EUVD-2023-0385

Malicious code in bioql PyPI...

Directory Traversal

www.velocidex.com/golang/velociraptor is vulnerable to Directory Traversal. The vulnerability is due to improper sanitization of the client ID parameter in the CreateCollection API, allows attackers to manipulate the input and exploit the system's file handling, thereby gaining unauthorized acces...

CVE-2023-0290

Rapid7 Velociraptor did not properly sanitize the client ID parameter to the CreateCollection API, allowing a directory traversal in where the collection task could be written. It was possible to provide a client id of "../clients/server" to schedule the collection for the server as a server...

Directory traversal

Rapid7 Velociraptor did not properly sanitize the client ID parameter to the CreateCollection API, allowing a directory traversal in where the collection task could be written. It was possible to provide a client id of "../clients/server" to schedule the collection for the server as a server...

Velocidex Velociraptor 路径遍历漏洞

Velocidex Velociraptor is a tool from Velocidex Australia that collects host-based state information using Velociraptor Query Language VQL queries. A security vulnerability exists in Velocidex Velociraptor that stems from the Rapid7 Velociraptor not properly cleaning up the client ID parameter of...