4072 matches found
Cross-site Scripting (XSS) - Generic in prasathmani/tinyfilemanager
:book: Description TinyFileManager is web based file manager and it is a simple, fast and small file manager with a single file, multi-language ready web application for storing, uploading, editing and managing files and folders online via web browser. The Application runs on PHP 5.5+, It allows...
Arbitrary Code Execution via LossNode importlib.import_module() Before audit_tree() Trust Check
Arbitrary Code Execution via LossNode Import Before Audit — Trust Check Bypass Summary The LossNode.init method in skops/io/sklearn.py calls gettype, which invokes importlib.importmodule with attacker-controlled module and class names from the .skops file's schema.json. This import occurs during...
Unsafe cloudpickle.loads() and eval() in Callables Enable RCE via Malicious Task Payloads
This report is not public...
Arbitrary File Write via Path Traversal in Malicious NLTK Downloader Index (nltk.downloader.Package.fromxml)
NLTK relies on the nltk.downloader.Downloader class to securely fetch corpora and models. It fetches an index.xml file to map package ids to payload URLs. A critical Arbitrary File Write vulnerability exists in nltk.downloader.Package.fromxml due to a lack of sanitization on the id field. When...
Uncontrolled Recursion in NLTK StupidBackoff Language Model Allows Denial of Service
This report is not public...
Content-Type Spoofing in LollMS Image Upload
Executive Summary A security vulnerability has been identified in LollMS that allows authenticated users to bypass file type validation by spoofing the Content-Type header. The /api/upload/chatimage endpoint only validates the HTTP header, not the actual file content, allowing malicious files to ...
Command Injection in example_xcom.py via XCom race condition
This report is not public...
Integer Overflow lead to DOS in API `v2/models/<model-name>/infer`
This report is not public...
Arbitrary code execution during YAML config parsing in Kubernetes materializer
Summary The Kubernetes materializer entry point feast/sdk/python/feast/infra/computeengines/kubernetes/main.py deserializes /var/feast/featurestore.yaml and /var/feast/materializationconfig.yaml using yaml.load..., Loader=yaml.Loader. Because yaml.Loader eagerly instantiates arbitrary Python...
Integer Overflow → Heap Buffer Overflow in BYTES-Tensor Parsing (DoS)
This report is not public...
Possible HTML Injection in Accept-Language header
This report is not public...
User Enumeration via "Account not found" Message
This report is not public...
World-Writable NLTK Cache Directory Enables Local Users to Tamper with or Delete NLP Data
Description The llamaindex library sets the NLTK data directory to a subdirectory of the codebase by default e.g., static/nltkcache inside the package directory. In multi-user environments or shared hosting, this directory is world-writable or accessible by multiple users. As a result, any user c...
SSRF in MLflow via user-controlled gateway_path parameter
Description A Server-Side Request Forgery SSRF vulnerability exists in the gatewayproxyhandler function of MLflow. This function accepts a user-controlled gatewaypath parameter and concatenates it directly with a targeturi, allowing an attacker to control the full outbound HTTP request path from...
Mass Assignment
Description Mass assignment is a vulnerability that occurs when an application automatically binds user-provided data e.g., from JSON via req.query to internal object properties or database fields without proper filtering. This can allow attackers to manipulate sensitive fields they shouldn’t hav...
Full system file read and delete via GET /api/v1/images/download/{bulk_download_item_name}
Description For invokeai version v6.0.0a1 and below, there is an endpoint for bulk downloading zip file. With some manipulation of the filename arguments, attacker can read and also delete any files on the server through this endpoint. P/S: Tested on Windows Proof of Concept Request: GET...
I
Description Improper authorization controls in the conversation sharing feature make it possible to access other user's conversations given a known conversation ID. The exploitability is limited by the fact that UUIDv4 conversation IDs are generated on the server side and are practically impossib...
Python sandbox escape leading to Remote Code Execution (RCE)
Smolagents python sandbox escape leading to Remote Code Execution RCE Summary Smolagents is a barebones library for building agents that “ think in Python code ”—generating and executing Python as part of their reasoning process. Given this design, secure code execution is a critical backbone of...
