Lucene search
K

7281 matches found

Huntr
Huntr
added 2024/11/11 6:4 a.m.6 views

Path traversal, lead to arbitrary file write, lead to remote code execution

Description Anythingllm use multer library to handle http multi-part file upload. Anything llm use the following code to handle non-ascii file name file.originalname = Buffer.fromfile.originalname, "latin1".toString "utf8" ; This way of manipulating filename is will lead to path traversal. multer...

7.2CVSS7.6AI score0.19777EPSS
Exploits1
Huntr
Huntr
added 2024/11/08 6:21 a.m.4 views

multer(file upload middleware in express) misused, lead to remote code execution

Description Librechat use multer to handle multi-part file upload. multer library will deal with '../' kind of path traversal, then let the programmer decide the actual filename, then join the path to write the upload the file. this means, if '../' is provided by the user of librechat, multer wil...

8.8CVSS9.2AI score0.01622EPSS
Exploits1
OSV
OSV
added 2024/11/05 10:20 a.m.1 views

CVE-2024-47253

In 2N Access Commander versions 3.1.1.2 and prior, a Path Traversal vulnerability could allow an attacker with administrative privileges to write files on the filesystem and potentially achieve arbitrary remote code execution. This vulnerability cannot be exploited by users with lower privilege...

7.2CVSS6.1AI score0.00934EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2024/11/02 3:49 a.m.1 views

SUSE CVE-2024-49380

Plenti, a static site generator, has an arbitrary file write vulnerability in versions prior to 0.7.2. The /postLocal endpoint is vulnerable to an arbitrary file write vulnerability when a plenti user serves their website. This issue may lead to Remote Code Execution. Version 0.7.2 fixes the...

7.5CVSS7.2AI score0.02763EPSS
Exploits1References5
BDU FSTEC
BDU FSTEC
added 2024/11/01 12:0 a.m.5 views

The vulnerability of the GetConfPath() function in the Nginx UI server’s user interface allows a hacker to write arbitrary files.

The vulnerability of the GetConfPath function in the Nginx UI server’s user interface is related to the improper handling of JSON fields, resulting in incorrect values being retrieved without proper validation. This issue arises due to a faulty restriction on the path to the restricted directory...

7.8CVSS5.6AI score0.00579EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2024/10/31 9:48 p.m.22 views

Plenti arbitrary file write vulnerability

Plenti, a static site generator, has an arbitrary file write vulnerability in versions prior to 0.7.2. The /postLocal endpoint is vulnerable to an arbitrary file write vulnerability when a plenti user serves their website. This issue may lead to Remote Code Execution. Version 0.7.2 fixes the...

9.3CVSS7.4AI score0.02763EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2024/10/31 9:48 p.m.8 views

GHSA-2P96-P7QH-4RGR Plenti arbitrary file write vulnerability

Plenti, a static site generator, has an arbitrary file write vulnerability in versions prior to 0.7.2. The /postLocal endpoint is vulnerable to an arbitrary file write vulnerability when a plenti user serves their website. This issue may lead to Remote Code Execution. Version 0.7.2 fixes the...

9.3CVSS9.5AI score0.02763EPSS
Exploits1References5
BDU FSTEC
BDU FSTEC
added 2024/10/30 12:0 a.m.5 views

The vulnerability of the Splunk Enterprise operating analysis platform lies in the incorrect limitation of the path name to the restricted access directory, allowing a malicious user to write any file into the root directory of the Windows system.

The vulnerability of the Splunk Enterprise operating platform relates to an incorrect restriction on the path name to the restricted access directory. Exploiting this vulnerability could allow a malicious actor to write any file into the root directory of the Windows system...

8CVSS5.5AI score0.00535EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2024/10/29 1:15 p.m.29 views

CVE-2024-6868

mudler/LocalAI version 2.17.1 allows for arbitrary file write due to improper handling of automatic archive extraction. When model configurations specify additional files as archives e.g., .tar, these archives are automatically extracted after downloading. This behavior can be exploited to perfor...

9.8CVSS0.01501EPSS
Exploits1References2
OSV
OSV
added 2024/10/29 1:15 p.m.12 views

CVE-2024-6868

mudler/LocalAI version 2.17.1 allows for arbitrary file write due to improper handling of automatic archive extraction. When model configurations specify additional files as archives e.g., .tar, these archives are automatically extracted after downloading. This behavior can be exploited to perfor...

