85 matches found
Apache Solr 安全漏洞
Apache Solr is a search server based on Lucene a full-text search engine from the Apache Foundation USA. The product supports dimensional search, vertical search, and highlighting of search results. A security vulnerability exists in Apache Solr that stems from a lack of proper cleanup of inputs ...
CVE-2024-45263
CVE-2024-45263 affects GL.iNet devices: MT6000, MT3000, MT2500, AXT1800, and AX1800 (firmware 4.6.2). The upload interface accepts arbitrary files; when executed by the device, this can cause information leakage and give an attacker complete control. No mitigations or patches are provided in the ...
firefox: thunderbird: Potential directory upload bypass via clickjacking
A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the issue as follows: A missing delay in directory upload UI could have made it possible for an attacker to trick a user into granting permission via clickjacking...
firefox: thunderbird: Potential directory upload bypass via clickjacking
A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the issue as follows: A missing delay in directory upload UI could have made it possible for an attacker to trick a user into granting permission via clickjacking...
firefox: thunderbird: Potential directory upload bypass via clickjacking
A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the issue as follows: A missing delay in directory upload UI could have made it possible for an attacker to trick a user into granting permission via clickjacking...
PT-2024-32319 · Dataease · Dataease
Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 2.10.1 Description: There is an XML external entity injection vulnerability in the static resource upload interface of DataEase. An attacker can construct a payload to implement intranet detection and file reading...
CVE-2024-24091
Yealink Meeting Server before v26.0.0.66 was discovered to contain an OS command injection vulnerability via the file upload interface...
Yealink Meeting Server Security Vulnerability
Yealink YeaLink Meeting Server is a distributed cloud video conferencing infrastructure from China Yealink Yealink. A security vulnerability exists in Yealink Meeting Server versions prior to v26.0.0.66. An attacker can exploit this vulnerability to perform an operating system command injection...
PT-2024-20226 · Jsherp · Jsherp
Name of the Vulnerable Software and Affected Versions: jshERP version 3.3 Description: The issue concerns an Arbitrary File Upload vulnerability. The jshERP-boot/systemConfig/upload interface does not check the uploaded file type, and the biz parameter can be spliced into the upload path, resulti...
CVE-2023-47464
Insecure Permissions vulnerability in GL.iNet AX1800 version 4.0.0 before 4.5.0 allows a remote attacker to execute arbitrary code via the upload API function...
Path Traversal
github.com/arduino/arduino-create-agent is vulnerable to Path Traversal. The vulnerability results from inadequate sanitization of the filename parameter. Exploiting this flaw, an attacker can execute HTTP requests on the localhost interface or bypass CORS configuration. Consequently, they may be...
Arbitrary File Upload
Gradio is vulnerable to an Arbitrary File Upload vulnerability. The vulnerability is due to the /upload interface endpoint via /tmp directory. The attacker can exploit this by uploading arbitrary files, potentially leading to unauthorized access or execution of malicious code...
SUSE CVE-2023-41626
Gradio v3.27.0 was discovered to contain an arbitrary file upload vulnerability via the /upload interface...
GHSA-V4Q9-QGQF-7JWP Gradio arbitrary file upload vulnerability
Gradio v3.27.0 was discovered to contain an arbitrary file upload vulnerability via the /upload interface...
Gradio arbitrary file upload vulnerability
Gradio v3.27.0 was discovered to contain an arbitrary file upload vulnerability via the /upload interface...
CVE-2023-41626
Gradio v3.27.0 was discovered to contain an arbitrary file upload vulnerability via the /upload interface...
CVE-2023-41626
Gradio v3.27.0 was discovered to contain an arbitrary file upload vulnerability via the /upload interface...
Design/Logic Flaw
Gradio v3.27.0 was discovered to contain an arbitrary file upload vulnerability via the /upload interface...
CVE-2023-41626
Gradio v3.27.0 was discovered to contain an arbitrary file upload vulnerability via the /upload interface...
CVE-2023-41626
Summary: CVE-2023-41626 affects Gradio v3.27.0, with a vulnerability that allows arbitrary file upload via the /upload interface. The connected sources confirm that this is an arbitrary file upload issue, but do not provide explicit exploit details, affected ranges beyond Gradio v3.27.0, or a pub...