Unsafe `Deserialization` in `JsonPickleSerializer` Enables Remote Code Execution
Description A critical deserialization vulnerability exists in the llamaindex library’s JsonPickleSerializer component, enabling remote code execution RCE due to an insecure fallback to Python’s pickle module. When deserializing untrusted data, JsonPickleSerializer prioritizes pickle.loads, which...
URL Parsing Issue
Repository: Hugging Face Transformers File: imageutils.py Line: 834 Code Snippet: if video.startswith"https://www.youtube.com" or video.startswith"http://www.youtube.com": Vulnerability Description: The current implementation checks if a video URL starts with "https://www.youtube.com" or...
unsanitised Input in code node
Description We can run sandboxed code node with full permissions, before the the sandbox security restrictions are imposed. Javascript allows overriding global functions, thus by defining the parseInt function inside a javascript code node, we are able to execute code with full root permissions o...
Regular expression Denial of Service - ReDoS
Description A regular expression denial of service ReDoS vulnerability has been identified in the Hugging Face Transformers library's dynamic module utilities. The vulnerability exists in the getimports function in dynamicmoduleutils.py, which uses a vulnerable regular expression pattern to filte...
Path Traversal via Symbolic Links in `ObsidianReader`
Description The ObsidianReader class, designed to parse Obsidian vaults, contains a critical security flaw that allows arbitrary file read through symbolic links symlinks. When processing a vault, the reader does not resolve or validate the absolute paths of files, enabling an attacker to place a...
Privilege escalation from writing file into temporary directory to arbitrary code execution
Description The MLFlow temporary directory gets assigned insecure world-writable permissions 0o777. def getorcreatetmpdir: """ Get or create a temporary directory which will be removed once python process exit. """ from mlflow.utils.databricksutils import getreplid, isindatabricksruntime if...
SQL injection vulnerabilities in multiple vector stores
Description Multiple vector store integrations have SQL injection vulnerabilities, which can allow an attacker to read and write data using SQL. Example vulnerable code snippet in the Couchbase vector store integration: def deleteself, refdocid: str, kwargs: Any - None: """ Delete a document by i...
Bucket "h2o-release" publicly writable, allowing an attacker to replace any file
The S3 bucket "h2o-release" where you host docs and which you instruct your users to use as a Maven repo e.g. in here https://github.com/h2oai/h2o-3?tab=readme-ov-file3-using-h2o-3-artifacts is publicly writable. It is possible to overwrite any file in that bucket. As a PoC I created the followin...
Regular expression Denial of Service - ReDoS
Description A Regular Expression Denial of Service ReDoS vulnerability was identified in the Transformers library, specifically in the file tokenizationgptneoxjapanese.py of the GPT-NeoX-Japanese model. The vulnerability occurs in the SubWordJapaneseTokenizer class, where regular expressions...
SQL Injection to RCE on FinanceChatLlamaPack
Summary The Finance Chat Llama Pack implements a hierarchical agent based on LLM for financial chat and information extraction. It includes an agent called 'database agent' for interacting with a PostgreSQL database. However, due to the lack of protections in the runsqlquery function on the...
SSRF check bypass in Requests utility
Description The autogpt application relies on a wrapper around the requests library in order to avoid SSRF attacks performing a check on the provided URL. Such check is performed using the urlparse function from urllib.parse library, and the request is later performed using the requests library...
MD5 Hash Collision in SageMaker Workflow
The possibility exists that MD5 collisions could occur in past cache configurations, potentially leading to workflows being inadvertently replaced. Impact In a SageMaker workflow, there is a potential risk associated with using MD5 hashes due to hash collisions. MD5 is vulnerable to collision...
Partial Account Takeover due to Insecure Data Querying
This report is not public...
Path traversal, lead to arbitrary file write, lead to remote code execution
Description Anythingllm use multer library to handle http multi-part file upload. Anything llm use the following code to handle non-ascii file name file.originalname = Buffer.fromfile.originalname, "latin1".toString "utf8" ; This way of manipulating filename is will lead to path traversal. multer...
malicious gguf model can cause DoS by allocate unlimited memory via network access
This report is not public...
