5 matches found
CVE-2024-7034
Open WebUI open-webui has a documented vulnerability in version 0.3.8 where the /models/upload endpoint writes files arbitrarily due to using file_path = f"{UPLOAD_DIR}/{file.filename}" without input validation. This allows directory traversal via crafted file.filename to escape UPLOAD_DIR and ov...
LocalAI Command Injection in audioToWav
A command injection vulnerability exists in the TranscriptEndpoint of mudler/localai, specifically within the audioToWav function used for converting audio files to WAV format for transcription. The vulnerability arises due to the lack of sanitization of user-supplied filenames before passing the...
CVE-2024-2029 Command Injection in mudler/localai
A command injection vulnerability exists in the TranscriptEndpoint of mudler/localai, specifically within the audioToWav function used for converting audio files to WAV format for transcription. The vulnerability arises due to the lack of sanitization of user-supplied filenames before passing the...
Trihedral VTScada Filter Bypass Information Disclosure Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trihedral VTScada. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of Wireless Application Protocol requests. The issue lies in the failur...
[SA18579] OpenSSH scp Command Line Shell Command Injection
TITLE: OpenSSH scp Command Line Shell Command Injection SECUNIA ADVISORY ID: SA18579 VERIFY ADVISORY: http://secunia.com/advisories/18579/ CRITICAL: Not critical IMPACT: Privilege escalation WHERE: Local system SOFTWARE: OpenSSH 4.x http://secunia.com/product/5653/ OpenSSH 3.x...