Total
17 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-47170 | 2024-09-30 | N/A | 4.3 MEDIUM | ||
| Agnai is an artificial-intelligence-agnostic multi-user, mult-bot roleplaying chat system. A vulnerability in versions prior to 1.0.330 permits attackers to read arbitrary JSON files at attacker-chosen locations on the server. This issue can lead to unauthorized access to sensitive information and exposure of confidential configuration files. This only affects installations with `JSON_STORAGE` enabled which is intended to local/self-hosting only. Version 1.0.330 fixes this issue. | |||||
| CVE-2024-47171 | 2024-09-30 | N/A | 4.3 MEDIUM | ||
| Agnai is an artificial-intelligence-agnostic multi-user, mult-bot roleplaying chat system. A vulnerability in versions prior to 1.0.330 permits attackers to upload image files at attacker-chosen location on the server. This issue can lead to image file uploads to unauthorized or unintended directories, including overwriting of existing images which may be used for defacement. This does not affect `agnai.chat`, installations using S3-compatible storage, or self-hosting that is not publicly exposed. Version 1.0.330 fixes this vulnerability. | |||||
| CVE-2024-47169 | 2024-09-30 | N/A | 8.8 HIGH | ||
| Agnai is an artificial-intelligence-agnostic multi-user, mult-bot roleplaying chat system. A vulnerability in versions prior to 1.0.330 permits attackers to upload arbitrary files to attacker-chosen locations on the server, including JavaScript, enabling the execution of commands within those files. This issue could result in unauthorized access, full server compromise, data leakage, and other critical security threats. This does not affect `agnai.chat`, installations using S3-compatible storage, or self-hosting that is not publicly exposed. This does affect publicly hosted installs without S3-compatible storage. Version 1.0.330 fixes this vulnerability. | |||||
| CVE-2022-2265 | 1 Identity And Directory Management System Project | 1 Identity And Directory Management System | 2024-09-16 | N/A | 7.5 HIGH |
| The Identity and Directory Management System developed by Çekino Bilgi Teknolojileri before version 2.1.25 has an unauthenticated Path traversal vulnerability. This has been fixed in the version 2.1.25 | |||||
| CVE-2024-0113 | 1 Nvidia | 5 Mellanox Os, Metrox-2, Metrox-3 Xc and 2 more | 2024-09-11 | N/A | 8.8 HIGH |
| NVIDIA Mellanox OS, ONYX, Skyway, and MetroX-3 XCC contain a vulnerability in the web support, where an attacker can cause a CGI path traversal by a specially crafted URI. A successful exploit of this vulnerability might lead to escalation of privileges and information disclosure. | |||||
| CVE-2024-34191 | 2024-08-29 | N/A | 6.5 MEDIUM | ||
| htmly v2.9.6 was discovered to contain an arbitrary file deletion vulnerability via the delete_post() function at admin.php. This vulnerability allows attackers to delete arbitrary files via a crafted request. | |||||
| CVE-2024-7608 | 2024-08-28 | N/A | 5.9 MEDIUM | ||
| An authenticated user can access the restricted files from NX, EX, FX, AX, IVX and CMS using path traversal. | |||||
| CVE-2024-45190 | 2024-08-26 | N/A | 6.5 MEDIUM | ||
| Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "Pipeline Interaction" request | |||||
| CVE-2024-40505 | 2024-08-01 | N/A | 9.3 CRITICAL | ||
| **UNSUPPORTED WHEN ASSIGNED** Directory Traversal vulnerability in D-Link DAP-1650 Firmware v.1.03 allows a local attacker to escalate privileges via the hedwig.cgi component. | |||||
| CVE-2024-36991 | 2 Microsoft, Splunk | 2 Windows, Splunk | 2024-07-22 | N/A | 7.5 HIGH |
| In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. This vulnerability should only affect Splunk Enterprise on Windows. | |||||
| CVE-2024-39171 | 1 Phpvibe | 1 Phpvibe | 2024-07-12 | N/A | 9.8 CRITICAL |
| Directory Travel in PHPVibe v11.0.46 due to incomplete blacklist checksums and directory checks, which can lead to code execution via writing specific statements to .htaccess and code to a file with a .png suffix. | |||||
| CVE-2024-27901 | 2024-04-09 | N/A | 7.2 HIGH | ||
| SAP Asset Accounting could allow a high privileged attacker to exploit insufficient validation of path information provided by the users and pass it through to the file API's. Thus, causing a considerable impact on confidentiality, integrity and availability of the application. | |||||
| CVE-2024-2863 | 2024-03-25 | N/A | 5.3 MEDIUM | ||
| This vulnerability allows remote attackers to traverse paths via file upload on the affected LG LED Assistant. | |||||
| CVE-2023-41793 | 2024-03-20 | N/A | 6.7 MEDIUM | ||
| : Path Traversal vulnerability in Pandora FMS on all allows Path Traversal. This vulnerability allowed changing directories and creating files and downloading them outside the allowed directories. This issue affects Pandora FMS: from 700 through <776. | |||||
| CVE-2024-1886 | 2024-02-29 | N/A | 3.0 LOW | ||
| This vulnerability allows remote attackers to traverse the directory on the affected webOS of LG Signage. | |||||
| CVE-2022-3693 | 1 Fileorbis | 1 Fileorbis | 2024-02-04 | N/A | 7.5 HIGH |
| Path Traversal vulnerability in Deytek Informatics FileOrbis File Management System allows Path Traversal.This issue affects FileOrbis File Management System: from unspecified before 10.6.3. | |||||
| CVE-2021-1357 | 1 Cisco | 2 Unified Communications Manager, Unified Communications Manager Im And Presence Service | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system. One of the SQL injection vulnerabilities that affects Unified CM IM&P also affects Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) and could allow an attacker to conduct SQL injection attacks on an affected system. For more information about these vulnerabilities, see the Details section of this advisory. | |||||