4072 matches found
Cross-site Scripting (XSS) - Reflected in falconchristmas/fpp
✍️ Description An XSS vulnerability is present in https://github.com/FalconChristmas/fpp/blob/f032d800a67ed280f8d577d95519a71c95114579/www/upgradeOS.phpL26 due to absence of user input sanitization : php Image: 🕵️♂️ Proof of Concept Visit...
Improper Access Control in causefx/organizr
✍️ Description Google Maps API key without proper referer restrictions is found in your repo. It can be embeded to anyone's website and if the billing account is active, it will incur charges on your account. 🕵️♂️ Proof of Concept Visit the following link to verify that you can use the service...
Stack-based Buffer Overflow in codeplea/tinyexpr
✍️ Description Whilst experimenting with repl built from commit 61af1d, with Clang 10 +ASan on Ubuntu 20.04.2 LTS, we discovered an expression containing 4 null characters after a newline which, due to insufficient bounds checking, triggers a stack-buffer-overflow. 🕵️♂️ Proof of Concept echo...
Cross-site Scripting (XSS) - Reflected in tagspaces/viewertext
✍️ Description viewerText used within the Tagspaces to show a preview of text files is vulnerable to cross site scripting. 🕵️♂️ Proof of Concept If any HTML is feeded to setContent function: javascript setContent"alert'xss'; It appends it to the dom without any filteration: javascript...
Cross-site Scripting (XSS) - Stored in dolibarr/dolibarr
💥 BUG Stored xss bypassing xss filter 💥 SUMMURY There are many different user with different role . Here using this xss bug lower level user can make xss attack against higher level user 💥 PAYLOAD XSS15 💥 STEP TO REPRODUCE 1. First goto your account and edit a product . Now put above xss payload ...
Cross-site Scripting (XSS) - Reflected in falconchristmas/fpp
✍️ Description In https://github.com/FalconChristmas/fpp/blob/123cdf2eb11062766da333a7a4d85bc0bf620e47/www/runEventScript.phpL30 you echo unsanitied user input in two places : php \n"; // 1 echo "\n"; system$SUDO . " $fppDir/scripts/eventScript $scriptDirectory/$script $args"; echo "\n"; else ?...
OS Command Injection in falconchristmas/fpp
✍️ Description In https://github.com/FalconChristmas/fpp/blob/123cdf2eb11062766da333a7a4d85bc0bf620e47/www/copystorage.phpL27 you build a command using unsanitized user input : php &1"; // no sanitization : echo "Command: $command\n"; echo...
Path Traversal in thecodingmachine/mouf
✍️ Description Mouf is vulnerable to path traversal attacks on mouf/mouf/src/direct/getsourcefile.php because it doesnt sanitize user supplied parameters as shown below. Vulnerable variable: file Method: GET The $file variable is constructed using the user supplied data, and then a file is open...
Cross-site Scripting (XSS) - Generic in forkcms/forkcms
✍️ Description The forkcms is vulnerable to XSS through adding new media. 🕵️♂️ Proof of Concept Payload: . 1. With an authenticated user, access: http://localhost/private/en/medialibrary/mediaitemindex. 2. Select the option Online movies Youtube, Vimeo, ... and click on Next. 3. Select any source...
Cross-site Scripting (XSS) - Generic in forkcms/library
✍️ Description Please enter a description of the vulnerability. Submitted values weren't escaped in case of date, time or hidden fields. This made it possible to perform an XSS attack by URL tampering 🕵️♂️ Proof of Concept Find a Spoon Form where there is a date, time or hidden field and pass...
Cross-site Scripting (XSS) - Generic in prasathmani/tinyfilemanager
:book: Description TinyFileManager is web based file manager and it is a simple, fast and small file manager with a single file, multi-language ready web application for storing, uploading, editing and managing files and folders online via web browser. The Application runs on PHP 5.5+, It allows...
Prototype Pollution in nodef/extra-object
Description extra-object is vulnerable to Prototype Pollution. This package allowing for modification of prototype behavior, which may result in Information Disclosure/DoS/RCE. Proof of Concept 1. Create the following PoC file: js // poc.js var extraObject = require"extra-object" var obj =...
Uncontrolled Search Path in HunposTagger Allows Untrusted Local Binary Selection in nltk/nltk
This report is not public...
