CVE-2024-6707

Attacker controlled files can be uploaded to arbitrary locations on the web server's filesystem by abusing a path traversal vulnerability...

Path Traversal

mlflow is vulnerable to a path traversal vulnerability. The vulnerability is due to an extra unquote operation in the deleteartifacts function of localartifactrepo.py, which fails to properly sanitize user-supplied paths. Attackers can exploit the double decoding process in the...

CVE-2024-1560

CVE-2024-1560 affects mlflow/mlflow prior to 2.9.2, in the artifact deletion path. A double decoding flaw in _delete_artifact_mlflow_artifacts and local_file_uri_to_path, via an extra unquote in delete_artifacts, allows path traversal and deletion of arbitrary server directories. Impact: high, wi...

Local File Inclusion

voila is vulnerable to Local File Inclusion. The vulnerability is due to improper handling of file paths within app.py which allows an attacker to access readable files on the server's filesystem...

CVE-2023-22629

An issue was discovered in TitanFTP through 1.94.1205. The move-file function has a path traversal vulnerability in the newPath parameter. An authenticated attacker can upload any file and then move it anywhere on the server's filesystem...

CVE-2022-4778

StreamX applications from versions 6.02.01 to 6.04.34 are affected by a path traversal vulnerability that allows authenticated users to get unauthorized access to files on the server's filesystem. StreamX applications using StreamView HTML component with the public web server feature activated ar...