Lucene search
K

548 matches found

Prion
Prion
added 2010/09/21 8:0 p.m.23 views

Design/Logic Flaw

The upload module in Drupal 5.x before 5.23 and 6.x before 6.18 does not properly support case-insensitive filename handling in a database configuration, which allows remote authenticated users to bypass the intended restrictions on downloading a file by uploading a different file with a similar...

5.5CVSS6.7AI score0.0159EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2009/06/22 7:30 p.m.3 views

CVE-2009-2161

Directory traversal vulnerability in backend/admin-functions.php in TorrentTrader Classic 1.09, when used on a case-insensitive web site, allows remote attackers to include and execute arbitrary local files via a .. dot dot in the ssuri parameter, in conjunction with a modified component name...

5.1CVSS5.7AI score0.02427EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2008/10/07 12:0 a.m.35 views

Debian DSA-1645-1 : lighttpd - various

Several local/remote vulnerabilities have been discovered in lighttpd, a fast webserver with minimal memory footprint. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-4298 A memory leak in the httprequestparse function could be used by remote...

7.5CVSS7.2AI score0.04345EPSS
Exploits2References7
Debian
Debian
added 2008/10/06 5:29 p.m.28 views

[SECURITY] [DSA-1645-1] New lighttpd packages fix various problems

------------------------------------------------------------------------ Debian Security Advisory DSA-1645-1 [email protected] http://www.debian.org/security/ Steve Kemp October 06, 2008 http://www.debian.org/security/faq -...

7.5CVSS6.9AI score0.04345EPSS
Exploits2
securityvulns
securityvulns
added 2008/10/06 12:0 a.m.68 views

[SECURITY] [DSA-1645-1] New lighttpd packages fix various problems

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1645-1 [email protected] http://www.debian.org/security/ Steve Kemp October 06, 2008 http://www.debian.org/security/faq -...

7.8CVSS0.04345EPSS
Exploits2
OSV
OSV
added 2008/10/06 12:0 a.m.36 views

DSA-1645-1 lighttpd - various problems

Bulletin has no description...

7.5CVSS7.4AI score0.04345EPSS
Exploits2
OSV
OSV
added 2008/10/03 5:41 p.m.4 views

DEBIAN-CVE-2008-4360

moduserdir in lighttpd before 1.4.20, when a case-insensitive operating system or filesystem is used, performs case-sensitive comparisons on filename components in configuration options, which might allow remote attackers to bypass intended access restrictions, as demonstrated by a request for a...

7.5CVSS7AI score0.04345EPSS
Exploits1References1
OSV
OSV
added 2008/10/03 5:41 p.m.8 views

CVE-2008-4360

moduserdir in lighttpd before 1.4.20, when a case-insensitive operating system or filesystem is used, performs case-sensitive comparisons on filename components in configuration options, which might allow remote attackers to bypass intended access restrictions, as demonstrated by a request for a...

6.5AI score
Exploits0References30
UbuntuCve
UbuntuCve
added 2008/10/03 5:41 p.m.28 views

CVE-2008-4360

moduserdir in lighttpd before 1.4.20, when a case-insensitive operating system or filesystem is used, performs case-sensitive comparisons on filename components in configuration options, which might allow remote attackers to bypass intended access restrictions, as demonstrated by a request for a...

7.5CVSS5.9AI score0.04345EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2008/09/29 12:0 a.m.32 views

FreeBSD : lighttpd -- multiple vulnerabilities (fb911e31-8ceb-11dd-bb29-000c6e274733)

Lighttpd seurity announcement : lighttpd 1.4.19, and possibly other versions before 1.5.0, does not decode the url before matching against rewrite and redirect patterns, which allows attackers to bypass rewrites rules. this can be a security problem in certain configurations if these rules are us...

