CVE-2026-22860

Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, Rack::Directory’s path check used a string prefix match on the expanded path. A request like /../rootexample/ can escape the configured root if the target path starts with the root string, allowing directory...

CVE-2026-22860

Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, Rack::Directory’s path check used a string prefix match on the expanded path. A request like /../rootexample/ can escape the configured root if the target path starts with the root string, allowing directory...

CVE-2026-22860 Rack has a Directory Traversal via Rack:Directory

Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, Rack::Directory’s path check used a string prefix match on the expanded path. A request like /../rootexample/ can escape the configured root if the target path starts with the root string, allowing directory...

Rack 安全漏洞

Rack is a modular Ruby web server interface developed by the Rack open-source project. Versions of Rack prior to 2.2.22, 3.1.20, and 3.2.5 contained security vulnerabilities. These vulnerabilities stemmed from Rack::Directory’s path checking mechanism, which used string prefix matching, potential...

CVE-2022-46851

Cross-Site Request Forgery CSRF vulnerability in Brainstorm Force Starter Templates plugin = 3.1.20 versions...

WordPress plugin Starter Templates 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

.NET Core 3.1 bugfix update

.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Bug Fixes and Enhancements: Update .NET Core 3.1 to SDK 3.1.120 and Runtime 3.1.20 almalinux-8.4.0.z BZ2011821...

ALBA-2021:3817 .NET Core 3.1 bugfix update

.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Bug Fixes and Enhancements: Update .NET Core 3.1 to SDK 3.1.120 and Runtime 3.1.20 almalinux-8.4.0.z BZ2011821...

CVE-2014-3465

The gnutlsx509dnoidname function in lib/x509/common.c in GnuTLS 3.0 before 3.1.20 and 3.2.x before 3.2.10 allows remote attackers to cause a denial of service NULL pointer dereference via a crafted X.509 certificate, related to a missing LDAP description for an OID when printing the DN...

DEBIAN-CVE-2014-1695

Cross-site scripting XSS vulnerability in Open Ticket Request System OTRS 3.1.x before 3.1.20, 3.2.x before 3.2.15, and 3.3.x before 3.3.5 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML email...

Fedora 20 : gnutls-3.1.20-3.fc20 (2014-2580)

Fixed certificate verification issue CVE-2014-1959 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

Mozilla Thunderbird 3.1.x < 3.1.20 Multiple Vulnerabilities

Binary data 801378.prm...

Thunderbird 3.1.x < 3.1.20 Multiple Vulnerabilities (Mac OS X)

The installed version of Thunderbird 3.1.x is potentially affected by the following security issues : - Multiple memory corruption issues. By tricking a user into visiting a specially crafted page, these issues may allow an attacker to execute arbitrary code in the context of the affected...

Design/Logic Flaw

Use-after-free vulnerability in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote attackers to execute arbitrary code...

CVE-2003-0436

The CVE-2003-0436 issue affects mnoGoSearch 3.1.20, with a buffer overflow in search.cgi triggered by a long ul parameter that enables remote code execution with the webserver’s privileges. The Conectiva advisory Colorado 2003:711 notes this vulnerability and provides upgrade guidance to a newer ...

mnoGoSearch 3.1.20 - Remote Command Execution

mnoGoSearch 3.1.20 - Remote Command Execution !/usr/bin/perl reloaded Remote Exploit for mnoGoSearch 3.1.20 that performs remote command execution as the webserver user id for linux ix86 by pokleyzz use IO::Socket; $host = "127.0.0.1"; $cmd = "ls -la"; $searchpath = "/cgi-bin/search.cgi"; $rawret...

2021-10 .NET Core 3.1.20 Update for x64 Client (KB5007050)

2021-10 .NET Core 3.1.20 Update for x64 Client KB5007050...

2021-10 .NET Core 3.1.20 Update for x86 Client (KB5007050)

2021-10 .NET Core 3.1.20 Update for x86 Client KB5007050...