Remote Code Execution on click of <a> Link in markdown preview

Summary There is a vulnerability in Joplin-desktop that leads to remote code execution RCE when a user clicks on an link within untrusted notes. The issue arises due to insufficient sanitization of tag attributes introduced by the Mermaid. This vulnerability allows the execution of untrusted HTML...

CVE-2024-52291 Craft has a Local File System Validation Bypass Leading to File Overwrite, Sensitive File Access, and Potential Code Execution

Craft is a content management system CMS. A vulnerability in CraftCMS allows an attacker to bypass local file system validation by utilizing a double file:// scheme e.g., file://file:////. This enables the attacker to specify sensitive folders as the file system, leading to potential file...

Local File System Validation Bypass Leading to File Overwrite, Sensitive File Access, and Potential Code Execution

Summary A vulnerability in CraftCMS allows an attacker to bypass local file system validation by utilizing a double file:// scheme e.g., file://file:////. This enables the attacker to specify sensitive folders as the file system, leading to potential file overwriting through malicious uploads,...

CVE-2024-0067

Marinus Pfund, member of the AXIS OS Bug Bounty Program, has found the VAPIX API ledlimit.cgi was vulnerable for path traversal attacks allowing to list folder/file names on the local file system of the Axis device. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer...

Check Point Security Gateway Arbitrary File Read

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Check Point Security Gateway Arbitrary File Read', 'Description' = %q This module leverages an unauthenticated arbitrary root file read...

CVE-2024-5598

The Advanced File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.2.4 via the 'fmalocalfilesystem' function. This makes it possible for unauthenticated attackers to extract sensitive data including backups or other sensitive...

PT-2024-36632 · WordPress · Advanced File Manager

Name of the Vulnerable Software and Affected Versions: Advanced File Manager plugin for WordPress versions up to, and including, 5.2.4 Description: The issue allows unauthenticated attackers to extract sensitive data, including backups or other sensitive information, if the files have been moved ...

Check Point Security Gateway Arbitrary File Read

This module leverages an unauthenticated arbitrary root file read vulnerability for Check Point Security Gateway appliances. When the IPSec VPN or Mobile Access blades are enabled on affected devices, traversal payloads can be used to read any files on the local file system. Password hashes read...

GHSA-J46Q-5PXX-8VMW Local File Inclusion in mlflow

A Local File Inclusion LFI vulnerability was identified in mlflow/mlflow, specifically in version 2.9.2, which was fixed in version 2.11.3. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as '../'. An attacker can...

CVE-2024-25724

In RTI Connext Professional 5.3.1 through 6.1.0 before 6.1.1, a buffer overflow in XML parsing from Routing Service, Recording Service, Queuing Service, and Cloud Discovery Service allows attackers to execute code with the affected service's privileges, compromise the service's integrity, leak...

CVE-2024-25724

The vulnerability CVE-2024-25724 affects RTI Connext® Professional versions 5.3.1 through 6.1.0, with a buffer overflow in XML parsing across Routing Service, Recording Service, Queuing Service, and Cloud Discovery Service. The underlying issue allows an attacker to execute code with the privileg...

GHSA-MWC7-64WG-PGVJ NiceGUI allows potential access to local file system

NiceGUI is an easy-to-use, Python-based UI framework. A local file inclusion is present in the NiceUI leaflet component when requesting resource files under the /nicegui/version/resources/key/path:path route. As a result any file on the backend filesystem which the web server has access to can be...

BIT-GITLAB-2021-39913

Accidental logging of system root password in the migration log in all versions of GitLab CE/EE before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 allows an attacker with local file system access to obtain system root-level privileges...

PT-2024-13248 · Opentext · Opentext Appbuilder

Name of the Vulnerable Software and Affected Versions: OpenText AppBuilder versions 21.2 through 23.2 Description: The issue is related to improper input validation, allowing an authenticated user with database creation or management privileges to exploit the AppBuilder server. This exploitation...

Directory traversal

A directory traversal vulnerability in the SOAP Server integrated in Atos Unify OpenScape Voice V10 before V10R3.26.1 allows a remote attacker to view the contents of arbitrary files in the local file system. An unauthenticated attacker might obtain sensitive files that allow for the compromise o...

Audiobookshelf Path Traversal Vulnerability

Audiobookshelf is a self-hosted audiobook and podcast server from audiobookshelf open source. A path traversal vulnerability exists in Audiobookshelf 2.4.3 and earlier versions, which stems from the presence of a path traversal that allows any user to read files from the local file system,...

CVE-2023-5514

The response messages received from the eSOMS report generation using certain parameter queries with full file path can be abused for enumerating the local file system structure...

Design/Logic Flaw

The response messages received from the eSOMS report generation using certain parameter queries with full file path can be abused for enumerating the local file system structure...

CVE-2023-5514

The response messages received from the eSOMS report generation using certain parameter queries with full file path can be abused for enumerating the local file system structure...

The vulnerability of the Windows Resilient File System, a local file system for Windows operating systems, allows attackers to enhance their privileges.

The vulnerability of the Windows Resilient File System, a local file system for Windows operating systems, is related to insecure management of privileges. Exploiting this vulnerability can allow an attacker to enhance their privileges...