Remote Code Execution via path traversal bypass in lollms

CVE-2024-4320 describes a vulnerability in the parisneo/lollms software, specifically within the ExtensionBuilder.buildextension function. The vulnerability arises from the /mountextension endpoint, where a path traversal issue allows attackers to navigate beyond the intended directory structure...

CVE-2024-4078 Arbitrary Code Execution in parisneo/lollms

A vulnerability in the parisneo/lollms, specifically in the /unInstallbinding endpoint, allows for arbitrary code execution due to insufficient sanitization of user input. The issue arises from the lack of path sanitization when handling the name parameter in the unInstallbinding function, allowi...

CVE-2024-2358 Path Traversal leading to Remote Code Execution in parisneo/lollms-webui

A path traversal vulnerability in the '/applysettings' endpoint of parisneo/lollms-webui allows attackers to execute arbitrary code. The vulnerability arises due to insufficient sanitization of user-supplied input in the configuration settings, specifically within the 'extensions' parameter...

CVE-2024-2358 Path Traversal leading to Remote Code Execution in parisneo/lollms-webui

A path traversal vulnerability in the '/applysettings' endpoint of parisneo/lollms-webui allows attackers to execute arbitrary code. The vulnerability arises due to insufficient sanitization of user-supplied input in the configuration settings, specifically within the 'extensions' parameter...

Arbitrary Code Execution

pandasai is vulnerable to Arbitrary Code Execution. The vulnerability exists in cleancode function at init.py due to lack of security checks which allows an attacker to inject and execute malicious code, resulting in prompt injection...

CVE-2013-10009

A vulnerability was found in DrAzraelTod pyChao and classified as critical. Affected by this issue is the function klauen/lesen of the file modfun/init.py. The manipulation leads to sql injection. The patch is identified as 9d8adbc07c384ba51c2583ce0819c9abb77dc648. It is recommended to apply a...

Sql injection

A vulnerability was found in DrAzraelTod pyChao and classified as critical. Affected by this issue is the function klauen/lesen of the file modfun/init.py. The manipulation leads to sql injection. The patch is identified as 9d8adbc07c384ba51c2583ce0819c9abb77dc648. It is recommended to apply a...

CVE-2013-10009

CVE-2013-10009 affects DrAzraelTod pyChao; the vulnerability is in the function klauen/lesen of mod_fun/init .py, enabling SQL injection. A patch is identified as 9d8adbc07c384ba51c2583ce0819c9abb77dc648. Remediation is to apply the patch to fix the issue.

Cross-Site Scripting (XSS)

pyrdfa3 is vulnerable to cross site scripting. The vulnerability exists in the getoption function in init.py due to unsanitized data, which will allow an attacker to inject and execute malicious code...

GHSA-894Q-WPG5-MF2H pyRdfa3 Cross-site Scripting vulnerability

A vulnerability was found in RDFlib pyrdfa3 and classified as problematic. This issue affects the function getoption of the file pyRdfa/init.py. The manipulation leads to cross site scripting. The attack may be initiated remotely. The name of the patch is ffd1d62dd50d5f4190013b39cedcdfbd81f3ce3e...

Security update for python3 (moderate)

openSUSE Security Update: Security update for python3 Announcement ID: openSUSE-SU-2021:4104-1 Rating: moderate References: 1180125 1183374 1183858 1185588 1187668 1189241 1189287 Cross-References: CVE-2021-3426 CVE-2021-3733 CVE-2021-3737 CVSS scores: CVE-2021-3426 NVD : 5.7...

CVE-2014-1858

Removed by vendor...