2984 matches found
CVE-2024-1520 OS Command Injection in parisneo/lollms-webui
An OS Command Injection vulnerability exists in the '/opencodefolder' endpoint of the parisneo/lollms-webui application, due to improper validation of user-supplied input in the 'discussionid' parameter. Attackers can exploit this vulnerability by injecting malicious OS commands, leading to...
CVE-2024-1520 OS Command Injection in parisneo/lollms-webui
An OS Command Injection vulnerability exists in the '/opencodefolder' endpoint of the parisneo/lollms-webui application, due to improper validation of user-supplied input in the 'discussionid' parameter. Attackers can exploit this vulnerability by injecting malicious OS commands, leading to...
CVE-2024-1520
The CVE-2024-1520 entry concerns an OS command injection in parisneo/lollms-webui, via improper validation of the discussion_id parameter on the /open_code_folder endpoint. Affected component is the web UI’s input handling, allowing an attacker to inject OS commands and achieve remote code execut...
CVE-2024-1602
CVE-2024-1602 affects parisneo/lollms-webui, with a stored XSS that leads to Remote Code Execution. Attacker can exploit inadequate sanitization/validation of model output data to inject JavaScript that runs in the user’s browser and can trigger a request to /execute_code to establish a reverse s...
CVE-2024-1602 Stored XSS leading to RCE in parisneo/lollms-webui
parisneo/lollms-webui is vulnerable to stored Cross-Site Scripting XSS that leads to Remote Code Execution RCE. The vulnerability arises due to inadequate sanitization and validation of model output data, allowing an attacker to inject malicious JavaScript code. This code can be executed within t...
CVE-2024-1511 Path Traversal Vulnerability in parisneo/lollms-webui
The parisneo/lollms-webui repository is susceptible to a path traversal vulnerability due to inadequate validation of user-supplied file paths. This flaw allows an unauthenticated attacker to read, write, and in certain configurations execute arbitrary files on the server by exploiting various...
CVE-2024-1511 Path Traversal Vulnerability in parisneo/lollms-webui
The parisneo/lollms-webui repository is susceptible to a path traversal vulnerability due to inadequate validation of user-supplied file paths. This flaw allows an unauthenticated attacker to read, write, and in certain configurations execute arbitrary files on the server by exploiting various...
CVE-2024-1600
The CVE-2024-1600 vulnerability affects parisneo/lollms-webui, specifically the /personalities route, where improper validation of a filename used in include/require enables Local File Inclusion (LFI) via directory traversal (../../) to read arbitrary filesystem files accessible by the web server...
CVE-2024-1600 Local File Inclusion in parisneo/lollms-webui
A Local File Inclusion LFI vulnerability exists in the parisneo/lollms-webui application, specifically within the /personalities route. An attacker can exploit this vulnerability by crafting a URL that includes directory traversal sequences ../../ followed by the desired system file path, URL...
CVE-2024-1600 Local File Inclusion in parisneo/lollms-webui
A Local File Inclusion LFI vulnerability exists in the parisneo/lollms-webui application, specifically within the /personalities route. An attacker can exploit this vulnerability by crafting a URL that includes directory traversal sequences ../../ followed by the desired system file path, URL...
lollms-webui 安全漏洞
LoLLMs is a Web UI for a large language multimodal system by the individual developer Saifeddine ALOUI. A security vulnerability exists in lollms-webui. An attacker exploiting this vulnerability could read any file on a file system accessible to the web server...
PT-2024-18108 · Unknown · Parisneo/Lollms-Webui
Name of the Vulnerable Software and Affected Versions: parisneo/lollms-webui affected versions not specified Description: An issue exists in the '/open code folder' endpoint of the parisneo/lollms-webui application, due to improper validation of user-supplied input in the discussion id parameter...
PT-2024-18161 · Unknown · Parisneo/Lollms-Webui
Name of the Vulnerable Software and Affected Versions: parisneo/lollms-webui affected versions not specified Description: A Local File Inclusion LFI vulnerability exists in the parisneo/lollms-webui application, specifically within the /personalities route. An attacker can exploit this...
lollms-webui 安全漏洞
LoLLMs is a Web UI for a large language multi-model system by the individual developer Saifeddine ALOUI. A security vulnerability exists in lollms-webui that stems from inadequate cleaning and validation of model output data...
CVE-2024-1522 Cross-Site Request Forgery (CSRF) Leading to Remote Code Execution in parisneo/lollms-webui
A Cross-Site Request Forgery CSRF vulnerability in the parisneo/lollms-webui project allows remote attackers to execute arbitrary code on a victim's system. The vulnerability stems from the /executecode API endpoint, which does not properly validate requests, enabling an attacker to craft a...
CVE-2024-1522 Cross-Site Request Forgery (CSRF) Leading to Remote Code Execution in parisneo/lollms-webui
A Cross-Site Request Forgery CSRF vulnerability in the parisneo/lollms-webui project allows remote attackers to execute arbitrary code on a victim's system. The vulnerability stems from the /executecode API endpoint, which does not properly validate requests, enabling an attacker to craft a...
PT-2024-18110 · Unknown · Lollms-Webui
Name of the Vulnerable Software and Affected Versions: lollms-webui affected versions not specified Description: A Cross-Site Request Forgery CSRF issue in the lollms-webui project allows remote attackers to execute arbitrary code on a victim's system. The issue stems from the "/execute code" API...
PT-2024-3607 · Unknown · Open-Webui
Name of the Vulnerable Software and Affected Versions: Open WebUI versions prior to 0.1.117 Description: The issue is related to an authenticated blind server-side request forgery vulnerability. It involves the download file stream function in the backend/apps/web/routers/utils.py file of the Ope...
CVE-2024-0800
A path traversal vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in edge-app-base-webui.jar!com.ca.arcserve.edge.app.base.ui.server.servlet.ImportNodeServlet...
Path traversal
A path traversal vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in edge-app-base-webui.jar!com.ca.arcserve.edge.app.base.ui.server.servlet.ImportNodeServlet...