PT-2024-25255 · Tiagorlampert · Chaos

Name of the Vulnerable Software and Affected Versions: tiagorlampert CHAOS versions before 1b451cf62582295b7225caf5a7b506f0bad56f6b and 24c9e109b5be34df7b2bce8368eae669c481ed5e tiagorlampert CHAOS version v5.0.1 Description: The issue allows a remote attacker to execute arbitrary code via the...

CVE-2024-3025

mintplex-labs/anything-llm is vulnerable to path traversal attacks due to insufficient validation of user-supplied input in the logo filename functionality. Attackers can exploit this vulnerability by manipulating the logo filename to reference files outside of the restricted directory. This can...

CVE-2024-3025

The CVE-2024-3025 entry affects mintplex-labs/anything-llm, where the logo filename handling allows path traversal due to insufficient input validation. Attackers can reference files outside the restricted directory via the logo upload endpoint, exposing the application’s database and potentially...

CVE-2024-3025 Path Traversal in mintplex-labs/anything-llm

mintplex-labs/anything-llm is vulnerable to path traversal attacks due to insufficient validation of user-supplied input in the logo filename functionality. Attackers can exploit this vulnerability by manipulating the logo filename to reference files outside of the restricted directory. This can...

AnythingLLM 安全漏洞

AnythingLLM is a document chatbot that meets business requirements. A security vulnerability exists in AnythingLLM that stems from insufficient validation of user-supplied input in the logo filename feature, which could lead to a path traversal attack...

PT-2024-23297 · Mintplex · Anything-Llm

Name of the Vulnerable Software and Affected Versions: mintplex-labs/anything-llm affected versions not specified Description: The issue is related to path traversal attacks due to insufficient validation of user-supplied input in the logo filename functionality. Attackers can exploit this by...

localai 操作系统命令注入漏洞

LocalAI is a free, open source alternative to OpenAI from the individual developer Ettore Di Giacinto. localai suffers from an operating system command injection vulnerability that stems from failure to clean up a user-supplied filename before passing it to ffmpeg via a shell command, allowing an...

CVE-2024-31809

TOTOLINK EX200 V4.0.3c.7646B20201211 was discovered to contain a remote code execution RCE vulnerability via the FileName parameter in the setUpgradeFW function...

WordPress ARMember plugin <= 4.0.27 - Directory Traversal via X-FILENAME vulnerability

Directory Traversal via X-FILENAME vulnerability discovered by Lucio Sá in WordPress Plugin ARMember versions = 4.0.27...

CVE-2024-31809

TOTOLINK EX200 V4.0.3c.7646B20201211 was discovered to contain a remote code execution RCE vulnerability via the FileName parameter in the setUpgradeFW function...

CVE-2024-31809

TOTOLINK EX200 V4.0.3c.7646B20201211 was discovered to contain a remote code execution RCE vulnerability via the FileName parameter in the setUpgradeFW function...

CVE-2024-30849

Arbitrary file upload vulnerability in Sourcecodester Complete E-Commerce Site v1.0, allows remote attackers to execute arbitrary code via filename parameter in admin/productsphoto.php...

CVE-2024-3022

The BookingPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient filename validation in the 'bookingpressprocessupload' function in all versions up to, and including 1.0.87. This allows an authenticated attacker with administrator-level capabilities or higher to...

CVE-2024-3022

The BookingPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient filename validation in the 'bookingpressprocessupload' function in all versions up to, and including 1.0.87. This allows an authenticated attacker with administrator-level capabilities or higher to...

CVE-2024-3022 BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin <= 1.0.87 - Authenticated (Admin+) Arbitrary File Upload

The BookingPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient filename validation in the 'bookingpressprocessupload' function in all versions up to, and including 1.0.87. This allows an authenticated attacker with administrator-level capabilities or higher to...

CVE-2024-3022

BookingPress for WordPress (all versions

CVE-2024-3022 BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin <= 1.0.87 - Authenticated (Admin+) Arbitrary File Upload

The BookingPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient filename validation in the 'bookingpressprocessupload' function in all versions up to, and including 1.0.87. This allows an authenticated attacker with administrator-level capabilities or higher to...

WordPress Plugin BookingPress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exis...

OpenSSH 安全漏洞

OpenSSH OpenBSD Secure Shell is a set of connection tools for secure access to remote computers from the Canadian OpenBSD Project Group. The tools are an open source implementation of the SSH protocol and support encryption of all transmissions, effectively blocking eavesdropping, connection...

PT-2024-24217 · Totolink · Totolink Ex200

Name of the Vulnerable Software and Affected Versions: TOTOLINK EX200 version 4.0.3c.7646 B20201211 Description: A remote code execution issue was discovered, allowing exploitation via the FileName parameter in the setUpgradeFW function. This enables unauthorized code execution, potentially leadi...