The vulnerability of the Deep Java Library (DJL) related to incorrect path name restrictions for restricted access directories allows attackers to overwrite system files.

The vulnerability of the Deep Java Library DJL is related to an incorrect restriction on the path name to the restricted access directory. Exploiting this vulnerability could allow a malicious actor to re-record system files remotely...

Google Go Security Vulnerability

Google Go is a static strongly typed, compiled, concatenated, and garbage-collected programming language from Google USA. A security vulnerability exists in Google Go that stems from the presence of a limited directory traversal that allows reading arbitrary files on the system...

CVE-2024-4499

CVE-2024-4499 describes a CSRF vulnerability in the XTTS server of parisneo/lollms 9.6 caused by a lax CORS policy. An attacker can lure a user to a malicious page to trigger arbitrary LoLLMS-XTTS API requests, potentially leading to reading/writing of audio files and, in combination with other i...

Path Traversal

ai.djl,api is vulnerable to Path Traversal. The vulnerability is due to absolute path archived artifacts, allowing attackers to insert archived files directly into the system and overwrite system files...

CVE-2024-37902

DeepJavaLibraryDJL is an Engine-Agnostic Deep Learning Framework in Java. DJL versions 0.1.0 through 0.27.0 do not prevent absolute path archived artifacts from inserting archived files directly into the system, overwriting system files. This is fixed in DJL 0.28.0 and patched in DJL Large Model...

CVE-2024-37902

Summary: CVE-2024-37902 affects the Java DeepJavaLibrary (DJL) up to version 0.27.0. The root cause is an absolute-path handling flaw in archived artifacts that can insert files directly into the system and overwrite system files. The issue is fixed in DJL v0.28.0 and also patched in the DJL Larg...

CVE-2024-6044

Certain models of D-Link wireless routers have a path traversal vulnerability. Unauthenticated attackers on the same local area network can read arbitrary system files by manipulating the URL...

CVE-2024-6044

CVE-2024-6044 concerns several models of D-Link wireless routers vulnerable to a path traversal flaw. Unauthenticated attackers on the same local area network can read arbitrary system files by manipulating the URL. The CVE entry and linked sources consistently describe this as a local, unauthent...

Deep Java Library Security Vulnerability

Deep Java Library is an open source, high-level, engine-independent deep learning Java framework from Deep Java Library Open Source. A security vulnerability exists in Deep Java Library version 0.1.0 up to and including version 0.27.0, which stems from a vulnerability that will not prevent an...

D-Link Routers Path Traversal Vulnerability

D-Link Routers is a router from China-based AUO D-Link. A path traversal vulnerability exists in D-Link Routers. An attacker can exploit this vulnerability to read arbitrary system files by manipulating the URL...

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Overview Affected versions of this package are vulnerable to Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' in the authentication process. An attacker can elevate privileges by exploiting race conditions during the token validation steps. This is only...

CVE-2024-5102

A sym-linked file accessed via the repair function in Avast Antivirus troubleshooting - repair feature, which attempts to delete a file in the current user's AppData directory as NT AUTHORITY\SYSTEM. A low-privileged user can make a pseudo-symlink and a junction folder and point to a file on the...

CVE-2024-5102 Elevation of Privelage via symlinked file in Avast Antivirus

A sym-linked file accessed via the repair function in Avast Antivirus troubleshooting - repair feature, which attempts to delete a file in the current user's AppData directory as NT AUTHORITY\SYSTEM. A low-privileged user can make a pseudo-symlink and a junction folder and point to a file on the...

ZendFramework local file inclusion vector in `Zend_View::setScriptPath()` and `render()`

ZendView is a component that utilizes PHP as a templating language. To utilize it, you specify "script paths" that contain view scripts, and then render view scripts by specifying subdirectories within those script paths; the output is then returned as a string value which may be cached or direct...

Information Disclosure

TYPO3/CMS is vulnerable to Information Disclosure. This vulnerability arises from insufficient validation and handling of uploaded files within forms. It may result in arbitrary file disclosure or unauthorized access to sensitive system files...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum_Spark_Firmware

CVE-2024-24919 Exploit Overview This repository contains...

Exploit for CVE-2024-4956

CVE-2024-4956 - Unauthenticated Path Traversal in Nexus Reposi...

CVE-2024-4956

Path Traversal in Sonatype Nexus Repository 3 allows an unauthenticated attacker to read system files. Fixed in version 3.68.1...

CVE-2024-4956 Nexus Repository 3 - Path Traversal

Path Traversal in Sonatype Nexus Repository 3 allows an unauthenticated attacker to read system files. Fixed in version 3.68.1...

CVE-2024-4956 Nexus Repository 3 - Path Traversal

Path Traversal in Sonatype Nexus Repository 3 allows an unauthenticated attacker to read system files. Fixed in version 3.68.1...