GHSA-QG8P-32GR-GH6X MLflow Local File Disclosure Vulnerability

This vulnerability enables malicious users to read sensitive files on the server...

External Control of File Name or Path in h2oai/h2o-3

Remote unauthenticated attackers can overwrite arbitrary server files with attacker-controllable data. The data that the attacker can control is not entirely arbitrary. h2o writes a CSV/XLS/etc file to disk, so the attacker data is wrapped in quotations and starts with "C1", if they're exporting ...

h2o Security Vulnerabilities

h2o is a new generation of HTTP server. Not only is it very fast compared to older generation HTTP servers, but it also provides faster responses to end users. A security vulnerability exists in h2oai h2o-3, which stems from the fact that an attacker can overwrite arbitrary server files with...

PT-2023-32697

Name of the Vulnerable Software and Affected Versions h2oai/h2o-3 affected versions not specified Description The issue allows unauthenticated users to overwrite any file accessible to the user who executes h2o.init, potentially resulting in a denial of service. Remote unauthenticated attackers c...

CVE-2023-6722

A path traversal vulnerability has been detected in Repox, which allows an attacker to read arbitrary files on the running server, resulting in a disclosure of sensitive information. An attacker could access files such as application code or data, backend credentials, operating system files...

CVE-2023-6721

An XEE vulnerability has been found in Repox, which allows a remote attacker to interfere with the application's XML data processing in the fileupload function, resulting in interaction between the attacker and the server's file system...

PYSEC-2023-297

A path traversal vulnerability has been detected in Repox, which allows an attacker to read arbitrary files on the running server, resulting in a disclosure of sensitive information. An attacker could access files such as application code or data, backend credentials, operating system files...

PYSEC-2023-297

A path traversal vulnerability has been detected in Repox, which allows an attacker to read arbitrary files on the running server, resulting in a disclosure of sensitive information. An attacker could access files such as application code or data, backend credentials, operating system files...

PT-2023-36082 · Repox · Repox

Name of the Vulnerable Software and Affected Versions: Repox affected versions not specified Description: A path traversal issue has been detected, allowing an attacker to read arbitrary files on the server. This could lead to the disclosure of sensitive information, including application code,...

Sumitomo Electric Industries RakRak Document Plus Security Vulnerability

Sumitomo Electric Industries RakRak Document Plus is a document management system from Sumitomo Electric Industries Japan. It can be used for a variety of purposes, including contract management, e-book legal compliance, drafting, and ISO document management. A security vulnerability exists in...

CVE-2023-6026

A Path traversal vulnerability has been reported in elijaa/phpmemcachedadmin affecting version 1.3.0. This vulnerability allows an attacker to delete files stored on the server due to lack of proper verification of user-supplied input...

UReport Security Vulnerability

UReport is a high-performance pure Java reporting engine based on the Spring architecture that prepares complex Chinese reports and statements by iterating over cells. A security vulnerability exists in UReport version v2.2.9. A remote attacker can exploit the vulnerability to arbitrarily read...

Chalemelon Power Security Breach

Chalemelon Power is a shopping platform for virtual experiences. A security vulnerability exists in version 1.0 of the Chalemelon Power framework, which stems from a path traversal vulnerability in the getImage parameter. The vulnerability can be exploited to read files on the server and access...

Headwind MDM Path Traversal Vulnerability

Headwind MDM is a platform for managing Android devices in your organization. A path traversal vulnerability exists in Headwind MDM Web panel version 5.22.1. An attacker can exploit this vulnerability to read arbitrary files on the server running the application...

Ray Path Traversal vulnerability

LFI in Ray's log API endpoint allows attackers to read any file on the server without authentication. The issue is fixed in version 2.8.1+. Ray maintainers response can be found here:...

CVE-2023-6038

A Local File Inclusion LFI vulnerability exists in the h2o-3 REST API, allowing unauthenticated remote attackers to read arbitrary files on the server with the permissions of the user running the h2o-3 instance. This issue affects the default installation and does not require user interaction. Th...

CVE-2023-6023

An attacker can read any file on the filesystem on the server hosting ModelDB through an LFI in the artifactpath URL parameter...

Code injection

The Awesome Support WordPress plugin before 6.1.5 does not sanitize file paths when deleting temporary attachment files, allowing a ticket submitter to delete arbitrary files on the server...

CVE-2023-26580

Unauthenticated arbitrary file read in the IDAttend’s IDWeb application 3.1.013 allows the retrieval of any file present on the web server by unauthenticated attackers...

CVE-2023-43074

Dell Unity 5.3 contains an Arbitrary File Creation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by crafting arbitrary files through a request to the server...