6 matches found
Arbitrary File Write
mlflow is vulnerable to Arbitrary File Write. The vulnerability is due to improper santization within the mlflow.data.httpdatasetsource.py module, when fetching data over HTTP. The Content-Disposition header is used directly to construct the path where the file is saved to, which allows an attack...
CVE-2022-45598
Cross Site Scripting vulnerability in Joplin Desktop App before v2.9.17 allows attacker to execute arbitrary code via improper santization...
CVE-2022-45598
Cross Site Scripting vulnerability in Joplin Desktop App before v2.9.17 allows attacker to execute arbitrary code via improper santization...
CVE-2022-45598
Cross Site Scripting vulnerability in Joplin Desktop App before v2.9.17 allows attacker to execute arbitrary code via improper santization...
Directory Traversal
github.com/go-aah/aah is vulnerable to directory traversal. The vulnerability exists in the Serve function in static.go due to improper santization of user input through HTTPEngine.Handle, which allows an attacker to read files outside of the target directory that the server has permission to rea...
X (Formerly Twitter): Improper santization of edit in list feature at twitter leads to delete any twitter user's list cover photo.
An improper sanitization of the edit list feature at Twitter allowed an attacker to delete any Twitter user's list cover photo. By manipulating the media ID in the request, the attacker could delete the victim's cover photo, violating access controls...