330 matches found
Path Traversal
agnai is vulnerable to Path Traversal. The vulnerability is due to improper input validation in JSON file handling, allowing attackers to read arbitrary JSON files at attacker-chosen locations on the server. This can lead to unauthorized access to sensitive information exposure...
CVE-2024-47170
Agnai is an artificial-intelligence-agnostic multi-user, mult-bot roleplaying chat system. A vulnerability in versions prior to 1.0.330 permits attackers to read arbitrary JSON files at attacker-chosen locations on the server. This issue can lead to unauthorized access to sensitive information an...
CVE-2024-47170 Agnai File Disclosure Vulnerability: JSON via Path Traversal
Agnai is an artificial-intelligence-agnostic multi-user, mult-bot roleplaying chat system. A vulnerability in versions prior to 1.0.330 permits attackers to read arbitrary JSON files at attacker-chosen locations on the server. This issue can lead to unauthorized access to sensitive information an...
CVE-2024-6255
A vulnerability in the JSON file handling of gaizhenbiao/chuanhuchatgpt version 20240410 allows any user to delete any JSON file on the server, including critical configuration files such as config.json and dsconfigchatbot.json. This issue arises due to improper validation of file paths, enabling...
CVE-2024-6255 Path Traversal in gaizhenbiao/chuanhuchatgpt
A vulnerability in the JSON file handling of gaizhenbiao/chuanhuchatgpt version 20240410 allows any user to delete any JSON file on the server, including critical configuration files such as config.json and dsconfigchatbot.json. This issue arises due to improper validation of file paths, enabling...
CVE-2024-6255 Path Traversal in gaizhenbiao/chuanhuchatgpt
A vulnerability in the JSON file handling of gaizhenbiao/chuanhuchatgpt version 20240410 allows any user to delete any JSON file on the server, including critical configuration files such as config.json and dsconfigchatbot.json. This issue arises due to improper validation of file paths, enabling...
CVE-2024-6255
GAIZHENBIAO/CHUANHUCHATGPT 20240410 suffers a directory-traversal vulnerability in its JSON file handling, enabling deletion of arbitrary server JSON files (e.g., config.json, ds_config_chatbot.json). Root cause: improper validation of file paths. Impact: potential disruption of the system, manip...
CVE-2024-6828
The Redux Framework plugin for WordPress is vulnerable to unauthenticated JSON file uploads due to missing authorization and capability checks on the ReduxColorSchemeImport function in versions 4.4.12 to 4.4.17. This makes it possible for unauthenticated attackers to upload JSON files, which can ...
CVE-2024-6828 Redux Framework 4.4.12 - 4.4.17 - Unauthenticated JSON File Upload to Stored Cross-Site Scripting
The Redux Framework plugin for WordPress is vulnerable to unauthenticated JSON file uploads due to missing authorization and capability checks on the ReduxColorSchemeImport function in versions 4.4.12 to 4.4.17. This makes it possible for unauthenticated attackers to upload JSON files, which can ...
CVE-2024-6828
CVE-2024-6828 (Redux Framework, WordPress): The Redux Framework plugin versions 4.4.12–4.4.17 are vulnerable to unauthenticated JSON file uploads due to missing authorization/capability checks in the Redux_Color_Scheme_Import function, enabling stored XSS and, in rare cases when wp_filesystem fai...
CVE-2024-6828 Redux Framework 4.4.12 - 4.4.17 - Unauthenticated JSON File Upload to Stored Cross-Site Scripting
The Redux Framework plugin for WordPress is vulnerable to unauthenticated JSON file uploads due to missing authorization and capability checks on the ReduxColorSchemeImport function in versions 4.4.12 to 4.4.17. This makes it possible for unauthenticated attackers to upload JSON files, which can ...
Photon OS 4.0: Json PHSA-2023-4.0-0462
An update of the json package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2023-4.0-0462. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
AZL-43543 CVE-2024-38517 affecting package opencc 1.1.1-3
Tencent RapidJSON is vulnerable to privilege escalation due to an integer underflow in the GenericReader::ParseNumber function of include/rapidjson/reader.h when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the intege...
Exploit for CVE-2024-37742
CVE-2024-37742: Clipboard Exploit in SEB ≤ 3.5.0 Windows Thi...
CVE-2024-25975
The application implements an up- and downvote function which alters a value within a JSON file. The POST parameters are not filtered properly and therefore an arbitrary file can be overwritten. The file can be controlled by an authenticated attacker, the content cannot be controlled. It is...
CVE-2024-25975
The application implements an up- and downvote function which alters a value within a JSON file. The POST parameters are not filtered properly and therefore an arbitrary file can be overwritten. The file can be controlled by an authenticated attacker, the content cannot be controlled. It is...
CVE-2024-25975
CVE-2024-25975 affects the HAWKI application (Interaction Design Team, University of Applied Sciences) and is tied to a path-traversal in the up/downvote feature. The POST parameters are not properly filtered, allowing an authenticated attacker to write arbitrary files on the server by supplying ...
CVE-2024-25975 Arbitrary File Overwrite
The application implements an up- and downvote function which alters a value within a JSON file. The POST parameters are not filtered properly and therefore an arbitrary file can be overwritten. The file can be controlled by an authenticated attacker, the content cannot be controlled. It is...
PT-2024-21249 · Interaction Design Team At The University Of Applied Sciences Arts In Hildesheim/Germany +2 · Hawki
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue concerns an application's up- and downvote function, which modifies a value in a JSON file. Due to improper filtering of POST parameters, an...
SUSE-SU-2024:1775-1 Security update for libfastjson
This update for libfastjson fixes the following issues: - CVE-2020-12762: Fixed integer overflow and out-of-bounds write via a large JSON file bsc1171479...