Exploit for CVE-2024-32258

Overview - CVE ID: CVE-2024-32258https://vulners.com/...

The vulnerability of the Dell Unity Operating Environment’s operating system for managing and maintaining data storage allows a malicious actor to gain unauthorized access to files stored in the server’s file system, with elevated privileges. This vulnerability is related to errors in processing the relative path to the directory, enabling unauthorized access to these files.

The vulnerability of the operating environment for managing and maintaining Dell Unity Operating Environment OE storage involves errors in processing the relative path to the directory. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to write...

PT-2024-18129 · Mlflow · Mlflow

Name of the Vulnerable Software and Affected Versions: mlflow/mlflow affected versions not specified Description: A path traversal issue exists due to improper validation of the source parameter in the create model version function. This allows attackers to bypass checks by the validate non local...

PT-2024-18157 · Mlflow · Mlflow

Name of the Vulnerable Software and Affected Versions: mlflow/mlflow affected versions not specified Description: A path traversal issue exists in the handling of the artifact location parameter when creating an experiment. Attackers can exploit this by using a fragment component in the artifact...

CrushFTP Remote Code Execution Exploit

This Metasploit exploit module leverages an improperly controlled modification of dynamically-determined object attributes vulnerability CVE-2023-43177 to achieve unauthenticated remote code execution. This affects CrushFTP versions prior to 10.5.1. It is possible to set some user's session...

Oracle JavaServer Faces 路径遍历漏洞

Oracle JavaServer Faces is a user interface framework on Oracle's Java platform for building Web-based user interface components and applications. A path traversal vulnerability exists in Oracle JavaServer Faces JSF version 2.2.20 that originates from allowing access to arbitrary files in the...

PaperCut NG Security Vulnerability

PaperCut NG is a suite of next-generation printer control software from PaperCut Australia. A security vulnerability exists in PaperCut NG/MF that stems from a vulnerability that allows an attacker to expose files on the server to affected API endpoints via a payload...

Wings Security Breach

Wings is the server control interface for Pterodactyl Panel. A security vulnerability exists in versions of Wings prior to 1.11.9 that stems from a symbolic link contention in the server file system, which can be exploited by an attacker to access files and directories on the host system...

CVE-2023-4552

Improper Input Validation vulnerability in OpenText AppBuilder on Windows, Linux allows Probe System Files. An authenticated AppBuilder user with the ability to create or manage existing databases can leverage them to exploit the AppBuilder server - including access to its local file system. This...

PT-2024-14333 · Actidata · Actinas Sl 2U-8 Rdx

Name of the Vulnerable Software and Affected Versions: actidata actiNAS SL 2U-8 RDX version 3.2.03-SP1 Description: The issue is related to improper access control on the nasSvr.php file, allowing remote attackers to read and modify different types of data without authentication. Recommendations:...

GHSA-8QW9-GF7W-42X5 Minor fix to previous patch for CVE-2022-35918

Impact The initial vulnerability identified in Streamlit apps using custom components, allowing for directory traversal attacks, was addressed in version 1.11.1. However, a minor issue persisted, which could still potentially expose certain files on the server file-system under specific condition...

CVE-2023-37607

Directory Traversal in Automatic Systems SOC FL9600 FirstLane V06 legoT04E00 allows a remote attacker to obtain sensitive information via csvServer.php?file= with a .. in the dir parameter...

HCL Technologies DRYiCE MyXalytics Path Traversal Vulnerability

HCL Technologies DRYiCE MyXalytics is a unified reporting and dashboard product from HCL Technologies, USA. A security vulnerability exists in HCL Technologies DRYiCE MyXalytics that stems from certain endpoints that allow a user to manipulate the path including filename where these files are...

CVE-2023-5991

The Hotel Booking Lite WordPress plugin before 4.8.5 does not validate file paths provided via user input, as well as does not have proper CSRF and authorisation checks, allowing unauthenticated users to download and delete arbitrary files on the server...

PYSEC-2023-296

An XEE vulnerability has been found in Repox, which allows a remote attacker to interfere with the application's XML data processing in the fileupload function, resulting in interaction between the attacker and the server's file system...

PYSEC-2023-296

An XEE vulnerability has been found in Repox, which allows a remote attacker to interfere with the application's XML data processing in the fileupload function, resulting in interaction between the attacker and the server's file system...

CVE-2023-6721 Improper Restriction of XML External Entity Reference in Repox

An XEE vulnerability has been found in Repox, which allows a remote attacker to interfere with the application's XML data processing in the fileupload function, resulting in interaction between the attacker and the server's file system...

PT-2023-36081 · Repox · Repox

Name of the Vulnerable Software and Affected Versions: Repox affected versions not specified Description: A vulnerability has been found that allows a remote attacker to interfere with the application's XML data processing in the fileupload function. This results in interaction between the attack...

Repox Security Vulnerability

Repox is a framework for managing data spaces from Repox. A security vulnerability exists in Repox 2.3.7 and earlier versions, which stems from the presence of a path traversal vulnerability. The vulnerability can be exploited by an attacker to read arbitrary files on the server, thereby disclosi...

Dell DM5500 Path Traversal Vulnerability

The Dell DM5500 is an integrated solution from Dell, Inc. It provides industry-leading deduplication, data protection solutions and multi-cloud capabilities. The Dell DM5500 suffers from a path traversal vulnerability that stems from a failure to properly filter special elements in the path of a...