Lucene search
K

29 matches found

Cvelist
Cvelist
added 2025/03/20 10:10 a.m.13 views

CVE-2024-7957 Arbitrary File Overwrite in danswer-ai/danswer

An arbitrary file overwrite vulnerability exists in the ZulipConnector of danswer-ai/danswer, affecting the latest version. The vulnerability arises from the loadcredentials method, where user-controlled input for realmname and zuliprccontent is used to construct file paths and write file content...

9.1CVSS0.00879EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/20 10:10 a.m.7 views

CVE-2024-7957 Arbitrary File Overwrite in danswer-ai/danswer

An arbitrary file overwrite vulnerability exists in the ZulipConnector of danswer-ai/danswer, affecting the latest version. The vulnerability arises from the loadcredentials method, where user-controlled input for realmname and zuliprccontent is used to construct file paths and write file content...

9.1CVSS9.2AI score0.00879EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2024/12/27 6:2 p.m.24 views

changedetection.io Vulnerable to Improper Input Validation Leading to LFR/Path Traversal

Summary Improper input validation in the application can allow attackers to perform local file read LFR or path traversal attacks. These vulnerabilities occur when user input is used to construct file paths without adequate sanitization or validation. For example, using file:../../../etc/passwd o...

8.6CVSS6.9AI score0.00691EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2024/03/26 3:15 p.m.39 views

CVE-2023-41973

ZSATray passes the previousInstallerName as a config parameter to TrayManager, and TrayManager constructs the path and appends previousInstallerName to get the full path of the exe. Fixed Version: Win ZApp 4.3.0.121 and later...

7.8CVSS7.1AI score0.00313EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/10/18 12:0 a.m.34 views

PrestaShop Path Traversal Vulnerability

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides multiple payment methods, SMS alerts and product image scaling. A security vulnerability exists in PrestaShop Common-Services version 2.5.9 and prior versions, which stems from a lac...

7.5CVSS7.1AI score0.00583EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/12/01 12:0 a.m.6 views

PT-2022-19784 · Delta Industrial Automation · Dialink

Name of the Vulnerable Software and Affected Versions: Delta Industrial Automation DIALink versions prior to v1.5.0.0 Beta 4 Description: The issue arises from the software's failure to properly neutralize special elements within a pathname constructed from external input. This pathname is intend...

8.1CVSS7.5AI score0.02283EPSS
Exploits0References4
Hacker One
Hacker One
added 2020/06/11 10:43 a.m.132 views

GSA Bounty: Limited LFI

Summary: Due to improper parameter sensitization local file inclusion is possible. LFI is limited as we were not able to truncate the end of string. Description: Application root is located at /var/www/dashboard/new/public Due to URL Manipulation we are able to raed file from...

7AI score
Exploits0
Prion
Prion
added 2006/03/09 10:2 p.m.17 views

Directory traversal

Directory traversal vulnerability in the session handling class GallerySession.class in Gallery 2 up to 2.0.2 allows remote attackers to access and delete files by specifying the session in a cookie, which is used in constructing file paths before the session value is sanitized...

6.4CVSS6.9AI score0.03918EPSS
Exploits2References9Affected Software1
NVD
NVD
added 2005/11/22 8:3 p.m.17 views

CVE-2005-3752

Unspecified vulnerability in ldapdiff before 1.1.1 has unknown impact and attack vectors, related to "ldapdiff.conf path construction"...

10CVSS6.5AI score0.01529EPSS
Exploits0References1
Rows per page
Query Builder