CVE-2024-55657 SiYuan has an arbitrary file read via /api/template/render

SiYuan is a personal knowledge management system. Prior to version 3.1.16, an arbitrary file read vulnerability exists in Siyuan's /api/template/render endpoint. The absence of proper validation on the path parameter allows attackers to access sensitive files on the host system. Version 3.1.16...

CVE-2024-55657

CVE-2024-55657 affects Siyuan prior to version 3.1.16, where an arbitrary file read vulnerability exists in the /api/template/render endpoint due to insufficient path validation. The issue allows reading sensitive host files and is mitigated by upgrading to version 3.1.16, which includes a patch....

GHSA-XX68-37V4-4596 SiYuan has an arbitrary file read via /api/template/render

Summary An arbitrary file read vulnerability exists in Siyuan's /api/template/render endpoint. The absence of proper validation on the path parameter allows attackers to access sensitive files on the host system. Impact Arbitrary file read on the host...

SiYuan has an arbitrary file read via /api/template/render

Summary An arbitrary file read vulnerability exists in Siyuan's /api/template/render endpoint. The absence of proper validation on the path parameter allows attackers to access sensitive files on the host system. Impact Arbitrary file read on the host...

PT-2024-36571 · Siyuan · Siyuan

Name of the Vulnerable Software and Affected Versions: SiYuan versions prior to 3.1.16 Description: An arbitrary file read issue exists due to the absence of proper validation on the path parameter in the "/api/template/render" endpoint. This allows attackers to access sensitive files on the host...

D-Link DI-8003 命令注入漏洞

The D-Link DI-8003 is a wireless router from China-based AUO D-Link. A command injection vulnerability exists in the D-Link DI-8003 version 16.07.16A1, which stems from the parameter path in the file /upgradefilter.asp failing to correctly filter construct command special characters, commands, et...

PT-2024-34882 · Gradio · Gradio

Name of the Vulnerable Software and Affected Versions: Gradio versions prior to 5.5.0 Description: The issue allows an attacker with access to the application to abuse File or UploadButton components and read arbitrary files from the application server. This is possible because the client utils.i...

CVE-2024-49359

CVE-2024-49359 affects ZimaOS (fork of CasaOS) prior to or including version 1.2.4. The vulnerability is a directory traversal in the API endpoint /v2_1/file, exploitable by an authenticated user who can manipulate the path parameter to list arbitrary directories (e.g., /etc) on the server. The r...

CVE-2024-44413

A vulnerability was discovered in DI8200-16.07.26A1, which has been classified as critical. This issue affects the upgradefilterasp function in the upgradefilter.asp file. Manipulation of the path parameter can lead to command injection...

CVE-2024-44413

CVE-2024-44413 describes a critical command-injection flaw in the D-Link DI_8200 family (example: DI_8200-16.07.26A1). The issue arises in the upgrade_filter_asp function inside upgrade_filter.asp where manipulating the path parameter can lead to arbitrary command execution. Connected sources con...

D-Link DI_8200 安全漏洞

The D-Link DI8200 is an enterprise router from China's AUO D-Link. The D-Link DI8200 suffers from a command injection vulnerability that originates from manipulation of the parameter path in the file upgradefilter.asp. No details of the vulnerability are provided at this time...

CVE-2024-44414

CVE-2024-44414 affects WayOS FBM_292W with firmware 21.03.10V. The vulnerability is in the sub_4901E0 function of msp_info.htm where manipulation of the path parameter can lead to command injection. The CVSSv3.1 base score is 8.8 (High) with network attack vector, low complexity, and privileges r...

PT-2024-31147 · Di 8200 · Di 8200

Name of the Vulnerable Software and Affected Versions: DI 8200 version 16.07.26A1 Description: A critical issue has been discovered, affecting the upgrade filter asp function in the upgrade filter.asp file. Manipulation of the path parameter can lead to command injection. Recommendations: For DI...

CVE-2024-44413

A vulnerability was discovered in DI8200-16.07.26A1, which has been classified as critical. This issue affects the upgradefilterasp function in the upgradefilter.asp file. Manipulation of the path parameter can lead to command injection...

EsafeNet CDG SQL注入漏洞

EsafeNet CDG is a document security management system from EsafeNet. A SQL injection vulnerability exists in ESAFENET CDG V5, which originates from the fileId parameter of file/MultiServerBackService?path=1 that can lead to SQL injection...

VulnCheck KEV: CVE-2023-6023

An attacker can read any file on the filesystem on the server hosting ModelDB through an LFI in the artifactpath URL parameter...

CVE-2024-44400

A vulnerability was discovered in DI8400-16.07.26A1, which has been classified as critical. This issue affects the upgradefilterasp function in the upgradefilter.asp file. Manipulation of the path parameter can lead to command injection...

PT-2024-6373 · D Link · D-Link Di-8400

Name of the Vulnerable Software and Affected Versions: D-Link DI-8400 version 16.07.26A1 Description: A critical issue has been discovered, affecting the upgrade filter asp function in the upgrade filter.asp file. This issue allows for command injection through manipulation of the path parameter...

PT-2024-7881 · D Link · D-Link Di-8003

Name of the Vulnerable Software and Affected Versions: D-Link DI-8003 version 16.07.16A1 Description: A critical issue has been identified, affecting the function upgrade filter asp of the file /upgrade filter.asp. The manipulation of the argument path leads to os command injection. This issue ca...

CVE-2024-40422

The snapshotpath parameter in the /api/get-browser-snapshot endpoint in stitionai devika v1 is susceptible to a path traversal attack. An attacker can manipulate the snapshotpath parameter to traverse directories and access sensitive files on the server. This can potentially lead to unauthorized...