7 matches found
CVE-2025-69220
LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 does not enforce proper access control for file uploads to an agents file context and file search. An authenticated attacker with access to the agent ID can change the behavior of arbitrary agents by uploading new files to t...
CVE-2023-33498
alist =3.16.3 is vulnerable to Incorrect Access Control. Low privilege accounts can upload any file...
CVE-2025-27718
Improper limitation of a pathname to a restricted directory 'Path Traversal' issue exists in the file upload process of the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, the product's files may be obtained and/or altered or...
CVE-2020-15734
An Origin Validation Error vulnerability in Bitdefender Safepay allows an attacker to manipulate the browser's file upload capability into accessing other files in the same directory or sub-directories. This issue affects: Bitdefender Safepay versions prior to 25.0.7.29...
CVE-2015-5019
IBM Sterling Integrator 5.1 before 50100048 and Sterling B2B Integrator 5.2 before 50205009 allow remote authenticated users to read or upload files by leveraging a password-change requirement...
MediaCluster (mcCMS) Shell Upload
========================================================================= MediaCluster mcCMS Arbitrary File Upload Vulnerability ========================================================================== +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= +=+=+= +=+=+=...
Fedora 9 : drupal-6.5-1.fc9 (2008-8852)
Update to 6.5, security fixes: SA-2008-047 http://drupal.org/node/318706 - File upload access bypass unprivileged file attach - Access rules bypass - BlogAPI access bypass Remember to log in to your site as the admin user before upgrading this package. After upgrading the package, browse to...