EUVD-2018-20502

Malware in sbrugna...

Open WebUI Allows Arbitrary File Write via the `/models/upload` Endpoint

In open-webui version 0.3.8, the endpoint /models/upload is vulnerable to arbitrary file write due to improper handling of user-supplied filenames. The vulnerability arises from the usage of filepath = f"UPLOADDIR/file.filename" without proper input validation or sanitization. An attacker can...

Cisco Identity Services Engine Arbitrary File Write (cisco-sa-ise-mult-j-KxpNynR)

According to its self-reported version, Cisco Identity Services Engine is affected by an arbitrary file write vulnerability that can be exploited by a remote, authenticated attacker due to insufficient file input validation. Please see the included Cisco BIDs and Cisco Security Advisory for more...

Input validation

Multiple Services such as VHSVideo History Server and VCDVideo Clip Distributor and Clips2 were discovered to be vulnerable to an unauthenticated arbitrary file read/write vulnerability due to missing input validation on filenames. A malicious attacker could read sensitive files from the filesyst...

Cisco Enterprise NFV Infrastructure Software Cross-Site Scripting Vulnerability

Cisco Enterprise NFV Infrastructure Software is a lightweight virtualization platform that integrates complete VM lifecycle management, monitoring, device programmability, and service chaining in one installable package. A cross-site scripting vulnerability exists in the Web portal framework of...