5315 matches found
CVE-2024-3403
CVE-2024-3403 affects imartinez/privategpt v0.2.0 with a local file inclusion weakness that enables reading arbitrary files via manipulated file upload, exposing files through the app’s “Search in Docs” feature or AI queries. Impact notes in sources include potential remote code execution by expo...
CVE-2024-3403 Local File Inclusion in imartinez/privategpt
imartinez/privategpt version 0.2.0 is vulnerable to a local file inclusion vulnerability that allows attackers to read arbitrary files from the filesystem. By manipulating file upload functionality to ingest arbitrary local files, attackers can exploit the 'Search in Docs' feature or query the AI...
CVE-2024-3403 Local File Inclusion in imartinez/privategpt
imartinez/privategpt version 0.2.0 is vulnerable to a local file inclusion vulnerability that allows attackers to read arbitrary files from the filesystem. By manipulating file upload functionality to ingest arbitrary local files, attackers can exploit the 'Search in Docs' feature or query the AI...
CVE-2024-33485
CASAP Automated Enrollment System, version V1.0, contains a SQL Injection in the login.php component (PHP/MySQLi) that could allow a remote attacker to leak sensitive information. Root cause: improper handling of user input in SQL queries. Mitigation in the connected document: disable the login f...
RHEL 7 : developer_environment (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - Developer environment: Homoglyph characters can lead to trojan source attack CVE-2021-42694 - An issue wa...
Europol Hacked? IntelBroker Claims Major Law Enforcement Breach
By Waqas Notorious hacker IntelBroker claims a major data breach at Europol. Allegedly, sensitive data including employee info, source code, and operational documents were compromised. Europol has yet to confirm the breach. Could this expose ongoing investigations and endanger law enforcement...
IntelBroker Hacker Leaks Alleged HSBC & Barclays Bank Data
By Waqas Hackers claim to have breached a third-party contractor of HSBC and Barclays, stealing sensitive data including database files, source code, and more. This is a post from HackRead.com Read the original post: IntelBroker Hacker Leaks Alleged HSBC & Barclays Bank Data...
Clinic Queuing System 1.0 - RCE
Exploit Title: Clinic Queuing System 1.0 RCE Date: 2024/1/7 Exploit Author: Juan Marco Sanchez Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/16439/clinic-queuing-system-using-php-and-sqlite3-source-code-free-download.html Version: 1.0 Tested on...
Vercel Source Code Exposure
Vercel is a popular Cloud provider helping developers hosting their javascript and typescript codebases. Vercel publishes the '/src' endpoint which allows project team members to view application source code. When the 'Logs and Source Protection' option is disabled, the default protection is...
ROS-20240503-05
Microsoft Visual Studio Codef source code editor vulnerability is related to flaws in access control. access. Exploitation of the vulnerability could allow an attacker acting remotely to elevate his or her privileges...
CVE-2024-27025
In the Linux kernel, the following vulnerability has been resolved: nbd: null check for nlaneststart nlaneststart may fail and return NULL. Insert a check and set errno based on other call sites within the same source code...
CVE-2024-27025 nbd: null check for nla_nest_start
In the Linux kernel, the following vulnerability has been resolved: nbd: null check for nlaneststart nlaneststart may fail and return NULL. Insert a check and set errno based on other call sites within the same source code...
CVE-2024-27025
CVE-2024-27025 concerns the Linux kernel: a NULL return from nla_nest_start() could lead to NULL pointer dereference if not checked. The patch inserts a NULL check and sets errno consistent with other call sites, preventing a potential crash. Public references show the issue resolved in the kerne...
CVE-2024-27025
In the Linux kernel, the following vulnerability has been resolved: nbd: null check for nlaneststart nlaneststart may fail and return NULL. Insert a check and set errno based on other call sites within the same source code...
CVE-2024-4300 E-WEBInformationCo. FS-EZViewer(Web) - Sensitive Data Exposure
E-WEBInformationCo. FS-EZViewerWeb exposes sensitive information in the service. A remote attacker can obtain the database configuration file path through the webpage source code without login. Accessing this path allows attacker to obtain the database credential with the highest privilege and...
1Panel's password verification is suspected to have a timing attack vulnerability
Summary 源码中密码校验处使用 != 符号,而不是hmac.Equal,这可能导致产生计时攻击漏洞,从而爆破密码。 建议使用 hmac.Equal 比对密码。 Translation: The source code uses the != symbol instead of hmac.Equal for password verification, which may lead to timing attack vulnerabilities that can lead to password cracking. It is recommended to use hmac...
NewStart CGSL CORE 5.04 / MAIN 5.04 : binutils Vulnerability (NS-SA-2024-0013)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has binutils packages installed that are affected by a vulnerability: - An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via contro...
Stock Management System v1.0 - Unauthenticated SQL Injection Exploit
Exploit Title: Stock Management System v1.0 - Unauthenticated SQL Injection Exploit Author: Josué Mier aka blu3ming Security Researcher & Penetration Tester @wizlynx group Vendor Homepage: https://www.sourcecodester.com/php/15023/stock-management-system-phpoop-source-code.html Software Link:...
Employee Task Management System in PHP/PDO Free Source Code - admin-manage-user.php SQL injection vulnerability
NAME OF AFFECTED PRODUCTS + Employee Task Management System...
CVE-2024-28878
IO-1020 Micro ELD downloads source code or an executable from an adjacent location and executes the code without sufficiently verifying the origin or integrity of the code...