9 matches found
CVE-2024-7038
CVE-2024-7038 describes an information disclosure in open-webui v0.3.8 where the embedding model update feature under admin settings reveals different error messages based on file existence/configuration. This enables an attacker to enumerate file names and traverse directories, exposing sensitiv...
CVE-2024-4576 TIBCO EBX File Inclusion Vulnerability
The component listed above contains a vulnerability that allows an attacker to traverse directories and access sensitive files, leading to unauthorized disclosure of system configuration and potentially sensitive information...
CVE-2022-33164
IBM Security Directory Server 7.2.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view or write to arbitrary files on the system. IBM X-Force ID: 228579...
Security Bulletin: There is a vulnerability in JSZip used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2022-48285)
Summary There is a vulnerability in JSZip used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2022-48285 DESCRIPTION: JSZip could allow a remote attacker to traverse directories on the system, caused by the failure to sanitize filenames when file...
CVE-2022-48285
A flaw was found in the JSZip package. Affected versions of JSZip could allow a remote attacker to traverse directories on the system caused by the failure to sanitize filenames when files are loaded with loadAsync, which makes the library vulnerable to a Zip Slip attack. By extracting files from...
Security Bulletin:IBM TRIRIGA Application Platform discloses CVE-2020-25020
Summary IBM TRIRIGA Application Platform discloses CVE-2020-25020 Vulnerability Details CVEID:CVE-2020-25020 DESCRIPTION: MPXJ could allow a remote attacker to obtain sensitive information, caused by improper handling of XML external entity XXE declarations by the GanttProjectReader and...
Security Bulletin: A vulnerability in Samba affects IBM Spectrum Scale SMB protocol access method (CVE-2019-3880)
Summary A Samba vulnerability affects IBM Spectrum Scale SMB protocol access method that could allow a remote authenticated attacker to traverse a symbolic link on the system and write files outside the SMB share. Vulnerability Details This vulnerability only affects systems having SMB1 and...
LibreOffice RCE Vulnerability (Feb 2019) - Windows
LibreOffice is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2017-1279
IBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system. IBM X-Force ID: 124757...