Path Traversal

mlflow is vulnerable to Arbitrary File Write. The vulnerability exists due to the lack of URL pat sanitization in the load function of httpdatasetsource.py, allowing an attacker to access files outside the expected directory and download arbitrary files through a malicious URL when loading datase...

Mlflow Path Traversal Vulnerability

Mlflow is an open source platform for machine learning lifecycles. A path traversal vulnerability exists in Mlflow versions prior to 2.9.2, which stems from the ability to write arbitrary files while loading a dataset...

CVE-2023-46455

In GL.iNET GL-AR300M routers with firmware v4.3.7 it is possible to write arbitrary files through a path traversal attack in the OpenVPN client file upload functionality...

CVE-2023-46455

In GL.iNET GL-AR300M routers with firmware v4.3.7 it is possible to write arbitrary files through a path traversal attack in the OpenVPN client file upload functionality...

Limited File Write

MindsDB is vulnerable to Limited File Write. The vulnerability is caused due to a put method in mindsdb/mindsdb/api/http/namespaces/file.py does not validate the user-controlled name value, which is used to construct a temporary file name. This allows to write files anywhere on the server leading...

GL.iNet GL-AR300M Security Vulnerability

GL.iNet GL-AR300M is a modern mini smart router from China's GL.iNet. A security vulnerability exists in the GL.iNET GL-AR300M v4.3.7, which stems from the presence of a path traversal vulnerability that allows an attacker to write arbitrary files via the file upload function of the OpenVPN clien...

CVE-2023-49796

MindsDB connects artificial intelligence models to real time data. Versions prior to 23.11.4.1 contain a limited file write vulnerability in file.py Users should use MindsDB's staging branch or v23.11.4.1, which contain a fix for the issue...

PYSEC-2023-278

MindsDB connects artificial intelligence models to real time data. Versions prior to 23.11.4.1 contain a limited file write vulnerability in file.py Users should use MindsDB's staging branch or v23.11.4.1, which contain a fix for the issue...

PYSEC-2023-278

MindsDB connects artificial intelligence models to real time data. Versions prior to 23.11.4.1 contain a limited file write vulnerability in file.py Users should use MindsDB's staging branch or v23.11.4.1, which contain a fix for the issue...

Design/Logic Flaw

MindsDB connects artificial intelligence models to real time data. Versions prior to 23.11.4.1 contain a limited file write vulnerability in file.py Users should use MindsDB's staging branch or v23.11.4.1, which contain a fix for the issue...

CVE-2023-49796 MindsDB Arbitrary File Write vulnerability

MindsDB connects artificial intelligence models to real time data. Versions prior to 23.11.4.1 contain a limited file write vulnerability in file.py Users should use MindsDB's staging branch or v23.11.4.1, which contain a fix for the issue...

CVE-2023-49796

CVE-2023-49796 affects MindsDB prior to 23.11.4.1, where the put method in mindsdb/mindsdb/api/http/namespaces/file.py does not validate the user-supplied name, enabling arbitrary file writes via path injection. Public sources corroborate a limited file write vulnerability in file.py. Affected ve...

CVE-2023-49796 MindsDB Arbitrary File Write vulnerability

MindsDB connects artificial intelligence models to real time data. Versions prior to 23.11.4.1 contain a limited file write vulnerability in file.py Users should use MindsDB's staging branch or v23.11.4.1, which contain a fix for the issue...

MindsDB Input Validation Error Vulnerability

MindsDB is an emerging low-code machine learning platform from MindsDB, Inc. An input validation error vulnerability exists in MindsDB versions prior to 23.11.4.1, which stems from the presence of a limited file write in file.py...

NCP Engineering Secure Enterprise Client Security Vulnerability

Ncp Engineering NCP engineering Secure Enterprise Client is a VPN Virtual Private Network client application from the German company Ncp Engineering. A security vulnerability exists in NCP engineering Secure Enterprise Client versions prior to 12.22, which stems from the presence of insecure file...

Directory Traversal

Amendment This was deemed not a vulnerability. Overview cross-zip is a Cross-platform .zip file creation Affected versions of this package are vulnerable to Directory Traversal via consecutive usage of zipSync and unzipSync functions that allow arguments such as dirname. An attacker can access...

PT-2023-30033 · Gl.Inet · Gl-Ar300M

Name of the Vulnerable Software and Affected Versions: GL.iNET GL-AR300M version 4.3.7 Description: The issue allows an attacker to write arbitrary files through a path traversal attack in the OpenVPN client file upload functionality. This can potentially lead to unauthorized access and...

CVE-2023-46690

In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an attacker to write to any file to any location of the filesystem, which could lead to remote code execution...

CVE-2023-46690

CVE-2023-46690 affects Delta Electronics InfraSuite Device Master (version 1.0.7 and earlier). The vulnerability is a path traversal flaw in the device master that allows an attacker to write to arbitrary files anywhere on the filesystem, potentially enabling remote code execution. Related adviso...

Delta Electronics InfraSuite Device Master Security Vulnerability

Delta Electronics InfraSuite Device Master is a device used to simplify and automate the monitoring of critical equipment from Delta Electronics Taiwan, China. A security vulnerability exists in Delta Electronics InfraSuite Device Master v.1.0.7 and prior versions, which originated from a...