Search Results | AttackerKB

Show filters

Topics 114 Users 9,709

Clear All

Disclosure Date

Disclosure Year Disclosure Month

Collection Command and Control Credential Access Defense Evasion Discovery Execution Exfiltration Impact Initial Access Lateral Movement Persistence Privilege Escalation

114 Total Results

Displaying 1-10 of 114

Attacker Value

Low

CVE-2020-5741

Disclosure Date: May 08, 2020 (last updated February 21, 2025)

Deserialization of Untrusted Data in Plex Media Server on Windows allows a remote, authenticated attacker to execute arbitrary Python code.

Attack Vector: Network Privileges: High User Interaction: None

1

Attacker Value

Unknown

CVE-2024-13059

Disclosure Date: February 10, 2025 (last updated February 11, 2025)

A vulnerability in mintplex-labs/anything-llm prior to version 1.3.1 allows for path traversal due to improper handling of non-ASCII filenames in the multer library. This vulnerability can lead to arbitrary file write, which can subsequently result in remote code execution. The issue arises when the filename transformation introduces '../' sequences, which are not sanitized by multer, allowing attackers with manager or admin roles to write files to arbitrary locations on the server.

0

Attacker Value

Unknown

CVE-2024-12687

Disclosure Date: December 16, 2024 (last updated December 18, 2024)

Deserialization of Untrusted Data vulnerability in PlexTrac (Runbooks modules) which allows Object Injection and arbitrary file writes. This issue affects PlexTrac: from 1.61.3 before 2.8.1.

0

Attacker Value

Unknown

CVE-2024-11839

Disclosure Date: December 13, 2024 (last updated December 18, 2024)

Deserialization of Untrusted Data vulnerability in PlexTrac (Runbooks modules) which allows Object Injection and arbitrary file writes.This issue affects PlexTrac: from 1.61.3 before 2.8.1.

0

Attacker Value

Unknown

CVE-2024-11838

Disclosure Date: December 13, 2024 (last updated December 18, 2024)

External Control of File Name or Path vulnerability in PlexTrac allows Local Code Inclusion through use of an undocumented API endpoint.This issue affects PlexTrac: from 1.61.3 before 2.8.1.

0

Attacker Value

Unknown

CVE-2024-11837

Disclosure Date: December 13, 2024 (last updated December 18, 2024)

Improper Neutralization of Special Elements used in an N1QL Command ('N1QL Injection') vulnerability in PlexTrac allows N1QL Injection.This issue affects PlexTrac: from 1.61.3 before 2.8.1.

0

Attacker Value

Unknown

CVE-2024-11836

Disclosure Date: December 13, 2024 (last updated December 18, 2024)

Server-Side Request Forgery (SSRF) vulnerability in PlexTrac allowing requests to internal system resources.This issue affects PlexTrac: from 1.61.3 before 2.8.1.

0

Attacker Value

Unknown

CVE-2024-11835

Disclosure Date: December 13, 2024 (last updated December 18, 2024)

Uncontrolled Resource Consumption vulnerability in PlexTrac allows WebSocket DoS.This issue affects PlexTrac: from 1.61.3 before 2.8.1.

0

Attacker Value

Unknown

CVE-2024-11834

Disclosure Date: December 13, 2024 (last updated December 18, 2024)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in PlexTrac allows arbitrary file writes.This issue affects PlexTrac: from 1.61.3 before 2.8.1.

0

Attacker Value

Unknown

CVE-2024-11833

Disclosure Date: December 13, 2024 (last updated December 18, 2024)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in PlexTrac allows arbitrary file writes.This issue affects PlexTrac: from 1.61.3 before 2.8.1.

0