Open WebUI 0.1.105 File Upload / Path Traversal Vulnerabilities

Title: Open WebUI Arbitrary File Upload + Path Traversal Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-006.txt 1. Vulnerability Details Affected Vendor: Open WebUI Affected Product: Open WebUI Affected Version: 0.1.105 Platform: Debian 12 CWE Classification: CWE-22:...

Trojanized jQuery Packages Found on npm, GitHub, and jsDelivr Code Repositories

Unknown threat actors have been found propagating trojanized versions of jQuery on npm, GitHub, and jsDelivr in what appears to be an instance of a "complex and persistent" supply chain attack. "This attack stands out due to the high variability across packages," Phylum said in an analysis...

ROS-20240703-09

A vulnerability in the WSGI Werkzeug web application library is related to the fact that the application does not properly control the consumption of internal resources when parsing data from a composite form with a large number of fields. internal resource consumption when parsing data from a...

GHSA-JG62-H7PV-HXGV FriendlyCaptcha Plugin for TYPO3 Captcha Check Bypass

An issue was discovered in the friendlycaptchaofficial aka Integration of Friendly Captcha extension before 0.1.4 for TYPO3. The extension fails to check the requirement of the captcha field in submitted form data, allowing a remote user to bypass the captcha check. This only affects the captcha...

PT-2024-37264 · Deep Sea Electronics · Dse855

Name of the Vulnerable Software and Affected Versions: Deep Sea Electronics DSE855 affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations of Deep Sea Electronics DSE855 devices. The flaw exists within the...

Deep Sea Electronics DSE855 Security Vulnerability

Deep Sea Electronics DSE855 is a USB to Ethernet communication device from Deep Sea Electronics, UK. A security vulnerability exists in the Deep Sea Electronics DSE855 that stems from a specific flaw in the handling of multipart form variables that lacks proper validation of the length of...

WordPress plugin Advanced Contact form 7 DB security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...

DEBIAN-CVE-2024-31458

Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in formsave function in graphtemplateinputs.php is not thoroughly checked and is used to concatenate the SQL statement in drawnontemplatedfieldsgraphitem function from...

GHSA-5M98-QGG9-WH84 aiohttp vulnerable to Denial of Service when trying to parse malformed POST requests

Summary An attacker can send a specially crafted POST multipart/form-data request. When the aiohttp server processes it, the server will enter an infinite loop and be unable to process any further requests. Impact An attacker can stop the application from serving requests after sending a single...

CVE-2024-30251

An infinite loop flaw was found in aiohttp when handling POST multipart/form-data requests. This flaw allows an attacker to send a specially crafted request, leading the server to enter an infinite loop and render it unable to process any further requests. This denial of service can be triggered ...

CVE-2024-3717

The Drag and Drop Multiple File Upload – Contact Form 7 plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.7.7 via the '/wp-content/uploads/wpdndcf7uploads/wpcf7-files' directory. This makes it possible for unauthenticated attackers to...

DEBIAN-CVE-2024-30251

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In affected versions an attacker can send a specially crafted POST multipart/form-data request. When the aiohttp server processes it, the server will enter an infinite loop and be unable to process any further request...

CVE-2024-30251

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In affected versions an attacker can send a specially crafted POST multipart/form-data request. When the aiohttp server processes it, the server will enter an infinite loop and be unable to process any further request...

CVE-2024-30251

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In affected versions an attacker can send a specially crafted POST multipart/form-data request. When the aiohttp server processes it, the server will enter an infinite loop and be unable to process any further request...

CVE-2024-30251 Denial of service when trying to parse malformed POST requests in aiohttp

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In affected versions an attacker can send a specially crafted POST multipart/form-data request. When the aiohttp server processes it, the server will enter an infinite loop and be unable to process any further request...

RHEL 9 : Red Hat OpenStack Platform 17.0 (python-werkzeug) (RHSA-2023:1018)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:1018 advisory. Werkzeug ======== Werkzeug started as simple collection of various utilities for WSGI applications and has become one of the most advanced...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Pallets Werkzeug [CVE-2023-46136]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Pallets Werkzeug, caused by a flaw when parsing multipart/form-data containing a large part with CR/LF character at the beginning CVE-2023-46136. Pallets Werkzeug is used in our Speech...

Prototype Pollution

Conform is vulnerable to prototype pollution. The vulnerability is due to the nested object parsing, allowing attackers to trigger prototype pollution by passing crafted input to parseWith functions. Applications using Conform for server-side validation of form data or URL parameters are affected...

GHSA-624G-8QJG-8QXF Conform contains a Prototype Pollution Vulnerability in `parseWith...` function

Summary Conform allows the parsing of nested objects in the form of object.property. Due to an improper implementation of this feature, an attacker can exploit it to trigger prototype pollution by passing a crafted input to parseWith... functions. PoC javascript const parseWithZod =...

UBUNTU-CVE-2024-23722

In Fluent Bit 2.1.8 through 2.2.1, a NULL pointer dereference can be caused via an invalid HTTP payload with the content type of x-www-form-urlencoded. It crashes and does not restart. This could result in logs not being delivered properly...