InvokeAI has Denial of Service (DoS) vulnerability in `/api/v1/images/upload`

A Denial of Service DoS vulnerability in the multipart request boundary processing mechanism of the Invoke-AI server version v5.0.1 allows unauthenticated attackers to cause excessive resource consumption. The server fails to handle excessive characters appended to the end of multipart boundaries...

CVE-2024-30850

Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2024-33434. Reason: This record is a duplicate of CVE-2024-33434. Notes: All CVE users should reference CVE-2024-33434 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage...

CVE-2024-30850

...

CVE-2024-30850

...

CHAOS RAT 5.0.1 Remote Command Execution

Exploit Title: CHAOS RAT v5.0.1 RCE Date: 2024-04-05 Exploit Author: @chebuya Software Link: https://github.com/tiagorlampert/CHAOS Version: v5.0.1 Tested on: Ubuntu 20.04 LTS CVE: CVE-2024-30850, CVE-2024-31839 Description: The CHAOS RAT web panel is vulnerable to command injection, which can be...

OpenZeppelin Contracts and Contracts Upgradeable duplicated execution of subcalls in v4.9.4

Context Merge conflict resolution issue when porting the v5.0.1 Multicall update to the v4.9 branch caused a duplicated line. Impact Versions using Multicall from @openzeppelin/[email protected] and @openzeppelin/[email protected] will execute each subcall twice. Concretely, this exposes ...

Cross site request forgery (csrf)

A cross-site request forgery CSRF in MipCMS v5.0.1 allows attackers to arbitrarily add users via index.php?s=/user/ApiAdminUser/itemAdd...

Cross site request forgery (csrf)

A cross-site request forgery CSRF in MipCMS v5.0.1 allows attackers to arbitrarily escalate user privileges to administrator via index.php?s=/user/ApiAdminUser/itemEdit...

CVE-2020-19263

A cross-site request forgery CSRF in MipCMS v5.0.1 allows attackers to arbitrarily escalate user privileges to administrator via index.php?s=/user/ApiAdminUser/itemEdit...

JVN#12884935: FileZen vulnerable to directory traversal

FileZen provided by Soliton Systems K.K. is an appliance for secure file transfer and sharing by mail or an web interface. FileZen contains a directory traversal vulnerability CWE-22. Impact A remote attacker may upload an arbitrary file in the specific directory in the product. If a specialy...

CVE-2019-8368

OpenEMR v5.0.1-6 allows XSS...

CVE-2019-8368

OpenEMR v5.0.1-6 allows XSS...

Cross site scripting

OpenEMR v5.0.1-6 allows XSS...

CVE-2019-8371

OpenEMR v5.0.1-6 allows code execution...

CVE-2019-8371

OpenEMR v5.0.1-6 allows code execution...

CVE-2019-8368

OpenEMR v5.0.1-6 allows XSS...

CVE-2019-8371

OpenEMR v5.0.1-6 allows code execution...

CVE-2019-8371

OpenEMR v5.0.1-6 is affected by CVE-2019-8371, which allows code execution. The OpenEMR entry is corroborated across multiple sources (NVD and Red Hat/CNVD-like records) with a CVSSv3.1 base score of 7.2 (HIGH), using a Network attack vector, Low attack complexity, no user interaction, and Privil...

74CMS 5.0.1 Cross Site Request Forgery

Exploit Title: 74CMS v5.0.1 has a CSRF vulnerability to add a new admin user Date: 2019-04-14 Exploit Author: ax8 Vendor Homepage: https://github.com/Li-Siyuan Software Link: http://www.74cms.com/download/index.html Version: v5.0.1 CVE : CVE-2019-11374 74CMS v5.0.1 has a CSRF vulnerability to add...

74CMS 5.0.1 - Cross-Site Request Forgery (Add New Admin User) Exploit

Exploit for php platform in category web applications Exploit Title: 74CMS v5.0.1 has a CSRF vulnerability to add a new admin user Exploit Author: ax8 Vendor Homepage: https://github.com/Li-Siyuan Software Link: http://www.74cms.com/download/index.html Version: v5.0.1 CVE : CVE-2019-11374 74CMS...