ModelDB Security Vulnerabilities

ModelDB is an open source system for machine learning model version control, metadata, and experiment management from VertaAI. ModelDB has a security vulnerability that stems from a remote file inclusion LFI vulnerability in the artifactpath URL parameter. An attacker can exploit this vulnerabili...

CVE-2023-45878

GibbonEdu Gibbon version 25.0.1 and before allows Arbitrary File Write because rubricsvisualisesaveAjax.phps does not require authentication. The endpoint accepts the img, path, and gibbonPersonID parameters. The img parameter is expected to be a base64 encoded image. If the path parameter is set...

WPB Show Core <= 2.2 - Unauthenticated Local File Inclusion

Description This plugin is vulnerable to a local file inclusion via the path parameter. PoC Send a GET request to wpb-show-core/download-file.php with the path parameter set to an arbitrary file path on the server, - "/etc/resolv.conf" - "/etc/hosts" - "../../../wp-config.php"...

CVE-2022-2441

The ImageMagick Engine plugin for WordPress is vulnerable to remote code execution via the 'clipath' parameter in versions up to, and including 1.7.5. This makes it possible for unauthenticated users to run arbitrary commands leading to remote command execution, granted they can trick a site...

CVE-2023-5120

The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image file path parameter in versions up to, and including, 0.9.89 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with...

CVE-2020-21583

A vulnerability was found in hwclock in util-linux, which allowed non-root users to access the hardware clock. This flaw allows an attacker to execute arbitrary code via the path parameter when setting the date...

Yonyou UFIDA-NC Path Traversal Vulnerability

Yonyou UFIDA-NC is a large-scale ERP enterprise management system and e-commerce platform from China's UFIDA Network Technology Yonyou Company. A path traversal vulnerability exists in Yonyou UFIDA-NC 20230807 and earlier versions, which stems from the parameter filePath in the file...

SUSE CVE-2020-21583

An issue was discovered in hwclock.13-v2.27 allows attackers to gain escalated privlidges or execute arbitrary commands via the path parameter when setting the date...

CVE-2020-21583

An issue was discovered in hwclock.13-v2.27 allows attackers to gain escalated privlidges or execute arbitrary commands via the path parameter when setting the date...

CVE-2020-21583

An issue was discovered in hwclock.13-v2.27 allows attackers to gain escalated privlidges or execute arbitrary commands via the path parameter when setting the date...

DEBIAN-CVE-2020-21583

An issue was discovered in hwclock.13-v2.27 allows attackers to gain escalated privlidges or execute arbitrary commands via the path parameter when setting the date...

UBUNTU-CVE-2020-21583

An issue was discovered in hwclock.13-v2.27 allows attackers to gain escalated privlidges or execute arbitrary commands via the path parameter when setting the date...

CVE-2020-21583

An issue was discovered in hwclock.13-v2.27 allows attackers to gain escalated privlidges or execute arbitrary commands via the path parameter when setting the date...

PT-2023-11594 · Hwclock · Hwclock

Name of the Vulnerable Software and Affected Versions: hwclock version 2.27 Description: An issue was discovered that allows attackers to gain escalated privileges or execute arbitrary commands via the path parameter when setting the date. Recommendations: For version 2.27, consider restricting...

Linux hwclock 安全漏洞

Linux hwclock is a command from the Linux Foundation of America. It is used to display and set the hardware clock. A security vulnerability exists in Linux hwclock version 13-v2.27, which originated from a vulnerability that allows an attacker to gain escalated privileges or execute arbitrary...

CVE-2020-21583

An issue was discovered in hwclock.13-v2.27 allows attackers to gain escalated privlidges or execute arbitrary commands via the path parameter when setting the date...

CVE-2020-21583

An issue was discovered in hwclock.13-v2.27 allows attackers to gain escalated privlidges or execute arbitrary commands via the path parameter when setting the date...

CVE-2023-36255

An issue in Eramba Limited Eramba Enterprise and Community edition v.3.19.1 allows a remote attacker to execute arbitrary code via the path parameter in the URL...

CVE-2023-36255

An issue in Eramba Limited Eramba Enterprise and Community edition v.3.19.1 allows a remote attacker to execute arbitrary code via the path parameter in the URL...

Code injection

An issue in Eramba Limited Eramba Enterprise and Community edition v.3.19.1 allows a remote attacker to execute arbitrary code via the path parameter in the URL...