24 matches found
Arbitrary Argument Injection
Overview Affected versions of this package are vulnerable to Arbitrary Argument Injection via the ParseStreamOptions method. An attacker can access arbitrary files on the server and exfiltrate their contents by injecting malicious arguments into the StreamOptions query parameter, which are then...
EUVD-2014-3087
Malware in sbrugna...
EUVD-2017-17970
Malware in sbrugna...
EUVD-2000-0909
Malware in sbrugna...
EUVD-2015-0285
Malware in sbrugna...
EUVD-2001-0020
Malware in sbrugna...
EUVD-2017-7965
Malware in sbrugna...
EUVD-2018-17527
Malware in sbrugna...
EUVD-2001-1063
Malware in sbrugna...
EUVD-2022-27936
Malicious code in bioql PyPI...
EUVD-2022-3884
Malicious code in bioql PyPI...
EUVD-2022-45146
Malicious code in bioql PyPI...
GHSA-22V8-P7H2-RJ7P Markdownify MCP Server allows attackers to read arbitrary files
All versions of the package mcp-markdownify-server are vulnerable to Files or Directories Accessible to External Parties via the get-markdown-file tool. An attacker can craft a prompt that, once accessed by the MCP host, will allow it to read arbitrary files from the host running the server...
CVE-2024-8438 Path Traversal in modelscope/agentscope
A path traversal vulnerability exists in modelscope/agentscope version v.0.0.4. The API endpoint /api/file does not properly sanitize the path parameter, allowing an attacker to read arbitrary files on the server...
Mitel MiCollab Path Traversal Vulnerability
Mitel MiCollab contains a path traversal vulnerability that could allow an attacker to gain unauthorized and unauthenticated access. This vulnerability can be chained with CVE-2024-55550, which allows an unauthenticated, remote attacker to read arbitrary files on the server...
Dell AppSync Server XML External Entity Injection Vulnerability
Dell AppSync Server is a copy data management software from Dell USA. An XML external entity injection vulnerability exists in Dell AppSync Server versions 4.3 through 4.6, which arises from a networked system or product that does not have the correct filters in place to allow references to...
CVE-2023-49198
Mysql security vulnerability in Apache SeaTunnel. Attackers can read files on the MySQL server by modifying the information in the MySQL URL allowLoadLocalInfile=true&allowUrlInLocalInfile=true&allowLoadLocalInfileInPath=/&maxAllowedPacket=655360 This issue affects Apache SeaTunnel: 1.0.0. Users...
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) XXE Vulnerability
Trend Micro InterScan Messaging Security Virtual Appliance IMSVA is an appliance for securing communications from Trend Micro. A XXE vulnerability exists in the Trend Micro InterScan Messaging Security Virtual Appliance IMSVA. An attacker can exploit the vulnerability to read arbitrary local file...
CVE-2014-1626
XML External Entity XXE vulnerability in MARC::File::XML module before 1.0.2 for Perl, as used in Evergreen, Koha, perl4lib, and possibly other products, allows context-dependent attackers to read arbitrary files via a crafted XML file...
CVE-2001-0804
Directory traversal vulnerability in story.pl in Interactive Story 1.3 allows a remote attacker to read arbitrary files via a .. dot dot attack on the "next" parameter...