102 matches found
CVE-2024-28986 SolarWinds Web Help Desk Java Deserialization Remote Code Execution Vulnerability
SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce...
CVE-2024-28986
SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce it...
SolarWinds Serv-U Path Traversal Vulnerability
SolarWinds Serv-U contains a path traversal vulnerability that allows an attacker access to read sensitive files on the host machine...
CVE-2024-28995
SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine...
CVE-2024-28995 SolarWinds Serv-U L Directory Transversal Vulnerability
SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine...
CVE-2024-28995
CVE-2024-28995 is a directory traversal vulnerability in SolarWinds Serv-U that allows unauthenticated attackers to read sensitive host files. The flaw affects Serv-U and can be triggered via crafted directory/file paths (e.g., using InternalDir/InternalFile payloads) to access local logs and sys...
CVE-2024-28995
SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine. Recent assessments: sfewer-r7 at June 13, 2024 9:17am UTC reported: Based upon our Rapid7 Analysis, I have rated the attacker value of this vulnerability...
CVE-2024-1569 Uncontrolled Resource Consumption in parisneo/lollms-webui
parisneo/lollms-webui is vulnerable to a denial of service DoS attack due to uncontrolled resource consumption. Attackers can exploit the /opencodeinvscode and similar endpoints without authentication by sending repeated HTTP POST requests, leading to the opening of Visual Studio Code or the...
CVE-2024-29902
Cosign provides code signing and transparency for containers and binaries. Prior to version 2.2.4, a remote image with a malicious attachment can cause denial of service of the host machine running Cosign. This can impact other services on the machine that rely on having memory available such as ...
GHSA-4685-2X5R-65PJ Pebble service manager's file pull API allows access by any user
Impact Note: "Pebble" here refers to Canonical's service manager, not the Let's Encrypt ACME test server. The API behind pebble pull, used to read files from the workload container by Juju charms, allows access from any user, instead of just admin. In Juju Kubernetes sidecar charms, Pebble and th...
Critical VMware Vulnerabilities Leading To Sandbox Escape
Summary: Critical vulnerabilities tracked as CVE-2024-22252, CVE-2024-22253, CVE-2024-22254, and CVE-2024-22255 have been addressed by Vmware. These vulnerabilities allow attackers to bypass virtual machines and execute commands on the host machine. Workstation, Fusion, Cloud Foundation, and VMwa...
GHSA-MQ6V-W35G-3C97 Local File Inclusion vulnerability in zmarkdown
Impact A minor Local File Inclusion vulnerability has been found in zmarkdown, which allowed for images with a known path on the host machine to be included inside a LaTeX document. To prevent it, a new option has been created that allow to replace invalid paths with a default image instead of...
GHSA-C79F-PQGF-FHP3 Directory Traversal in Gladys Assistant
Gladys Assistant v4.27.0 and prior is vulnerable to Directory Traversal. The patch of CVE-2023-43256 was found to be incomplete, allowing authenticated attackers to extract sensitive files in the host machine...
CVE-2023-43256
A path traversal in Gladys Assistant v4.26.1 and below allows authenticated attackers to extract sensitive files in the host machine by exploiting a non-sanitized user input...
Path traversal
A path traversal in Gladys Assistant v4.26.1 and below allows authenticated attackers to extract sensitive files in the host machine by exploiting a non-sanitized user input...
CVE-2023-43256
A path traversal in Gladys Assistant v4.26.1 and below allows authenticated attackers to extract sensitive files in the host machine by exploiting a non-sanitized user input...
Command injection
Zoho ManageEngine ADManager Plus before Build 7200 allows admin users to execute commands on the host machine...
File System Sandbox Breakout
github.com/lima-vm/lima is vulnerable to a File System Sandbox Breakout. The vulnerability exists due to differential disk images used as the base image, which allows an attacker to aread files off the host machine...
CVE-2023-30621
Gipsy is a multi-purpose discord bot which aim to be as modular and user-friendly as possible. In versions prior to 1.3 users can run command on the host machine with sudoer permission. The !ping command when provided with an IP or hostname used to run a bash ping without verification that the IP...
Command injection
Gipsy is a multi-purpose discord bot which aim to be as modular and user-friendly as possible. In versions prior to 1.3 users can run command on the host machine with sudoer permission. The !ping command when provided with an IP or hostname used to run a bash ping without verification that the IP...