9.8CVSS7.9AI score
Exploits0References2
OSV
OSV
added 2024/10/29 1:15 p.m.8 views

PYSEC-2024-111

A path traversal vulnerability exists in the getFullPath method of langchain-ai/langchainjs version 0.2.5. This vulnerability allows attackers to save files anywhere in the filesystem, overwrite existing text files, read .txt files, and delete files. The vulnerability is exploited through the...

9.1CVSS5.9AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/10/29 12:46 p.m.16 views

CVE-2024-6868 Arbitrary File Write in mudler/LocalAI

mudler/LocalAI version 2.17.1 allows for arbitrary file write due to improper handling of automatic archive extraction. When model configurations specify additional files as archives e.g., .tar, these archives are automatically extracted after downloading. This behavior can be exploited to perfor...

8.1CVSS8.2AI score0.01501EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/10/29 12:46 p.m.24 views

CVE-2024-6868 Arbitrary File Write in mudler/LocalAI

mudler/LocalAI version 2.17.1 allows for arbitrary file write due to improper handling of automatic archive extraction. When model configurations specify additional files as archives e.g., .tar, these archives are automatically extracted after downloading. This behavior can be exploited to perfor...

8.1CVSS0.01501EPSS
Exploits1References2
CVE
CVE
added 2024/10/29 12:46 p.m.53 views

CVE-2024-6868

CVE-2024-6868 affects mudler/LocalAI (version 2.17.1). The issue is improper handling of automatic archive extraction when model configurations specify archives (for example, .tar), causing archives to be extracted after download and enabling a potentially destructive “tarslip” that can write fil...

9.8CVSS8.5AI score0.01501EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2024/10/28 4:57 p.m.71 views

CVE-2024-49771

CVE-2024-49771 affects the MPXJ library (used to read/write project plans). The issue is a path traversal vulnerability in the ZIP stream handling (InputStreamHelper/Packwood MPXJ code) that could allow writing files to arbitrary locations. It is addressed in MPXJ version 13.5.1. No exploitation ...

5.3CVSS5.1AI score0.00464EPSS
Exploits0References2
OSV
OSV
added 2024/10/28 3:20 p.m.12 views

GO-2024-3213 Plenti arbitrary file write vulnerability in github.com/plentico/plenti

Plenti arbitrary file write vulnerability in github.com/plentico/plenti...

9.3CVSS9.4AI score0.02763EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/10/28 12:0 a.m.4 views

MPXJ 路径遍历漏洞

MPXJ is an open source library by Jon Iles Personal Developer. It is used to read and write project plans from various file formats and databases. MPXJ suffers from a path traversal vulnerability that stems from allowing an attacker to construct malicious paths to write files to arbitrary locatio...

5.3CVSS7.4AI score0.00464EPSS
Exploits0References3
NVD
NVD
added 2024/10/25 2:15 p.m.19 views

CVE-2024-49380

Plenti, a static site generator, has an arbitrary file write vulnerability in versions prior to 0.7.2. The /postLocal endpoint is vulnerable to an arbitrary file write vulnerability when a plenti user serves their website. This issue may lead to Remote Code Execution. Version 0.7.2 fixes the...

9.3CVSS0.02763EPSS
Exploits1References3
Cvelist
Cvelist
added 2024/10/25 1:4 p.m.18 views

CVE-2024-49380 Plenti arbitrary file write vulnerability

Plenti, a static site generator, has an arbitrary file write vulnerability in versions prior to 0.7.2. The /postLocal endpoint is vulnerable to an arbitrary file write vulnerability when a plenti user serves their website. This issue may lead to Remote Code Execution. Version 0.7.2 fixes the...

9.3CVSS0.02763EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2024/10/25 1:4 p.m.15 views

CVE-2024-49380 Plenti arbitrary file write vulnerability

Plenti, a static site generator, has an arbitrary file write vulnerability in versions prior to 0.7.2. The /postLocal endpoint is vulnerable to an arbitrary file write vulnerability when a plenti user serves their website. This issue may lead to Remote Code Execution. Version 0.7.2 fixes the...

9.3CVSS7.5AI score0.02763EPSS
Exploits1References3
Rows per page
Query Builder