Node.js third-party modules: [bruteser] Path Traversal allows to read content of arbitrary file

I would like to report Path Traversal in bruteser module. It allows to read content of any arbitrary file from the server where bruteser is installed and run. Module module name: bruteser version: 0.0.2 npm page: https://www.npmjs.com/package/bruteser Module Description BruteSer - server can be...

Node.js third-party modules: [m-server] Path Traversal allows to display content of arbitrary file(s) from the server

I would like to report Path Traversal in m-server module. It allows to read content of any arbitrary file from the server where m-server is installed and run. Module module name: m-server version: 1.4.0 npm page: https://www.npmjs.com/package/m-server Module Description M-Server is a mini http...

Node.js third-party modules: [general-file-server] Path Traversal vulnerability allows to read content on arbitrary file on the server

Hi Guys, There is Path Traversal in general-file-server module. It allows to read content of arbitrary files on the remote server. Module general-file-server This is a general file server made by nodejs. It will be easy for you to access the files on the server through the browser...

Fedora 23 : mingw-curl-7.47.0-1.fc23 (2016-55137a3adb)

Update to 7.47.0 which fixes various CVE's Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEV...

CVE-2016-0754

cURL before 7.47.0 on Windows allows attackers to write to arbitrary files in the current working directory on a different drive via a colon in a remote file name...

UBUNTU-CVE-2016-0755

The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015...