ReportizFlow
Filtered by vendor
Subscriptions
Total
41 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-2360 | 1 Lollms | 1 Lollms Web Ui | 2024-11-21 | 9.8 Critical |
| parisneo/lollms-webui is vulnerable to path traversal attacks that can lead to remote code execution due to insufficient sanitization of user-supplied input in the 'Database path' and 'PDF LaTeX path' settings. An attacker can exploit this vulnerability by manipulating these settings to execute arbitrary code on the targeted server. The issue affects the latest version of the software. The vulnerability stems from the application's handling of the 'discussion_db_name' and 'pdf_latex_path' parameters, which do not properly validate file paths, allowing for directory traversal. This vulnerability can also lead to further file exposure and other attack vectors by manipulating the 'discussion_db_name' parameter. | ||||
| CVE-2024-2358 | 2024-11-21 | N/A | ||
| A path traversal vulnerability in the '/apply_settings' endpoint of parisneo/lollms-webui allows attackers to execute arbitrary code. The vulnerability arises due to insufficient sanitization of user-supplied input in the configuration settings, specifically within the 'extensions' parameter. Attackers can exploit this by crafting a payload that includes relative path traversal sequences ('../../../'), enabling them to navigate to arbitrary directories. This flaw subsequently allows the server to load and execute a malicious '__init__.py' file, leading to remote code execution. The issue affects the latest version of parisneo/lollms-webui. | ||||
| CVE-2024-2178 | 2024-11-21 | N/A | ||
| A path traversal vulnerability exists in the parisneo/lollms-webui, specifically within the 'copy_to_custom_personas' endpoint in the 'lollms_personalities_infos.py' file. This vulnerability allows attackers to read arbitrary files by manipulating the 'category' and 'name' parameters during the 'Copy to custom personas folder for editing' process. By inserting '../' sequences in these parameters, attackers can traverse the directory structure and access files outside of the intended directory. Successful exploitation results in unauthorized access to sensitive information. | ||||
| CVE-2024-2083 | 2024-11-21 | N/A | ||
| A directory traversal vulnerability exists in the zenml-io/zenml repository, specifically within the /api/v1/steps endpoint. Attackers can exploit this vulnerability by manipulating the 'logs' URI path in the request to fetch arbitrary file content, bypassing intended access restrictions. The vulnerability arises due to the lack of validation for directory traversal patterns, allowing attackers to access files outside of the restricted directory. | ||||
| CVE-2024-21518 | 1 Opencart | 1 Opencart | 2024-11-21 | 7.2 High |
| This affects versions of the package opencart/opencart from 4.0.0.0. A Zip Slip issue was identified via the marketplace installer due to improper sanitization of the target path, allowing files within a malicious archive to traverse the filesystem and be extracted to arbitrary locations. An attacker can create arbitrary files in the web root of the application and overwrite other existing files by exploiting this vulnerability. | ||||
| CVE-2024-1561 | 2024-11-21 | N/A | ||
| An issue was discovered in gradio-app/gradio, where the `/component_server` endpoint improperly allows the invocation of any method on a `Component` class with attacker-controlled arguments. Specifically, by exploiting the `move_resource_to_block_cache()` method of the `Block` class, an attacker can copy any file on the filesystem to a temporary directory and subsequently retrieve it. This vulnerability enables unauthorized local file read access, posing a significant risk especially when the application is exposed to the internet via `launch(share=True)`, thereby allowing remote attackers to read files on the host machine. Furthermore, gradio apps hosted on `huggingface.co` are also affected, potentially leading to the exposure of sensitive information such as API keys and credentials stored in environment variables. | ||||
| CVE-2023-6977 | 1 Lfprojects | 1 Mlflow | 2024-11-21 | 7.5 High |
| This vulnerability enables malicious users to read sensitive files on the server. | ||||
| CVE-2023-6975 | 1 Lfprojects | 1 Mlflow | 2024-11-21 | 9.8 Critical |
| A malicious user could use this issue to get command execution on the vulnerable machine and get access to data & models information. | ||||
| CVE-2023-6909 | 1 Lfprojects | 1 Mlflow | 2024-11-21 | 7.5 High |
| Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2. | ||||
| CVE-2023-6831 | 1 Lfprojects | 1 Mlflow | 2024-11-21 | 8.1 High |
| Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2. | ||||
| CVE-2023-6130 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 8.8 High |
| Path Traversal: '\..\filename' in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2. | ||||
| CVE-2023-6023 | 1 Vertaai | 1 Modeldb | 2024-11-21 | 7.5 High |
| An attacker can read any file on the filesystem on the server hosting ModelDB through an LFI in the artifact_path URL parameter. | ||||
| CVE-2023-2780 | 1 Lfprojects | 1 Mlflow | 2024-11-21 | 9.8 Critical |
| Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.3.1. | ||||
| CVE-2023-1177 | 1 Lfprojects | 1 Mlflow | 2024-11-21 | 9.3 Critical |
| Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.2.1. | ||||
| CVE-2023-1034 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 8.8 High |
| Path Traversal: '\..\filename' in GitHub repository salesagility/suitecrm prior to 7.12.9. | ||||
| CVE-2023-0316 | 1 Froxlor | 1 Froxlor | 2024-11-21 | 5.5 Medium |
| Path Traversal: '\..\filename' in GitHub repository froxlor/froxlor prior to 2.0.0. | ||||
| CVE-2023-0104 | 1 Weintek | 1 Easybuilder Pro | 2024-11-21 | 9.3 Critical |
| The listed versions for Weintek EasyBuilder Pro are vulnerable to a ZipSlip attack caused by decompiling a malicious project file. This may allow an attacker to gain control of the user’s computer or gain access to sensitive data. | ||||
| CVE-2022-2788 | 1 Emerson | 1 Electric\'s Proficy | 2024-11-21 | 3.9 Low |
| Emerson Electric's Proficy Machine Edition Version 9.80 and prior is vulnerable to CWE-29 Path Traversal: '\..\Filename', also known as a ZipSlip attack, through an upload procedure which enables attackers to implant a malicious .BLZ file on the PLC. The file can transfer through the engineering station onto Windows in a way that executes the malicious code. | ||||
| CVE-2024-7962 | 1 Gaizhenbiao | 2 Chuanhuchatgpt, Gaizhenbiao\/chuanhuchatgpt | 2024-11-01 | 7.5 High |
| An arbitrary file read vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240628 due to insufficient validation when loading prompt template files. An attacker can read any file that matches specific criteria using an absolute path. The file must not have a .json extension and, except for the first line, every other line must contain commas. This vulnerability allows reading parts of format-compliant files, including code and log files, which may contain highly sensitive information such as account credentials. | ||||
| CVE-2024-7774 | 2 Langchain, Langchain-ai | 2 Langchain, Langchain-ai\/langchainjs | 2024-10-31 | 9.1 Critical |
| A path traversal vulnerability exists in the `getFullPath` method of langchain-ai/langchainjs version 0.2.5. This vulnerability allows attackers to save files anywhere in the filesystem, overwrite existing text files, read `.txt` files, and delete files. The vulnerability is exploited through the `setFileContent`, `getParsedFile`, and `mdelete` methods, which do not properly sanitize user input. | ||||