Denial of service through tracking and requesting Aim objects through web API
This report is not public...
dify tools vanna has pandas query inject
This report is not public...
unhandled exception caused server crash
Description in javascript express framework, if async router handler throw an exception, the whole server will crash. In librechat, some API, when leading with some malformed input, will have uncaught exception. This will lead to server crash, thus a full denial of service. Mind that although thi...
Improper Role Modification by Admins for Billing Permissions
Description Admins, who do not have direct permissions to access billing resources, are able to change the permissions of existing users to have billing permissions. This can lead to a privilege escalation scenario where an administrator can: 1. Change the role of an existing user to include...
Deleted account still has the right to create, delete other accounts (delete surveys)
Description An account that has been deleted still has the right to create, delete surveys other accounts Proof of Concept Video Poc https://drive.google.com/file/d/1kvNqK8tYvWDabLigI6dZsp4kpKKkrfIx/view?usp=sharing...
Reflected XSS via "importFormat" parameter
Description Please enter a description of the vulnerability. Proof of Concept - Login as administrator or any user with access to User import/export feature. - Visit the following URL...
Improper Authorization in add role function leads to privilege escalation
Description The application improperly performs user authorization, resulting in a user with the user management role being able to modify their own permissions or those of others. Proof of Concept Step1: The highest-level administrator or an administrator with the permission to create roles...
An agent without permission has the ability to update, add, or delete FAQ items
Description I discovered a vulnerability in the osticket application. When an administrator creates a category and adds some FAQ items, they have the ability to grant update, delete, and add permissions to agents. Once granted access, an agent can login and edit, delete, or add FAQs and record...
Leak Secret tokens by changing baseURL
Description nuxt-api-party allows developers to easily hook up APIs. You can configure API URLs and Credentials to be sent on requests. It is suggested in the documentation that this plugin is capable of handling sensitive data. There is a design flaw that could allow an attacker to extract priva...
Incorrect Authorization leads to delete user
Description The application is experiencing incorrect permission settings, leading to the user with user administration rights being able to delete anyone, including users who are not under their management authority. Proof of Concept Step1:The User Demo super admin creates a user admin with user...
Cross-site Scripting in Preview function bypass CSP
Description In text.js plugins, the user have Extract Text from the graph, so this function will extract all text and as we can see, the user can preview text above and since the server doesn't clean up the text before rendering, it results in XSS. Proof of Concept html ' Step to reproduce Drag a...
IDOR Vulnerability Allow the owner of one Organization can edit, delete and resetpassword users that belong to other organization
1 first, we create two organizations: org1 and org2. The owner of them is user1 and user2 corresponding. 2 we login as user1 and reset itsself password. 3 using the burpsuit to hack hijack the post. 4 The post and can be like: PUT...
IDOR Vulnerability Allow the owner of one Organization can disable users that belong to other oggainzation
1 first, we create two organizations: org1 and org2. The owner of them is user1 and user2 corresponding. 2 we login as user1 and click disable , then we use burpsuit to get the post. 3 The post can be like : POST /admin/api/users/2/enable/false HTTP/1.1 5 we replace user id 2 to 3. 6 check the...
heap-buffer-overflow in vim_strrchr
Description heap based buffer overflow in vimstrrchr at strings.c:682 Vim Version git log commit ea83c194625e51c28a2796eba9ba87b0b9ab23e0 HEAD - master, tag: v9.0.1414, origin/master, origin/HEAD Proof of Concept ./vim -u NONE -i NONE -n -m -X -Z -e -s -S POCvimstrrchr -c :qa!...
SQL Injection
Description In '/core/ajax/ajaxselect2.phpL989' php "istrash = 0 and datebatchexpirydate = curdate and batchnumber LIKE '". $search ."%'" $search from: php $search = isset$GET'q' ? $GET'q' : ""; no sanitize. Poc http GET /info/?module=select2&page=batchList&q=1'union/%23&pid=1/select+111,222%23...
stored xss
Description stored xss bug SUMMURY here i uses demo installation https://demo.limesurvey.org/ in firefox browser Proof of Concept login into any user account who has permission to view the survey and visit url...
reflected xss
Description reflected xss SUMMURY here i uses demo instalation https://demo.limesurvey.org/ in firefox browser Proof of Concept login into user account and visit...