5 matches found
CVE-2024-7034
Open WebUI 0.3.8 is affected by a directory traversal vulnerability in the /models/upload endpoint due to unsafe handling of file.filename, allowing arbitrary file writes outside the UPLOAD_DIR and potentially overwriting system files. This can lead to unauthorized modifications and may enable re...
LocalAI Command Injection in audioToWav
A command injection vulnerability exists in the TranscriptEndpoint of mudler/localai, specifically within the audioToWav function used for converting audio files to WAV format for transcription. The vulnerability arises due to the lack of sanitization of user-supplied filenames before passing the...
CVE-2024-2029 Command Injection in mudler/localai
A command injection vulnerability exists in the TranscriptEndpoint of mudler/localai, specifically within the audioToWav function used for converting audio files to WAV format for transcription. The vulnerability arises due to the lack of sanitization of user-supplied filenames before passing the...
Trihedral VTScada Filter Bypass Information Disclosure Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trihedral VTScada. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of Wireless Application Protocol requests. The issue lies in the failur...
[SA18579] OpenSSH scp Command Line Shell Command Injection
TITLE: OpenSSH scp Command Line Shell Command Injection SECUNIA ADVISORY ID: SA18579 VERIFY ADVISORY: http://secunia.com/advisories/18579/ CRITICAL: Not critical IMPACT: Privilege escalation WHERE: Local system SOFTWARE: OpenSSH 4.x http://secunia.com/product/5653/ OpenSSH 3.x...