Budibase: Unauthenticated S3 signed upload URL generation allows arbitrary writes with stored datasource credentials

The application server exposes an unauthenticated endpoint that generates S3 PutObject presigned URLs using credentials stored in a workspace datasource. The route is protected only by the recaptcha middleware and does not require authentication, table permission, datasource permission, or builde...

WordPress plugin Google Drive upload and download link 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

EUVD-2024-31747

Malicious code in bioql PyPI...

EUVD-2024-46448

Malicious code in bioql PyPI...

CVE-2024-5208

An uncontrolled resource consumption vulnerability exists in the upload-link endpoint of mintplex-labs/anything-llm. This vulnerability allows attackers to cause a denial of service DOS by shutting down the server through sending invalid upload requests. Specifically, the server can be made to sh...

CVE-2024-3149

A Server-Side Request Forgery SSRF vulnerability exists in the upload link feature of mintplex-labs/anything-llm. This feature, intended for users with manager or admin roles, processes uploaded links through an internal Collector API using a headless browser. An attacker can exploit this by...

SchoolPlus 1.0 Shell Upload

============================================================================================================================================= | Title : SchoolPlus v1.0 Remote File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64...

CVE-2024-5208

An uncontrolled resource consumption vulnerability exists in the upload-link endpoint of mintplex-labs/anything-llm. This vulnerability allows attackers to cause a denial of service DOS by shutting down the server through sending invalid upload requests. Specifically, the server can be made to sh...

CVE-2024-5208

An uncontrolled resource consumption vulnerability exists in the upload-link endpoint of mintplex-labs/anything-llm. This vulnerability allows attackers to cause a denial of service DOS by shutting down the server through sending invalid upload requests. Specifically, the server can be made to sh...

CVE-2024-5208 Uncontrolled Resource Consumption in mintplex-labs/anything-llm

An uncontrolled resource consumption vulnerability exists in the upload-link endpoint of mintplex-labs/anything-llm. This vulnerability allows attackers to cause a denial of service DOS by shutting down the server through sending invalid upload requests. Specifically, the server can be made to sh...

PT-2024-35120 · Mintplex · Anything-Llm

Name of the Vulnerable Software and Affected Versions: mintplex-labs/anything-llm affected versions not specified Description: An uncontrolled resource consumption issue exists in the "upload-link" endpoint, allowing attackers to cause a denial of service DOS by shutting down the server through...

CVE-2024-3149

A Server-Side Request Forgery SSRF vulnerability exists in the upload link feature of mintplex-labs/anything-llm. This feature, intended for users with manager or admin roles, processes uploaded links through an internal Collector API using a headless browser. An attacker can exploit this by...

CVE-2024-3149

A Server-Side Request Forgery SSRF vulnerability exists in the upload link feature of mintplex-labs/anything-llm. This feature, intended for users with manager or admin roles, processes uploaded links through an internal Collector API using a headless browser. An attacker can exploit this by...

CVE-2024-3149

The CVE-2024-3149 entry describes a Server-Side Request Forgery (SSRF) in the upload link feature of mintplex-labs/anything-llm. The vulnerability affects the upload workflow used by users with manager/admin roles, where uploaded links are processed via an internal Collector API using a headless ...

AnythingLLM Code Issue Vulnerability

AnythingLLM is a business-compliant document chatbot. AnythingLLM has a code issue vulnerability that stems from a server-side request forgery SSRF vulnerability in the upload link feature...

PT-2024-24118 · Mintplex +1 · Anything-Llm +1

Name of the Vulnerable Software and Affected Versions: mintplex-labs/anything-llm affected versions not specified Description: A Server-Side Request Forgery SSRF vulnerability exists in the upload link feature of mintplex-labs/anything-llm. This feature, intended for users with manager or admin...

Joomla Component Restaurante Remote File Upload Vulnerability

No description provided by source. Joomla Component Restaurante = Remote File Upload Vulnerability found by : Cold z3ro Homepage : www.hackteach.org , www.xp10.com ================================================================ @@ joomla/index.php?option=comrestaurante&task=upload...

Joomla! Component Restaurante - Arbitrary File Upload

Joomla! Component Restaurante - Arbitrary File Upload Joomla Component Restaurante = Remote File Upload Vulnerability found by : Cold z3ro Homepage : www.hackteach.org , www.xp10.com ================================================================ @@...