Alist Vulnerabilities

This vulnerability allows low-privilege users to upload any type of file to the system, which could lead to malicious files being executed or sensitive data being exposed. It affects versions of the alist software up to 3.16.3, meaning that if you're using an older version, you should update it immediately to prevent exploitation.

This vulnerability allows attackers to access sensitive information that they shouldn't be able to see in AList version 3.15.1. It can be exploited if the attacker knows how to bypass the system's access controls, making it crucial for users to update to a patched version to protect their data.

This vulnerability allows an attacker to access files and directories on the server that should be restricted, potentially exposing sensitive information. It requires the attacker to send specially crafted requests to the Alist application, making it critical for anyone using version 3.4.0 to secure their system immediately.

This vulnerability allows an attacker to inject malicious scripts into the bulletin board feature of Alist, which could then run in the browsers of users visiting that page. To exploit this, the attacker needs to post a specially crafted message that tricks users into executing the harmful code.

This vulnerability allows an attacker with file upload permissions to upload any type of file, including potentially harmful ones, to any folder in the system, even those that are password protected. This means that if a user has the ability to upload files, they can exploit this flaw to compromise the security of the entire application.

This vulnerability allows an attacker to inject malicious scripts into the Alist application, which could then run in the browsers of users who visit the affected page. To exploit this, the attacker needs to trick users into accessing a specially crafted URL that includes the harmful code.