2982 matches found
path traversal vulnerability was identified in the parisneo/lollms-webui
A path traversal vulnerability was identified in the parisneo/lollms-webui repository, specifically within version 9.6. The vulnerability arises due to improper handling of user-supplied input in the 'listpersonalities' endpoint. By crafting a malicious HTTP request, an attacker can traverse the...
GHSA-9P73-X86V-JW57 path traversal vulnerability was identified in the parisneo/lollms-webui
A path traversal vulnerability was identified in the parisneo/lollms-webui repository, specifically within version 9.6. The vulnerability arises due to improper handling of user-supplied input in the 'listpersonalities' endpoint. By crafting a malicious HTTP request, an attacker can traverse the...
CVE-2024-2178
A path traversal vulnerability exists in the parisneo/lollms-webui, specifically within the 'copytocustompersonas' endpoint in the 'lollmspersonalitiesinfos.py' file. This vulnerability allows attackers to read arbitrary files by manipulating the 'category' and 'name' parameters during the 'Copy ...
CVE-2024-2178
A path traversal vulnerability exists in the parisneo/lollms-webui, specifically within the 'copytocustompersonas' endpoint in the 'lollmspersonalitiesinfos.py' file. This vulnerability allows attackers to read arbitrary files by manipulating the 'category' and 'name' parameters during the 'Copy ...
CVE-2024-2178 Path Traversal Vulnerability in parisneo/lollms-webui
A path traversal vulnerability exists in the parisneo/lollms-webui, specifically within the 'copytocustompersonas' endpoint in the 'lollmspersonalitiesinfos.py' file. This vulnerability allows attackers to read arbitrary files by manipulating the 'category' and 'name' parameters during the 'Copy ...
CVE-2024-2178 Path Traversal Vulnerability in parisneo/lollms-webui
A path traversal vulnerability exists in the parisneo/lollms-webui, specifically within the 'copytocustompersonas' endpoint in the 'lollmspersonalitiesinfos.py' file. This vulnerability allows attackers to read arbitrary files by manipulating the 'category' and 'name' parameters during the 'Copy ...
Cross-site Scripting (XSS)
ansibleguy-webui is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper handling of user input in multiple forms, allowing injection of HTML elements which are then executed by the browser after job actions...
CVE-2024-4330
A path traversal vulnerability was identified in the parisneo/lollms-webui repository, specifically within version 9.6. The vulnerability arises due to improper handling of user-supplied input in the 'listpersonalities' endpoint. By crafting a malicious HTTP request, an attacker can traverse the...
CVE-2024-4330 Path Traversal in parisneo/lollms-webui
A path traversal vulnerability was identified in the parisneo/lollms-webui repository, specifically within version 9.6. The vulnerability arises due to improper handling of user-supplied input in the 'listpersonalities' endpoint. By crafting a malicious HTTP request, an attacker can traverse the...
ansibleguy-webui Cross-site Scripting vulnerability
Impact Multiple forms in version = 0.0.21 References Report GitHub Issue 44...
GHSA-927P-XRC2-X2GJ ansibleguy-webui Cross-site Scripting vulnerability
Impact Multiple forms in version = 0.0.21 References Report GitHub Issue 44...
CVE-2024-36110
ansibleguy-webui is an open source WebUI for using Ansible. Multiple forms in versions 0.0.21 allowed injection of HTML elements. These are returned to the user after executing job actions and thus evaluated by the browser. These issues have been addressed in version 0.0.21 0.0.21.post2 on pypi...
CVE-2024-36110 Cross-site scripting in ansibleguy-webui
ansibleguy-webui is an open source WebUI for using Ansible. Multiple forms in versions 0.0.21 allowed injection of HTML elements. These are returned to the user after executing job actions and thus evaluated by the browser. These issues have been addressed in version 0.0.21 0.0.21.post2 on pypi...
CVE-2024-36110 Cross-site scripting in ansibleguy-webui
ansibleguy-webui is an open source WebUI for using Ansible. Multiple forms in versions 0.0.21 allowed injection of HTML elements. These are returned to the user after executing job actions and thus evaluated by the browser. These issues have been addressed in version 0.0.21 0.0.21.post2 on pypi...
CVE-2024-36110 Cross-site scripting in ansibleguy-webui
ansibleguy-webui is an open source WebUI for using Ansible. Multiple forms in versions 0.0.21 allowed injection of HTML elements. These are returned to the user after executing job actions and thus evaluated by the browser. These issues have been addressed in version 0.0.21 0.0.21.post2 on pypi...
ansibleguy-webui 安全漏洞
ansibleguy-webui is a coding library by the individual developers at AnsibleGuy in Austria. A security vulnerability exists in ansibleguy-webui versions prior to 0.0.21, which stems from the presence of a cross-site scripting XSS vulnerability...
Oracle Linux 8 : pcs (ELSA-2024-2953)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2953 advisory. - Fixed CVE-2024-25126, CVE-2024-26141, CVE-2024-26146 in bundled dependency rack Resolves: RHEL-26445, RHEL-26447, RHEL-26449 Tenable has extracted th...
CVE-2024-34995
CVE-2024-34995 affects svnWebUI v1.8.3, where the dirTemps parameter in com.cym.controller.UserController#importOver enables arbitrary file deletion via crafted POST requests. Exploitation details are not provided beyond this description in the connected sources, and there is no confirmed patch v...
CVE-2024-4267
A remote code execution RCE vulnerability exists in the parisneo/lollms-webui, specifically within the 'openfile' module, version 9.5. The vulnerability arises due to improper neutralization of special elements used in a command within the 'openfile' function. An attacker can exploit this...
CVE-2024-4267
A remote code execution RCE vulnerability exists in the parisneo/lollms-webui, specifically within the 'openfile' module, version 9.5. The vulnerability arises due to improper neutralization of special elements used in a command within the 'openfile' function. An attacker can exploit this...