3 matches found
GHSA-9CHM-M6X2-6FVC lollms vulnerable to path traversal due to unauthenticated root folder settings change
A path traversal vulnerability exists in the XTTS server included in the lollms package, version v9.6. This vulnerability arises from the ability to perform an unauthenticated root folder settings change. Although the read file endpoint is protected against path traversals, this protection can be...
Rumpus FTP Web File Manager Cross-Site Request Forgery Vulnerability (CNVD-2020-04662)
Rumpus FTP Web File Manager is a file transfer server. A cross-site request forgery vulnerability exists in the folder settings feature of Web File Manager in Rumpus FTP version 8.2.9.1. The vulnerability stems from the WEB application not adequately verifying that requests are coming from a...
Cybozu Garoon Operation Limit Bypass Vulnerability
Cybozu Garoon is an office software with Chinese, Japanese, and English languages. An operation restriction bypass vulnerability exists in "Folder Settings" in Cybozu Garoon 3.0.0 through 4.2.6. The vulnerability can be exploited by a user with administrative privileges for one or more folders to...