NEXUS: Network Exploration for EXploiting Unsafe Sequences in Multi-Turn LLM Jailbreaks

Large Language Models LLMs have revolutionized natural language processing but remain vulnerable to jailbreak attacks, especially multi-turn jailbreaks that distribute malicious intent across benign exchanges and bypass alignment mechanisms. Existing approaches often explore the adversarial space...

CVE-2024-50038

In the Linux kernel, the following vulnerability has been resolved: netfilter: xtables: avoid NFPROTOUNSPEC where needed syzbot managed to call xtcluster match via ebtables: WARNING: CPU: 0 PID: 11 at net/netfilter/xtcluster.c:72 xtclustermt+0x196/0x780 .. ebtdotable+0x174b/0x2a40 Module register...

Server side request forgery (ssrf)

plone.rest allows users to use HTTP verbs such as GET, POST, PUT, DELETE, etc. in Plone. Starting in the 2.x branch and prior to versions 2.0.1 and 3.0.1, when the ++api++ traverser is accidentally used multiple times in a url, handling it takes increasingly longer, making the server less...

PT-2023-6514 · Unknown · Plone.Rest

Name of the Vulnerable Software and Affected Versions: plone.rest versions 2.0.0 through 2.0.1 plone.rest versions 3.0.0 through 3.0.1 Description: The issue is related to the ++api++ traverser in plone.rest, which allows users to use HTTP verbs such as GET, POST, PUT, DELETE, etc. in Plone. When...

Plone Security Vulnerability

Plone is an open source content management system CMS built on the Zope application server. A security vulnerability exists in plone.rest versions 2.0.0 and 3.0.0, which stems from a denial of service DoS when a traverser is used multiple times in a URL, which can make the processing time longer...

PHP Traverser 'mp3_id.php' Remote File Include Vulnerability

PHP Traverser is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information or to execute arbitrary script code in the context of the webserver process. This may all...

PHP Traverser <= 0.8.0 RFI Vulnerability

PHP Traverser is prone to a remote file include RFI vulnerability because it fails to properly sanitize user-supplied input. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

CVE-2009-4085

PHP remote file inclusion vulnerability in assets/plugins/mp3id/mp3id.php in PHP Traverser 0.8.0 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALSBASE parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...

Remote file inclusion

PHP remote file inclusion vulnerability in assets/plugins/mp3id/mp3id.php in PHP Traverser 0.8.0 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALSBASE parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...

CVE-2009-4085

PHP remote file inclusion vulnerability in assets/plugins/mp3id/mp3id.php in PHP Traverser 0.8.0 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALSBASE parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...