JetBrains TeamCity 安全漏洞

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. A path traversal vulnerability exists in JetBrains...

PT-2024-3947 · Jetbrains · Teamcity

Name of the Vulnerable Software and Affected Versions: JetBrains TeamCity versions prior to 2022.04.7 JetBrains TeamCity versions prior to 2022.10.6 JetBrains TeamCity versions prior to 2023.05.6 JetBrains TeamCity versions prior to 2023.11.5 JetBrains TeamCity versions prior to 2024.03.2...

PT-2024-35096 · Opentext · Opentext Dimensions Rm

Name of the Vulnerable Software and Affected Versions: OpenText Dimensions RM affected versions not specified Description: The issue allows authenticated users to read files stored on the server via webservices, potentially leading to unauthorized access to sensitive information. Recommendations:...

WP Fastest Cache < 1.2.7 - Admin+ Arbitrary File Deletion

Description The plugin for WordPress is vulnerable to Directory Traversal via the specificDeleteCache function. This makes it possible for authenticated attackers to delete arbitrary files on the server, which can include wp-config.php files of the affected site or other sites in a shared hosting...

WordPress Plugin "Download Plugins and Themes from Dashboard" vulnerable to path traversal

Overview WordPress Plugin "Download Plugins and Themes from Dashboard" provided by WPFactory LLC contains a path traversal vulnerability CWE-22. Gen Sato of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to WPFactory LLC and coordinated. After the coordination was completed, th...

WordPress Plugin Download Plugins and Themes from WordPress Dashboard 安全漏洞

WordPress and the WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin Download Plugins and Themes from WordPress...

GHSA-3783-62VC-JR7X ConsoleMe has an Arbitrary File Read Vulnerability via Limited Git command

ID: NFLX-2024-002 Impact Authenticated users can achieve limited RCE in ConsoleMe, restricted to flag inputs on a single CLI command. Due to this constraint, it is not currently known whether full RCE is possible but it is unlikely. However, a specific flag allows authenticated users to read any...

ChuanhuChatGPT 输入验证错误漏洞

ChuanhuChatGPT is a lightweight and easy-to-use Web GUI for ChatGPT/ChatGLM/LLaMA/StableLM/MOSS and many other LLMs. An input validation error vulnerability exists in ChuanhuChatGPT version 20240310, which stems from improper input validation when handling file paths during chat log uploads, and...

Dell DM5500 路径遍历漏洞

Dell PowerProtect DM5500 is an integrated solution from Dell, Inc. It provides industry-leading deduplication, data protection solutions and multi-cloud capabilities. A directory traversal vulnerability exists in Dell PowerProtect DM5500 version 5.15.0.0 and prior versions, which can be exploited...

CVE-2024-34471

An issue was discovered in HSC Mailinspector 5.2.17-3. A Path Traversal vulnerability resulting in file deletion exists in the mliRealtimeEmails.php file. The filename parameter in the export HTML functionality does not properly validate the file location, allowing an attacker to read and delete...

HSC Cybersecurity HC Mailinspector 路径遍历漏洞

HSC Cybersecurity HC Mailinspector is a cloud email security solution from HSC Cybersecurity. A path traversal vulnerability exists in HSC Cybersecurity HC Mailinspector versions 5.2.17-3 through v.5.2.18, which stems from an unauthenticated path traversal vulnerability in /public/loader.php, whe...

Dell Repository Manager Path Traversal (DSA-2024-189)

Dell Repository Manager, versions prior to 3.4.5, contains a Path Traversal vulnerability in API module. A local attacker with low privileges could potentially exploit this vulnerability to gain unauthorized write access to the files stored on the server filesystem with the privileges of the...

CVE-2024-32046

A flaw was found in Mattermost, where it fails to remove detailed error messages in API requests even if the developer mode is off. This flaw allows an attacker to obtain information about the server, such as the full path where files are stored...

Mlflow 路径遍历漏洞

Mlflow is an open source platform for machine learning lifecycles. A path traversal vulnerability exists in Mlflow due to improper validation of the "source" parameter. An attacker can use this vulnerability to read and access arbitrary files on the server...

AnythingLLM 输入验证错误漏洞

AnythingLLM is a document chatbot that meets business requirements. AnythingLLM suffers from an input validation error vulnerability that stems from a failure to properly clean user-supplied input, allowing an attacker to read and delete arbitrary files on the server...

CVE-2024-1511

The parisneo/lollms-webui repository is susceptible to a path traversal vulnerability due to inadequate validation of user-supplied file paths. This flaw allows an unauthenticated attacker to read, write, and in certain configurations execute arbitrary files on the server by exploiting various...

GHSA-2Q59-H24C-W6FG Voilà Local file inclusion

Impact Any deployment of voilà dashboard allow local file inclusion, that is to say any file on a filesystem that is readable by the user that runs the voilà dashboard server can be downloaded by someone with network access to the server. Whether this still requires authentication depends on how...

Unspecified Vulnerability in JetBrains TeamCity

JetBrains TeamCity is a Continuous Integration CI/CD tool developed by JetBrains, Inc. to automate the software build, test and deployment process. A security vulnerability exists in JetBrains TeamCity that can be exploited by an attacker to remove arbitrary files from the server via the...

CVE-2024-25944

Dell OpenManage Enterprise, v4.0 and prior, contains a path traversal vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, to gain unauthorized access to the files stored on the server filesystem, with the privileges of the running web application...

CVE-2023-49234

An XML external entity XXE vulnerability was found in Stilog Visual Planning 8. It allows an authenticated attacker to access local server files and exfiltrate data to an external server...