is vulnerable to an arbitrary file write vulnerability when a plenti user serves their website. This issue may lead to Remote Code Execution. Version 0.7.2 fixes the...
CVE-2024-49380 Plenti arbitrary file write vulnerability
Plenti, a static site generator, has an arbitrary file write vulnerability in versions prior to 0.7.2. The /postLocal endpoint is vulnerable to an arbitrary file write vulnerability when a plenti user serves their website. This issue may lead to Remote Code Execution. Version 0.7.2 fixes the...