29 matches found
CVE-2024-7957 Arbitrary File Overwrite in danswer-ai/danswer
An arbitrary file overwrite vulnerability exists in the ZulipConnector of danswer-ai/danswer, affecting the latest version. The vulnerability arises from the loadcredentials method, where user-controlled input for realmname and zuliprccontent is used to construct file paths and write file content...
CVE-2024-7957 Arbitrary File Overwrite in danswer-ai/danswer
An arbitrary file overwrite vulnerability exists in the ZulipConnector of danswer-ai/danswer, affecting the latest version. The vulnerability arises from the loadcredentials method, where user-controlled input for realmname and zuliprccontent is used to construct file paths and write file content...
changedetection.io Vulnerable to Improper Input Validation Leading to LFR/Path Traversal
Summary Improper input validation in the application can allow attackers to perform local file read LFR or path traversal attacks. These vulnerabilities occur when user input is used to construct file paths without adequate sanitization or validation. For example, using file:../../../etc/passwd o...
CVE-2023-41973
ZSATray passes the previousInstallerName as a config parameter to TrayManager, and TrayManager constructs the path and appends previousInstallerName to get the full path of the exe. Fixed Version: Win ZApp 4.3.0.121 and later...
PrestaShop Path Traversal Vulnerability
PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides multiple payment methods, SMS alerts and product image scaling. A security vulnerability exists in PrestaShop Common-Services version 2.5.9 and prior versions, which stems from a lac...
PT-2022-19784 · Delta Industrial Automation · Dialink
Name of the Vulnerable Software and Affected Versions: Delta Industrial Automation DIALink versions prior to v1.5.0.0 Beta 4 Description: The issue arises from the software's failure to properly neutralize special elements within a pathname constructed from external input. This pathname is intend...
GSA Bounty: Limited LFI
Summary: Due to improper parameter sensitization local file inclusion is possible. LFI is limited as we were not able to truncate the end of string. Description: Application root is located at /var/www/dashboard/new/public Due to URL Manipulation we are able to raed file from...
Directory traversal
Directory traversal vulnerability in the session handling class GallerySession.class in Gallery 2 up to 2.0.2 allows remote attackers to access and delete files by specifying the session in a cookie, which is used in constructing file paths before the session value is sanitized...
CVE-2005-3752
Unspecified vulnerability in ldapdiff before 1.1.1 has unknown impact and attack vectors, related to "ldapdiff.conf path construction"...