jenkins-2-plugins: git-server plugin arbitrary file read vulnerability

A flaw was found in the Git Server Plugin for Jenkins. This issue could allow an attacker to read the first two lines of arbitrary files on the server's file system...

jenkins-2-plugins: git-server plugin arbitrary file read vulnerability

A flaw was found in the Git Server Plugin for Jenkins. This issue could allow an attacker to read the first two lines of arbitrary files on the server's file system...

PYSEC-2024-267

A Local File Inclusion LFI vulnerability exists in the gaizhenbiao/chuanhuchatgpt application, specifically within the functionality for uploading chat history. The vulnerability arises due to improper input validation when handling file paths during the chat history upload process. An attacker c...

Exploit for Path Traversal in Gradio_Project Gradio

CVE-2024-1561 Nuclei Template This Nuclei template is designe...

CVE-2024-4545 EDB Postgres Advanced Server (EPAS) authenticated file read permissions bypass using edbldr

All versions of EnterpriseDB Postgres Advanced Server EPAS from 15.0 prior to 15.7.0 and from 16.0 prior to 16.3.0 may allow users using edbldr to bypass role permissions from pgreadserverfiles. This could allow low privilege users to read files to which they would not otherwise have access...

CVE-2024-25533

Error messages in RuvarOA v6.01 and v12.01 were discovered to leak the physical path of the website /WorkFlow/OfficeFileUpdate.aspx. This vulnerability can allow attackers to write files to the server or execute arbitrary commands via crafted SQL statements...

CVE-2024-25533

CVE-2024-25533 affects RuvarOA v6.01–v12.01. Error messages disclose the server path at /WorkFlow/OfficeFileUpdate.aspx and, per multiple sources, allow writing files or executing arbitrary SQL via crafted statements due to insufficient input validation. Affected versions: 6.01–12.01. Root cause ...

CVE-2024-25533

Error messages in RuvarOA v6.01 and v12.01 were discovered to leak the physical path of the website /WorkFlow/OfficeFileUpdate.aspx. This vulnerability can allow attackers to write files to the server or execute arbitrary commands via crafted SQL statements...

CVE-2024-28890

Forminator prior to 1.29.0 contains an unrestricted upload of file with dangerous type vulnerability. If this vulnerability is exploited, a remote attacker may obtain sensitive information by accessing files on the server, alter the site that uses the plugin, and cause a denial-of-service DoS...

Mlflow Path Traversal Vulnerability (CNVD-2024-35608)

Mlflow is an open source platform for the machine learning lifecycle. Mlflow version 2.9.2 suffers from a path traversal vulnerability that stems from insufficient validation of user-supplied input. An attacker exploiting this vulnerability could access arbitrary files on the server...

Exploit for CVE-2024-32258

Overview - CVE ID: CVE-2024-32258https://vulners.com/...

PT-2024-18129 · Mlflow · Mlflow

Name of the Vulnerable Software and Affected Versions: mlflow/mlflow affected versions not specified Description: A path traversal issue exists due to improper validation of the source parameter in the create model version function. This allows attackers to bypass checks by the validate non local...

CrushFTP Remote Code Execution Exploit

This Metasploit exploit module leverages an improperly controlled modification of dynamically-determined object attributes vulnerability CVE-2023-43177 to achieve unauthenticated remote code execution. This affects CrushFTP versions prior to 10.5.1. It is possible to set some user's session...

PT-2024-18157 · Mlflow · Mlflow

Name of the Vulnerable Software and Affected Versions: mlflow/mlflow affected versions not specified Description: A path traversal issue exists in the handling of the artifact location parameter when creating an experiment. Attackers can exploit this by using a fragment component in the artifact...

Oracle JavaServer Faces 路径遍历漏洞

Oracle JavaServer Faces is a user interface framework on Oracle's Java platform for building Web-based user interface components and applications. A path traversal vulnerability exists in Oracle JavaServer Faces JSF version 2.2.20 that originates from allowing access to arbitrary files in the...

PaperCut NG Security Vulnerability

PaperCut NG is a suite of next-generation printer control software from PaperCut Australia. A security vulnerability exists in PaperCut NG/MF that stems from a vulnerability that allows an attacker to expose files on the server to affected API endpoints via a payload...

Wings Security Breach

Wings is the server control interface for Pterodactyl Panel. A security vulnerability exists in versions of Wings prior to 1.11.9 that stems from a symbolic link contention in the server file system, which can be exploited by an attacker to access files and directories on the host system...

CVE-2023-4552

Improper Input Validation vulnerability in OpenText AppBuilder on Windows, Linux allows Probe System Files. An authenticated AppBuilder user with the ability to create or manage existing databases can leverage them to exploit the AppBuilder server - including access to its local file system. This...

PT-2024-14333 · Actidata · Actinas Sl 2U-8 Rdx

Name of the Vulnerable Software and Affected Versions: actidata actiNAS SL 2U-8 RDX version 3.2.03-SP1 Description: The issue is related to improper access control on the nasSvr.php file, allowing remote attackers to read and modify different types of data without authentication. Recommendations:...

GHSA-8QW9-GF7W-42X5 Minor fix to previous patch for CVE-2022-35918

Impact The initial vulnerability identified in Streamlit apps using custom components, allowing for directory traversal attacks, was addressed in version 1.11.1. However, a minor issue persisted, which could still potentially expose certain files on the server file-system under specific condition...