20 matches found
EUVD-2020-20065
Malware in sbrugna...
EUVD-2024-2983
Malicious code in bioql PyPI...
CVE-2024-6971
A path traversal vulnerability exists in the parisneo/lollms-webui repository, specifically in the lollmsfilesystem.py file. The functions addragdatabase, togglemountragdatabase, and vectorizefolder do not implement security measures such as sanitizepathfromendpoint or sanitizepath. This allows a...
CVE-2020-27557
Unprotected Storage of Credentials vulnerability in BASETech GE-131 BT-1837836 firmware 20180921 allows local users to gain access to the video streaming username and password via SQLite files containing plain text credentials...
Lord of Large Language Models (LoLLMs) Server path traversal vulnerability in lollms_file_system.py
A path traversal vulnerability exists in the ParisNeo/lollms repository, specifically in the lollmsfilesystem.py file. The functions addragdatabase, togglemountragdatabase, and vectorizefolder do not implement security measures such as sanitizepathfromendpoint or sanitizepath. This allows an...
GHSA-7PGR-32FX-C6X9 Lord of Large Language Models (LoLLMs) Server path traversal vulnerability in lollms_file_system.py
A path traversal vulnerability exists in the ParisNeo/lollms repository, specifically in the lollmsfilesystem.py file. The functions addragdatabase, togglemountragdatabase, and vectorizefolder do not implement security measures such as sanitizepathfromendpoint or sanitizepath. This allows an...
CVE-2024-6971
A path traversal vulnerability exists in the parisneo/lollms-webui repository, specifically in the lollmsfilesystem.py file. The functions addragdatabase, togglemountragdatabase, and vectorizefolder do not implement security measures such as sanitizepathfromendpoint or sanitizepath. This allows a...
CVE-2024-6971
A path traversal vulnerability exists in the parisneo/lollms-webui repository, specifically in the lollmsfilesystem.py file. The functions addragdatabase, togglemountragdatabase, and vectorizefolder do not implement security measures such as sanitizepathfromendpoint or sanitizepath. This allows a...
CVE-2024-6971
CVE-2024-6971 describes a path traversal in the ParisNeo/lollms-webui project where functions in lollms_file_system.py (add_rag_database, toggle_mount_rag_database, vectorize_folder) do not sanitize paths, allowing an attacker to vectorize arbitrary .sqlite files on a victim’s machine. This can e...
CVE-2024-6971 Path Traversal in parisneo/lollms-webui
A path traversal vulnerability exists in the parisneo/lollms-webui repository, specifically in the lollmsfilesystem.py file. The functions addragdatabase, togglemountragdatabase, and vectorizefolder do not implement security measures such as sanitizepathfromendpoint or sanitizepath. This allows a...
LoLLMs 路径遍历漏洞
LoLLMs is a Web UI for a large language multimodal system by the individual developer Saifeddine ALOUI. LoLLMs suffers from a path traversal vulnerability that originates from allowing an attacker to perform vectorization operations on .sqlite files in any directory on the victim's computer, whic...
[SECURITY] [DLA 3489-1] mediawiki security update
Debian LTS Advisory DLA-3489-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany July 10, 2023 https://wiki.debian.org/LTS Package : mediawiki Version : 1:1.31.16-1+deb10u5 CVE ID : CVE-2022-47927 A security issue was discovered in MediaWiki, a website engine for...
Updated mediawiki packages fix security vulnerability
Bundled PapaParse copy in VisualEditor has known ReDos CVE-2020-36649. An issue was discovered in MediaWiki before 1.35.9. When installing with a pre-existing data directory that has weak permissions, the SQLite files are created with file mode 0644, i.e., world readable to local users. These fil...
CVE-2022-47927
An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. When installing with a pre-existing data directory that has weak permissions, the SQLite files are created with file mode 0644, i.e., world readable to local users. These files inclu...
PT-2023-15531 · Mediawiki +1 · Mediawiki +1
Name of the Vulnerable Software and Affected Versions: MediaWiki versions prior to 1.35.9 MediaWiki versions 1.36.x through 1.38.x before 1.38.5 MediaWiki versions 1.39.x before 1.39.1 Description: An issue was discovered in MediaWiki when installing with a pre-existing data directory that has we...
MediaWiki 安全漏洞
MediaWiki is a free and free-to-use web-based wiki engine from the U.S. Wikimedia MediaWiki Foundation. A security vulnerability exists in MediaWiki, which stems from the use of file mode 0644 when installed using a pre-existing data directory with weak privileges, which allows local users to rea...
CVE-2020-27557
Unprotected Storage of Credentials vulnerability in BASETech GE-131 BT-1837836 firmware 20180921 allows local users to gain access to the video streaming username and password via SQLite files containing plain text credentials...
Design/Logic Flaw
Unprotected Storage of Credentials vulnerability in BASETech GE-131 BT-1837836 firmware 20180921 allows local users to gain access to the video streaming username and password via SQLite files containing plain text credentials...
CVE-2020-27557
Unprotected Storage of Credentials vulnerability in BASETech GE-131 BT-1837836 firmware 20180921 allows local users to gain access to the video streaming username and password via SQLite files containing plain text credentials...
Apache Tika Infinite Loop Vulnerability
Apache Tika is the U.S. Apache Apache Software Foundation, an integrated POI using Java programs to provide open source functions for reading and writing documents in Microsoft Office format library, Pdfbox read and create PDF documents pure Java class library and for text extraction work to...