Unbounded Frame Count in video/jpeg Base64 Data URL Processing Leads to OOM DoS
Summary The VideoMediaIO.loadbase64 method in vLLM's multimodal processing pipeline splits video/jpeg data URLs by comma delimiters to extract individual JPEG frames, but does not enforce a frame count limit. An attacker can craft a single API request containing thousands of comma-separated...
Content-Type Spoofing in LollMS Image Upload
Executive Summary A security vulnerability has been identified in LollMS that allows authenticated users to bypass file type validation by spoofing the Content-Type header. The /api/upload/chatimage endpoint only validates the HTTP header, not the actual file content, allowing malicious files to ...
Command Injection in example_xcom.py via XCom race condition
This report is not public...
Path traversal vulnerability via `FileSystemPathPointer.join()` method allows unauthorized file access
Description A critical path traversal vulnerability exists in the FileSystemPathPointer.join method within the nltk library. The vulnerability allows attackers to bypass directory restrictions and access files outside the intended directory structure by using path traversal sequences such as ../ ...
Integer Overflow lead to DOS in API `v2/models/<model-name>/infer`
This report is not public...
Arbitrary code execution during YAML config parsing in Kubernetes materializer
Summary The Kubernetes materializer entry point feast/sdk/python/feast/infra/computeengines/kubernetes/main.py deserializes /var/feast/featurestore.yaml and /var/feast/materializationconfig.yaml using yaml.load..., Loader=yaml.Loader. Because yaml.Loader eagerly instantiates arbitrary Python...
Integer Overflow → Heap Buffer Overflow in BYTES-Tensor Parsing (DoS)
This report is not public...
Possible HTML Injection in Accept-Language header
This report is not public...
User Enumeration via "Account not found" Message
This report is not public...
World-Writable NLTK Cache Directory Enables Local Users to Tamper with or Delete NLP Data
Description The llamaindex library sets the NLTK data directory to a subdirectory of the codebase by default e.g., static/nltkcache inside the package directory. In multi-user environments or shared hosting, this directory is world-writable or accessible by multiple users. As a result, any user c...
Mass Assignment
Description Mass assignment is a vulnerability that occurs when an application automatically binds user-provided data e.g., from JSON via req.query to internal object properties or database fields without proper filtering. This can allow attackers to manipulate sensitive fields they shouldn’t hav...
Full system file read and delete via GET /api/v1/images/download/{bulk_download_item_name}
Description For invokeai version v6.0.0a1 and below, there is an endpoint for bulk downloading zip file. With some manipulation of the filename arguments, attacker can read and also delete any files on the server through this endpoint. P/S: Tested on Windows Proof of Concept Request: GET...
I
Description Improper authorization controls in the conversation sharing feature make it possible to access other user's conversations given a known conversation ID. The exploitability is limited by the fact that UUIDv4 conversation IDs are generated on the server side and are practically impossib...
Python sandbox escape leading to Remote Code Execution (RCE)
Smolagents python sandbox escape leading to Remote Code Execution RCE Summary Smolagents is a barebones library for building agents that “ think in Python code ”—generating and executing Python as part of their reasoning process. Given this design, secure code execution is a critical backbone of...
Unsafe `Deserialization` in `JsonPickleSerializer` Enables Remote Code Execution
Description A critical deserialization vulnerability exists in the llamaindex library’s JsonPickleSerializer component, enabling remote code execution RCE due to an insecure fallback to Python’s pickle module. When deserializing untrusted data, JsonPickleSerializer prioritizes pickle.loads, which...
URL Parsing Issue
Repository: Hugging Face Transformers File: imageutils.py Line: 834 Code Snippet: if video.startswith"https://www.youtube.com" or video.startswith"http://www.youtube.com": Vulnerability Description: The current implementation checks if a video URL starts with "https://www.youtube.com" or...
unsanitised Input in code node
Description We can run sandboxed code node with full permissions, before the the sandbox security restrictions are imposed. Javascript allows overriding global functions, thus by defining the parseInt function inside a javascript code node, we are able to execute code with full root permissions o...
Regular expression Denial of Service - ReDoS
Description A regular expression denial of service ReDoS vulnerability has been identified in the Hugging Face Transformers library's dynamic module utilities. The vulnerability exists in the getimports function in dynamicmoduleutils.py, which uses a vulnerable regular expression pattern to filte...