7.5CVSS7.3AI score0.04345EPSS
Exploits2References7
FreeBSD
FreeBSD
added 2008/09/26 12:0 a.m.29 views

lighttpd -- multiple vulnerabilities

Lighttpd seurity annoucement: lighttpd 1.4.19, and possibly other versions before 1.5.0, does not decode the url before matching against rewrite and redirect patterns, which allows attackers to bypass rewrites rules. this can be a security problem in certain configurations if these rules are used...

6.4AI score
Exploits0References3
seebug.org
seebug.org
added 2008/03/07 12:0 a.m.77 views

Ruby 1.8.6 (Webrick Httpd 1.3.1) Directory Traversal Vulnerability

No description provided by source. ------------------------------------------------------------------------------------ Digital Security Research Group DSecRG Advisory DSECRG-08-018...

7.1AI score
Exploits0
RubySec
RubySec
added 2008/03/04 12:0 a.m.5 views

Directory traversal vulnerability in WEBrick

Directory traversal vulnerability in WEBrick when running on systems that support backslash path separators or case-insensitive file names, allows remote attackers to access arbitrary files via 1 "..%5c" encoded backslash sequences or 2 filenames that match patterns in the :NondisclosureName opti...

5CVSS5.6AI score0.18163EPSS
Exploits1References1Affected Software1
Atlassian
Atlassian
added 2008/02/07 6:4 a.m.17 views

Trusted authentication doesn't work for Confluence users with uppercase usernames

Trying to use the trusted authentication feature of the Jiraissues macro doesn't work when a user's username is uppercase. JIRA shows the following in its log: quote 2008-01-23 13:59:48,104 INFO STDOUT 2008-01-23 13:59:48,104 ajp-0.0.0.0-6103-8 WARN atlassian.seraph.filter.TrustedApplicationsFilt...

2.7AI score
Exploits0Affected Software1
Debian CVE
Debian CVE
added 2006/08/14 8:0 p.m.41 views

CVE-2006-4110

Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase or alternate case characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems...

4.3CVSS6.5AI score0.37365EPSS
Exploits1
Prion
Prion
added 2006/03/12 9:2 p.m.17 views

Design/Logic Flaw

Monotone 0.25 and earlier, when a user creates a file in a directory called "mt", and when checking out that file on a case-insensitive file system such as Windows or Mac OS X, places the file into the "MT" bookkeeping directory, which could allow context-dependent attackers to execute arbitrary...

3.7CVSS7.7AI score0.00312EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2006/03/12 9:2 p.m.17 views

CVE-2006-1166

Monotone 0.25 and earlier, when a user creates a file in a directory called "mt", and when checking out that file on a case-insensitive file system such as Windows or Mac OS X, places the file into the "MT" bookkeeping directory, which could allow context-dependent attackers to execute arbitrary...

3.7CVSS7.2AI score0.00312EPSS
Exploits0References5
Cvelist
Cvelist
added 2006/03/12 9:0 p.m.22 views

CVE-2006-1166

Monotone 0.25 and earlier, when a user creates a file in a directory called "mt", and when checking out that file on a case-insensitive file system such as Windows or Mac OS X, places the file into the "MT" bookkeeping directory, which could allow context-dependent attackers to execute arbitrary...

7.2AI score0.00312EPSS
Exploits0References5
NVD
NVD
added 2006/02/18 2:2 a.m.10 views

CVE-2006-0760

LightTPD 1.4.8 and earlier, when the web root is on a case-insensitive filesystem, allows remote attackers to bypass URL checks and obtain sensitive information via file extensions with unexpected capitalization, as demonstrated by a request for index.PHP when the configuration invokes the PHP...

2.6CVSS6.5AI score0.02236EPSS
Exploits0References6
Prion
Prion
added 2006/02/18 2:2 a.m.15 views

Design/Logic Flaw

LightTPD 1.4.8 and earlier, when the web root is on a case-insensitive filesystem, allows remote attackers to bypass URL checks and obtain sensitive information via file extensions with unexpected capitalization, as demonstrated by a request for index.PHP when the configuration invokes the PHP...

2.6CVSS7AI score0.02236EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder