CVE-2024-10912 Denial of Service in lm-sys/fastchat

A Denial of Service DoS vulnerability exists in the file upload feature of lm-sys/fastchat version 0.2.36. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. An attacker can exploit this by sending a payload with an excessively large...

CVE-2024-30143

HCL AppScan Traffic Recorder fails to adequately neutralize special characters within the filename, potentially allowing it to resolve to a location beyond the restricted directory. Potential exploits can completely disrupt or takeover the application or the computer where the application is...

CVE-2024-30143 A path traversal vulnerability in HCL AppScan Traffic Recorder

HCL AppScan Traffic Recorder fails to adequately neutralize special characters within the filename, potentially allowing it to resolve to a location beyond the restricted directory. Potential exploits can completely disrupt or takeover the application or the computer where the application is...

UBUNTU-CVE-2024-32487

less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the...

PT-2024-23297 · Mintplex · Anything-Llm

Name of the Vulnerable Software and Affected Versions: mintplex-labs/anything-llm affected versions not specified Description: The issue is related to path traversal attacks due to insufficient validation of user-supplied input in the logo filename functionality. Attackers can exploit this by...

SUSE CVE-2021-45844

Improper sanitization in the invocation of ODA File Converter from FreeCAD 0.19 allows an attacker to inject OS commands via a crafted filename...

phpPOC.txt

PHP File Upload Vulnerability POC Title: Overwrite $FILE array in rfc1867 - Mime multipart/form-data File Upload Author: Stefano Di Paola Affected: Php "; if isuploadedfile$FILES'userfile''tmpname' && moveuploadedfile$FILES'userfile''tmpname', $uploadfile print "File is valid, and was successfull...

Reget directory traversal

Directory is traversed with 2F.. in filename...

Qualcomm Eudora 5.05.16.0 - Long Attachment Filename Denial of Service (2)

Qualcomm Eudora 5.05.16.0 - Long Attachment Filename Denial of Service 2 source: https://www.securityfocus.com/bid/7026/info Eudora may crash when handling messages which contain attachments with excessively long filenames. This condition reportedly occurs when messages with malformed attachment...