EUVD-2019-6581

Malware in sbrugna...

CVE-2024-6281

A path traversal vulnerability exists in the applysettings function of parisneo/lollms versions prior to 9.5.1. The sanitizepath function does not adequately secure the discussiondbname parameter, allowing attackers to manipulate the path and potentially write to important system folders...

LoLLMS vulnerable to Expected Behavior Violation

A path traversal vulnerability exists in the applysettings function of parisneo/lollms versions prior to 9.5.1. The sanitizepath function does not adequately secure the discussiondbname parameter, allowing attackers to manipulate the path and potentially write to important system folders...

GHSA-8MRM-R7H3-C3HJ LoLLMS vulnerable to Expected Behavior Violation

A path traversal vulnerability exists in the applysettings function of parisneo/lollms versions prior to 9.5.1. The sanitizepath function does not adequately secure the discussiondbname parameter, allowing attackers to manipulate the path and potentially write to important system folders...

CVE-2024-6281

A path traversal vulnerability exists in the applysettings function of parisneo/lollms versions prior to 9.5.1. The sanitizepath function does not adequately secure the discussiondbname parameter, allowing attackers to manipulate the path and potentially write to important system folders...

CVE-2020-24578

An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU2.31V1.1.47ae55. It has a misconfigured FTP service that allows a malicious network user to access system folders and download sensitive files such as the password hash file...

D-link DSL-2888A 默认配置问题漏洞

The D-link DSL-2888A is a Unified Services Router from D-link China. A default configuration issue vulnerability exists in the D-Link DSL-2888A devices, which can be exploited by an attacker to access system folders and download sensitive files e.g., password hash files...

PT-2020-15749 · D Link · D-Link Dsl-2888A

Name of the Vulnerable Software and Affected Versions: D-Link DSL-2888A devices with firmware prior to AU 2.31 V1.1.47ae55 Description: An issue was discovered that allows a malicious network user to access system folders and download sensitive files, such as the password hash file, due to a...

Nextcloud Server < 14.0.11, < 15.0.8 Input Validation Vulnerability (NC-SA-2019-015)

Nextcloud Server is prone to an input validation vulnerability where group admins can create users with IDs of system folders. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

CVE-2019-15624

Improper Input Validation in Nextcloud Server 15.0.7 allows group admins to create users with IDs of system folders...

CVE-2019-15624

Improper Input Validation in Nextcloud Server 15.0.7 allows group admins to create users with IDs of system folders...

Input validation

Improper Input Validation in Nextcloud Server 15.0.7 allows group admins to create users with IDs of system folders...

CVE-2019-15624

Improper Input Validation in Nextcloud Server 15.0.7 allows group admins to create users with IDs of system folders...

Analysis of LooCipher, a New Ransomware Family Observed This Year

ARCHIVED STORY Analysis of LooCipher, a New Ransomware Family Observed This Year By ATR Operational Intelligence Team · December 05, 2019 Co-authored by Marc RiveroLopez. Initial Discovery This year seems to again be the year for ransomware. Notorious attacks were made using ransomware and new...

Analysis of LooCipher, a New Ransomware Family Observed This Year

ARCHIVED STORY Analysis of LooCipher, a New Ransomware Family Observed This Year By ATR Operational Intelligence Team · December 05, 2019 Co-authored by Marc RiveroLopez. Initial Discovery This year seems to again be the year for ransomware. Notorious attacks were made using ransomware and new...

Group admins can create users with IDs of system folders (NC-SA-2019-015)

Improper Input Validation in Nextcloud Server 15.0.7 allows group admins to create users with IDs of system folders...

Cisco Prime Infrastructure TFTP Arbitrary File Upload and Command Execution Vulnerability (cisco-sa-20181003-pi-tftp)

The Cisco Prime Infrastructure application running on the remote host is affected by an arbitrary file upload flaw, which could lead to a remote code execution vulnerability. This is due to incorrect permissions for various system folders, which a file could be uploaded to via TFTP. The commands ...

Microsoft Windows - Desktop Bridge VFS Privilege Escalation

Microsoft Windows - Desktop Bridge VFS Privilege Escalation Windows: Windows: Desktop Bridge VFS EoP Platform: Windows 1709 not tested earlier version Class: Elevation of Privilege Summary: The handling of the VFS for desktop bridge applications can allow an application to create virtual files in...

Design/Logic Flaw

Cisco Unified Web and E-Mail Interaction Manager 9.02 improperly performs authorization, which allows remote authenticated users to remove default messaging-queue system folders via unspecified vectors, aka Bug ID CSCuo89046...

Microsoft Windows NT 4.02000 - DLL Search Path

Microsoft Windows NT 4.02000 - DLL Search Path source: https://www.securityfocus.com/bid/1699/info When a program executes under Microsoft Windows, it may require additional code stored in DLL library files. These files are dynamically located at run time, and loaded if necessary. A weakness exis...