CVE-2024-4287

In mintplex-labs/anything-llm, a vulnerability exists due to improper input validation in the workspace update process. Specifically, the application fails to validate or format JSON data sent in an HTTP POST request to /api/workspace/:workspace-slug/update, allowing it to be executed as part of ...

PT-2024-30188 · Unknown · Anything-Llm

Name of the Vulnerable Software and Affected Versions: anything-llm affected versions not specified Description: A vulnerability exists in the workspace update process due to improper input validation. The application fails to validate or format JSON data sent in an HTTP POST request to...

CVE-2022-29653

OFCMS v1.1.4 was discovered to contain a cross-site scripting XSS vulnerability via the component /admin/comn/service/update.json...

CVE-2022-29653

OFCMS v1.1.4 was discovered to contain a cross-site scripting XSS vulnerability via the component /admin/comn/service/update.json...

OFCMS 跨站脚本漏洞

OFCMS is a content management system CMS developed by China Zhongtian Network Technology Company using Java language. v1.1.4 of OFCMS has a cross-site scripting vulnerability, which originates from the component /admin/comn/service/update.json lack of data validation filtering for user-supplied...

ASUS RT-AX56U 路径遍历漏洞

The ASUS RT-AX56U is a wireless router from ASUS of Taiwan, China. A path traversal vulnerability exists in the ASUS RT-AX56U updatejson function due to insufficient filtering of special characters in URL parameters. An attacker can exploit the vulnerability to cause a service interruption by...

CVE-2022-23970

ASUS RT-AX56U’s updatejson function has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. An unauthenticated LAN attacker can overwrite a system file by uploading another file with the same file name, which results in service disruption...

CVE-2021-40099

An issue was discovered in Concrete CMS through 8.5.5. Fetching the update json scheme over HTTP leads to remote code execution...

Remote code execution

An issue was discovered in Concrete CMS through 8.5.5. Fetching the update json scheme over HTTP leads to remote code execution...

PortlandLabs Concrete CMS 安全漏洞

PortlandLabs Concrete Cms is a team-oriented open source content management system for the United States PortlandLabs . A security vulnerability exists in Concrete CMS 8.5.5 and prior versions, which can be exploited by an attacker to obtain an update json over HTTP potentially leading to remote...

CVE-2017-9325

The provided secure solrconfig.xml sample configuration does not enforce Sentry authorization on /update/json/docs...

CVE-2017-9325

The provided secure solrconfig.xml sample configuration does not enforce Sentry authorization on /update/json/docs...

Debian Security Advisory DSA 2948-1 (python-bottle - security update)

It was discovered that Bottle, a WSGI-framework for Python, performed a too permissive detection of JSON content, resulting a potential bypass of security mechanisms. OpenVAS Vulnerability Test $Id: deb2948.nasl 6637 2017-07-10 09:58:13Z teissa $ Auto-generated from advisory DSA 2948-1 using nvtg...

Debian: Security Advisory (DSA-2948-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...