CVE-2024-28976

Dell Repository Manager, versions prior to 3.4.5, contains a Path Traversal vulnerability in API module. A local attacker with low privileges could potentially exploit this vulnerability to gain unauthorized write access to the files stored on the server filesystem with the privileges of the...

PT-2024-5170 · Dell · Dell Repository Manager

Name of the Vulnerable Software and Affected Versions: Dell Repository Manager versions 3.4.2 through 3.4.4 Description: The issue is related to a Path Traversal vulnerability in the logger module of Dell Repository Manager. This vulnerability can be exploited by a local attacker with low...

CVE-2024-1560

A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the artifact deletion functionality. Attackers can bypass path validation by exploiting the double decoding process in the deleteartifactmlflowartifacts handler and localfileuritopath function, allowing for...

CVE-2024-1560

A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the artifact deletion functionality. Attackers can bypass path validation by exploiting the double decoding process in the deleteartifactmlflowartifacts handler and localfileuritopath function, allowing for...

CVE-2024-1600 Local File Inclusion in parisneo/lollms-webui

A Local File Inclusion LFI vulnerability exists in the parisneo/lollms-webui application, specifically within the /personalities route. An attacker can exploit this vulnerability by crafting a URL that includes directory traversal sequences ../../ followed by the desired system file path, URL...

CVE-2024-25944

CVE-2024-25944 affects Dell OpenManage Enterprise (Dell OpenManage Enterprise, v4.0 and prior). A path traversal vulnerability allows an unauthenticated attacker to access files on the server filesystem with the web application’s privileges. Connected sources confirm versions 4.0 and earlier are ...

CVE-2024-25944

Dell OpenManage Enterprise, v4.0 and prior, contains a path traversal vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, to gain unauthorized access to the files stored on the server filesystem, with the privileges of the running web application...

CVE-2024-25944

Dell OpenManage Enterprise, v4.0 and prior, contains a path traversal vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, to gain unauthorized access to the files stored on the server filesystem, with the privileges of the running web application...

PT-2024-21236 · Dell · Dell Openmanage Enterprise

Name of the Vulnerable Software and Affected Versions: Dell OpenManage Enterprise versions 4.0 and prior Description: The issue allows an unauthenticated remote attacker to potentially exploit a path traversal vulnerability, gaining unauthorized access to files stored on the server filesystem wit...

CVE-2024-23331 Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem

Vite is a frontend tooling framework for javascript. The Vite dev server option server.fs.deny can be bypassed on case-insensitive file systems using case-augmented versions of filenames. Notably this affects servers hosted on Windows. This bypass is similar to CVE-2023-34092 -- with surface area...

PT-2024-2793 · Dell · Dell Unity

Name of the Vulnerable Software and Affected Versions: Dell Unity versions prior to 5.4 Description: The issue is related to a path traversal vulnerability in the svc supportassist utility of Dell Unity. An authenticated attacker could potentially exploit this vulnerability to gain unauthorized...

Path traversal

Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain a path traversal vulnerability. A local high privileged attacker could potentially exploit this vulnerability, to gain unauthorized read and write access to the OS files stored on the server...

CVE-2023-44278

Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain a path traversal vulnerability. A local high privileged attacker could potentially exploit this vulnerability, to gain unauthorized read and write access to the OS files stored on the server...

CVE-2023-44306

Dell DM5500 contains a path traversal vulnerability in the appliance. A remote attacker with high privileges could potentially exploit this vulnerability to overwrite configuration files stored on the server filesystem...

Path traversal

Dell DM5500 contains a path traversal vulnerability in the appliance. A remote attacker with high privileges could potentially exploit this vulnerability to overwrite configuration files stored on the server filesystem...

CVE-2023-44306

Dell DM5500 contains a path traversal vulnerability in the appliance. A remote attacker with high privileges could potentially exploit this vulnerability to overwrite configuration files stored on the server filesystem...

CVE-2023-44306

Dell DM5500 contains a path traversal vulnerability in the appliance. A remote attacker with high privileges could potentially exploit this vulnerability to overwrite configuration files stored on the server filesystem...

PT-2023-29202 · Dell · Dell Dm5500

Name of the Vulnerable Software and Affected Versions: Dell DM5500 affected versions not specified Description: The issue is a path traversal vulnerability in the PPOE Component of the appliance. A remote attacker with high privileges could potentially exploit this vulnerability to overwrite...

CVE-2023-31046

A Path Traversal vulnerability exists in PaperCut NG before 22.1.1 and PaperCut MF before 22.1.1. Under specific conditions, this could potentially allow an authenticated attacker to achieve read-only access to the server's filesystem, because requests beginning with "GET /ui/static/..//.." reach...

Path traversal

A Path Traversal vulnerability exists in PaperCut NG before 22.1.1 and PaperCut MF before 22.1.1. Under specific conditions, this could potentially allow an authenticated attacker to achieve read-only access to the server's filesystem, because requests beginning with "GET /ui/static/..//.." reach...