Path Traversal via Symbolic Links in `ObsidianReader`
Description The ObsidianReader class, designed to parse Obsidian vaults, contains a critical security flaw that allows arbitrary file read through symbolic links symlinks. When processing a vault, the reader does not resolve or validate the absolute paths of files, enabling an attacker to place a...
Privilege escalation from writing file into temporary directory to arbitrary code execution
Description The MLFlow temporary directory gets assigned insecure world-writable permissions 0o777. def getorcreatetmpdir: """ Get or create a temporary directory which will be removed once python process exit. """ from mlflow.utils.databricksutils import getreplid, isindatabricksruntime if...
SQL injection vulnerabilities in multiple vector stores
Description Multiple vector store integrations have SQL injection vulnerabilities, which can allow an attacker to read and write data using SQL. Example vulnerable code snippet in the Couchbase vector store integration: def deleteself, refdocid: str, kwargs: Any - None: """ Delete a document by i...
A DoS attack occurred in run-llama/llama_index due to inappropriate secure coding measures
Description A DoS vulnerability has been identified in the KnowledgeBaseWebReader class of the run-llama/llamaindex project, and this issue has been reported see the link below: Huntr Report : https://huntr.com/bounties/27883f22-35ff-49df-aaa5-05031c7d6ad8 However, due to the developer's...
Bucket "h2o-release" publicly writable, allowing an attacker to replace any file
The S3 bucket "h2o-release" where you host docs and which you instruct your users to use as a Maven repo e.g. in here https://github.com/h2oai/h2o-3?tab=readme-ov-file3-using-h2o-3-artifacts is publicly writable. It is possible to overwrite any file in that bucket. As a PoC I created the followin...
Regular expression Denial of Service - ReDoS
Description A Regular Expression Denial of Service ReDoS vulnerability was identified in the Transformers library, specifically in the file tokenizationgptneoxjapanese.py of the GPT-NeoX-Japanese model. The vulnerability occurs in the SubWordJapaneseTokenizer class, where regular expressions...
SQL Injection to RCE on FinanceChatLlamaPack
Summary The Finance Chat Llama Pack implements a hierarchical agent based on LLM for financial chat and information extraction. It includes an agent called 'database agent' for interacting with a PostgreSQL database. However, due to the lack of protections in the runsqlquery function on the...
SSRF check bypass in Requests utility
Description The autogpt application relies on a wrapper around the requests library in order to avoid SSRF attacks performing a check on the provided URL. Such check is performed using the urlparse function from urllib.parse library, and the request is later performed using the requests library...
MD5 Hash Collision in SageMaker Workflow
The possibility exists that MD5 collisions could occur in past cache configurations, potentially leading to workflows being inadvertently replaced. Impact In a SageMaker workflow, there is a potential risk associated with using MD5 hashes due to hash collisions. MD5 is vulnerable to collision...
Partial Account Takeover due to Insecure Data Querying
This report is not public...
Path traversal, lead to arbitrary file write, lead to remote code execution
Description Anythingllm use multer library to handle http multi-part file upload. Anything llm use the following code to handle non-ascii file name file.originalname = Buffer.fromfile.originalname, "latin1".toString "utf8" ; This way of manipulating filename is will lead to path traversal. multer...
malicious gguf model can cause DoS by allocate unlimited memory via network access
This report is not public...
dify tools vanna has pandas query inject
This report is not public...
Denial of service by tracking large images
This report is not public...
unhandled exception caused server crash
Description in javascript express framework, if async router handler throw an exception, the whole server will crash. In librechat, some API, when leading with some malformed input, will have uncaught exception. This will lead to server crash, thus a full denial of service. Mind that although thi...
Improper Role Modification by Admins for Billing Permissions
Description Admins, who do not have direct permissions to access billing resources, are able to change the permissions of existing users to have billing permissions. This can lead to a privilege escalation scenario where an administrator can: 1. Change the role of an existing user to include...
Open Redirect
This report is not public...
Deleted account still has the right to create, delete other accounts (delete surveys)
Description An account that has been deleted still has the right to create, delete surveys other accounts Proof of Concept Video Poc https://drive.google.com/file/d/1kvNqK8tYvWDabLigI6dZsp4kpKKkrfIx/view?usp=sharing...
Reflected XSS via "importFormat" parameter
Description Please enter a description of the vulnerability. Proof of Concept - Login as administrator or any user with access to User import/export feature. - Visit the following URL...