CVE-2024-32880

CVE-2024-32880 affects pyload, an open-source Python download manager. Multiple sources confirm an authenticated user can change the download folder and upload a crafted template to that folder, triggering remote code execution (RCE). No fix was available at publication; PoCs describe leveraging ...

pyload 安全漏洞

pyload is a free and open source download manager written in Python, designed to be extremely lightweight, easily extensible and fully manageable over the Web. pyload has a security vulnerability. An authenticated user could change the download folder and upload carefully crafted templates to a...

CVE-2024-28241

The GLPI Agent is a generic management agent. Prior to version 1.7.2, a local user can modify GLPI-Agent code or used DLLs to modify agent logic and even gain higher privileges. Users should upgrade to GLPI-Agent 1.7.2 to receive a patch. As a workaround, use the default installation folder which...

UBUNTU-CVE-2024-28241

The GLPI Agent is a generic management agent. Prior to version 1.7.2, a local user can modify GLPI-Agent code or used DLLs to modify agent logic and even gain higher privileges. Users should upgrade to GLPI-Agent 1.7.2 to receive a patch. As a workaround, use the default installation folder which...

CVE-2024-28241 GlPI-Agent MSI package installation doesn't update folder security profile when using non default installation folder

The GLPI Agent is a generic management agent. Prior to version 1.7.2, a local user can modify GLPI-Agent code or used DLLs to modify agent logic and even gain higher privileges. Users should upgrade to GLPI-Agent 1.7.2 to receive a patch. As a workaround, use the default installation folder which...

CVE-2024-28241 GlPI-Agent MSI package installation doesn't update folder security profile when using non default installation folder

The GLPI Agent is a generic management agent. Prior to version 1.7.2, a local user can modify GLPI-Agent code or used DLLs to modify agent logic and even gain higher privileges. Users should upgrade to GLPI-Agent 1.7.2 to receive a patch. As a workaround, use the default installation folder which...

CVE-2024-28241 GlPI-Agent MSI package installation doesn't update folder security profile when using non default installation folder

The GLPI Agent is a generic management agent. Prior to version 1.7.2, a local user can modify GLPI-Agent code or used DLLs to modify agent logic and even gain higher privileges. Users should upgrade to GLPI-Agent 1.7.2 to receive a patch. As a workaround, use the default installation folder which...

GLPI 安全漏洞

GLPI is an open source IT and asset management software from an individual developer. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner...

PT-2024-22356 · Unknown +1 · Glpi Agent +1

Name of the Vulnerable Software and Affected Versions: GLPI Agent versions prior to 1.7.2 Description: A local user can modify the GLPI-Agent code or used DLLs to modify agent logic and potentially gain higher privileges. Recommendations: For versions prior to 1.7.2, upgrade to GLPI-Agent 1.7.2 t...

GHSA-3F7W-P8VR-4V5F pyLoad allows upload to arbitrary folder lead to RCE

Summary An authenticated user can change the download folder and upload a crafted template to the specified folder lead to remote code execution Details example version: 0.5 file:src/pyload/webui/app/blueprints/appblueprint.py python @bp.route"/render/", endpoint="render" def renderfilename:...

CVE-2024-22809

Incorrect access control in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to access the G code's shared folder and view sensitive information...

CVE-2024-22809

Incorrect access control in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to access the G code's shared folder and view sensitive information...

Tormach PathPilot Controller 安全漏洞

Tormach PathPilot Controller is a series of controllers from Tormach USA. A security vulnerability exists in Tormach PathPilot Controller version v2.9.6. An attacker can exploit the vulnerability to access the G-code shared folder and view sensitive information...

CVE-2024-22809

Incorrect access control in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to access the G code's shared folder and view sensitive information...

PT-2024-19570 · Tormach · Tormach Xstech Cnc Router +1

Name of the Vulnerable Software and Affected Versions: Tormach xsTECH CNC Router, PathPilot Controller version 2.9.6 Description: The issue is related to incorrect access control, allowing attackers to access the G code's shared folder and view sensitive information. Recommendations: For version...

GitLens Git Local Configuration Exec

GitKraken GitLens before v.14.0.0 allows an untrusted workspace to execute git commands. A repo may include its own .git folder including a malicious config file to execute arbitrary code. Tested against VSCode 1.87.2 with GitLens 13.6.0 on Ubuntu 22.04 and Windows 10 Module Options msf use...

FileBird < 5.6.4 - Author+ Users Folder Deletion

Description The plugin is vulnerable to Insecure Direct Object Reference via folder deletion due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with author access or higher, to delete folders created by other users and make their file uploads...

Foxit PDF Reader and Editor Elevation of Privilege Vulnerability

Foxit PDF Reader is a Chinese Foxit Foxit company's a PDF reader.Foxit PDF Editor is a Chinese Foxit Foxit company's a PDF editor Foxit PDF Reader and Editor has an elevation of privilege vulnerability that can be exploited by placing a DLL file in the update-service folder to elevate privileges...

CVE-2024-1569

parisneo/lollms-webui is vulnerable to denial of service through uncontrolled resource consumption. An attacker can trigger repeated unauthenticated POST requests at /open_code_in_vs_code and similar endpoints to repeatedly open VS Code or the default folder opener, exhausting system resources an...

iTop 安全漏洞

iTop is a platform that provides all the resources needed to optimize iTop. A security vulnerability exists in iTop versions 2.7.10, 3.0.4, 3.1.1, and 3.2.0, which stems from the ability to retrieve files in the env-production folder, even though they should have restricted access...