GHSA-54F4-V6V9-9Q82 open-webui allows writing and deleting arbitrary files

In version v0.3.8 of open-webui/open-webui, the endpoint /api/pipelines/upload is vulnerable to arbitrary file write and delete due to unsanitized file.filename concatenation with CACHEDIR. This vulnerability allows attackers to overwrite and delete system files, potentially leading to remote cod...

CVE-2024-7037

Open WebUI project (open-webui) v0.3.8 has a path traversal/Arbitrary File Write and Delete vulnerability in the /api/pipelines/upload endpoint caused by unsanitized file.filename concatenation with CACHE_DIR. This allows an attacker to overwrite or delete system files and could lead to remote co...

openSUSE: Security Advisory for squid (openSUSE-SU-2019:2541-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE SLES12 Security Update : squid (SUSE-SU-2019:3067-1)

This update for squid to version 4.9 fixes the following issues : Security issues fixed : CVE-2019-13345: Fixed multiple cross-site scripting vulnerabilities in cachemgr.cgi bsc1140738. CVE-2019-12526: Fixed potential remote code execution during URN processing bsc1156326...

openSUSE Security Update : squid (openSUSE-2019-2541)

This update for squid to version 4.9 fixes the following issues : Security issues fixed : - CVE-2019-13345: Fixed multiple cross-site scripting vulnerabilities in cachemgr.cgi bsc1140738. - CVE-2019-12526: Fixed potential remote code execution during URN processing bsc1156326. -...

Security update for squid (important)

openSUSE Security Update: Security update for squid Announcement ID: openSUSE-SU-2019:2541-1 Rating: important References: 1133089 1140738 1141329 1141330 1141332 1141442 1156323 1156324 1156326 1156328 1156329 Cross-References: CVE-2019-12523 CVE-2019-12525 CVE-2019-12526 CVE-2019-12527...

Security update for squid (important)

openSUSE Security Update: Security update for squid Announcement ID: openSUSE-SU-2019:2540-1 Rating: important References: 1133089 1140738 1141329 1141330 1141332 1141442 1156323 1156324 1156326 1156328 1156329 Cross-References: CVE-2019-12523 CVE-2019-12525 CVE-2019-12526 CVE-2019-12527...

SUSE SLES15 Security Update : squid (SUSE-SU-2019:2975-1)

This update for squid to version 4.9 fixes the following issues : Security issues fixed : CVE-2019-13345: Fixed multiple cross-site scripting vulnerabilities in cachemgr.cgi bsc1140738. CVE-2019-12526: Fixed potential remote code execution during URN processing bsc1156326...

CVE-2011-1144

The installer in PEAR 1.9.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the 1 downloaddir, 2 cachedir, 3 tmpdir, and 4 pear-build-download directories. NOTE: this vulnerability exists because of an incomplete fix for...

Directory traversal

thumbsup.php in Thumbs-Up 1.12, as used in LightNEasy "no database" aka flat and SQLite 1.2.2 and earlier, allows remote attackers to copy, rename, and read arbitrary files via directory traversal sequences in the image parameter with a modified cachedir parameter containing a %00 encoded null by...