LoLLMs 资源管理错误漏洞

LoLLMs is a Web UI for a large language multimodal system by the individual developer Saifeddine ALOUI. A resource management error vulnerability exists in LoLLMs that originates from allowing an attacker to open Visual Studio Code or the default folder opener multiple times by sending repeated...

Foxit PDF Reader 安全漏洞

Foxit PDF Reader is a Chinese Foxit Foxit company's a PDF reader.Foxit PDF Editor is a Chinese Foxit Foxit company's a PDF editor Foxit PDF Reader and Editor has an elevation of privilege vulnerability that can be exploited by placing a DLL file in the update-service folder to elevate privileges...

PT-2024-24610 · Foxit · Foxit Pdf Reader/Editor

Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader and Editor versions prior to 2024.1 Description: The issue allows Local Privilege Escalation during update checks due to weak permissions on the update-service folder. This weakness enables attackers to place crafted DLL file...

CVE-2024-25908

Missing Authorization vulnerability in JoomUnited WP Media folder.This issue affects WP Media folder: from n/a through 5.7.2...

CVE-2024-25907

Missing Authorization vulnerability in JoomUnited WP Media folder.This issue affects WP Media folder: from n/a through 5.7.2...

WordPress Plugin WP Media Folder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on servers running PHP and MySQL. A security vulnerability exists in...

WordPress Plugin WP Media Folder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on servers running PHP and MySQL. A security vulnerability exists in...

CVE-2024-32001

SpiceDB is a graph database purpose-built for storing and evaluating access control data. Use of a relation of the form: relation folder: folder | folderparent with an arrow such as folder-view can cause LookupSubjects to only return the subjects found under subjects for either folder or...

SpiceDB: LookupSubjects may return partial results if a specific kind of relation is used

Background Use of a relation of the form: relation folder: folder | folderparent with an arrow such as folder-view can cause LookupSubjects to only return the subjects found under subjects for either folder or folderparent. This bug only manifests if the same subject type is used multiple types i...

CVE-2024-1520 OS Command Injection in parisneo/lollms-webui

An OS Command Injection vulnerability exists in the '/opencodefolder' endpoint of the parisneo/lollms-webui application, due to improper validation of user-supplied input in the 'discussionid' parameter. Attackers can exploit this vulnerability by injecting malicious OS commands, leading to...

Microsoft Windows Compressed Folder 安全漏洞

Microsoft Windows Compressed Folder is an application from Microsoft Corporation USA. A security vulnerability exists in Microsoft Windows Compressed Folder. An attacker could exploit the vulnerability to remotely execute code. The following products and versions are affected:Windows 11 Version...

Node.js Module node-tar < 6.2.1 DoS

In the nodejs module node-tar prior to version 6.2.1, there is no validation of the number of folders created while unpacking a file. As a result, an attacker can use a malicious file to exhaust the CPU and memory on the host and crash the nodejs client. Note that Nessus has not tested for these...

CVE-2024-25958

Dell Grab for Windows, versions up to and including 5.0.4, contain Weak Application Folder Permissions vulnerability. A local authenticated attacker could potentially exploit this vulnerability, leading to privilege escalation, unauthorized access to application data, unauthorized modification of...

CVE-2024-25958

Dell Grab for Windows, versions up to and including 5.0.4, contain Weak Application Folder Permissions vulnerability. A local authenticated attacker could potentially exploit this vulnerability, leading to privilege escalation, unauthorized access to application data, unauthorized modification of...

CVE-2024-25958

Dell Grab for Windows (up to 5.0.4) contains a Weak Application Folder Permissions vulnerability that can be exploited by a local authenticated attacker to achieve privilege escalation, access/modify application data, and potentially disrupt services. Root cause is improper folder permissions wit...

CVE-2024-25958

Dell Grab for Windows, versions up to and including 5.0.4, contain Weak Application Folder Permissions vulnerability. A local authenticated attacker could potentially exploit this vulnerability, leading to privilege escalation, unauthorized access to application data, unauthorized modification of...

"EasyRange" may insecurely load executable files

Overview "EasyRange" provided by sira.jp according to the original report submitted by the reporter is a tool to extract compressed files. "EasyRange" contains an issue with the executable file search path when displaying an extracted file on Explorer, which may lead to loading an executable file...

Dell Grab 安全漏洞

Dell Grab is a configuration technology from Dell, Inc. It is used to collect data on hosts connected to Dell EMC storage devices. A security vulnerability exists in Dell Grab 5.0.4 and prior versions, which stems from a vulnerability in application folder permissions that could be exploited by a...

PT-2024-21242 · Dell · Dell Grab For Windows

Name of the Vulnerable Software and Affected Versions: Dell Grab for Windows versions up to and including 5.0.4 Description: The issue allows a local authenticated attacker to potentially exploit Weak Application Folder Permissions, leading to privilege escalation, unauthorized access to...

Mozilla: Leaking of encrypted email subjects to other conversations

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: The encrypted subject of an email message could be incorrectly and permanently assigned to an arbitrary other email message in Thunderbird's local cache. Consequently, when replying to the...