Apache Solr Inter-Node Communication Vulnerability (SOLR-10031) - Linux

When using the Index Replication feature, Apache Solr nodes can pull index files from a master/leader node using an HTTP API which accepts a file name. However, Solr did not validate the file name, hence it was possible to craft a special request involving path traversal, leaving any file readabl...

CVE-2017-3163

When using the Index Replication feature, Apache Solr nodes can pull index files from a master/leader node using an HTTP API which accepts a file name. However, Solr before 5.5.4 and 6.x before 6.4.1 did not validate the file name, hence it was possible to craft a special request involving path...

CVE-2017-3163

When using the Index Replication feature, Apache Solr nodes can pull index files from a master/leader node using an HTTP API which accepts a file name. However, Solr before 5.5.4 and 6.x before 6.4.1 did not validate the file name, hence it was possible to craft a special request involving path...

CVE-2017-3163

When using the Index Replication feature, Apache Solr nodes can pull index files from a master/leader node using an HTTP API which accepts a file name. However, Solr before 5.5.4 and 6.x before 6.4.1 did not validate the file name, hence it was possible to craft a special request involving path...

Path traversal

When using the Index Replication feature, Apache Solr nodes can pull index files from a master/leader node using an HTTP API which accepts a file name. However, Solr before 5.5.4 and 6.x before 6.4.1 did not validate the file name, hence it was possible to craft a special request involving path...

CVE-2017-3163

CVE-2017-3163 affects Apache Solr when using the Index Replication feature. The vulnerability arises because Solr did not validate the file name in the HTTP API used to pull index files from a master/leader, enabling path traversal and exposing files readable by the Solr server process. Affected ...

CVE-2017-3163

When using the Index Replication feature, Apache Solr nodes can pull index files from a master/leader node using an HTTP API which accepts a file name. However, Solr before 5.5.4 and 6.x before 6.4.1 did not validate the file name, hence it was possible to craft a special request involving path...

CVE-2017-3163

When using the Index Replication feature, Apache Solr nodes can pull index files from a master/leader node using an HTTP API which accepts a file name. However, Solr before 5.5.4 and 6.x before 6.4.1 did not validate the file name, hence it was possible to craft a special request involving path...

Debian DLA-1046-1 : lucene-solr security update

lucene-solr handler supports an HTTP API /replication?command=filecontent&file= which is vulnerable to path traversal attack. Specifically, this API does not perform any validation of the user specified filename parameter. This can allow an attacker to download any file readable to Solr server...

[SECURITY] [DLA 1046-1] lucene-solr security update

Package : lucene-solr Version : 3.6.0+dfsg-1+deb7u2 CVE ID : CVE-2017-3163 Debian Bug : 867712 lucene-solr handler supports an HTTP API /replication?command=filecontent&file=filename which is vulnerable to path traversal attack. Specifically, this API does not perform any validation of the user...

puppet-naivesigning NSE Script

Detects if naive signing is enabled on a Puppet server. This enables attackers to create any Certificate Signing Request and have it signed, allowing them to impersonate as a puppet agent. This can leak the configuration of the agents as well as any other sensitive information found in the...

CVE-2015-3297

Directory traversal vulnerability in node/utils/Minify.js in Etherpad 1.1.1 through 1.5.2 allows remote attackers to read arbitrary files by leveraging replacement of backslashes with slashes in the path parameter of HTTP API requests...

Directory traversal

Directory traversal vulnerability in node/utils/Minify.js in Etherpad 1.1.1 through 1.5.2 allows remote attackers to read arbitrary files by leveraging replacement of backslashes with slashes in the path parameter of HTTP API requests...

CVE-2015-3297

Etherpad exposes a directory traversal flaw in Minify.js (node/utils/Minify.js) affecting Etherpad versions 1.1.1–1.5.2. The root cause is unsafely constructed path handling where backslashes are replaced with slashes in the path parameter of HTTP API requests, enabling read access to arbitrary f...

CVE-2015-3297

Directory traversal vulnerability in node/utils/Minify.js in Etherpad 1.1.1 through 1.5.2 allows remote attackers to read arbitrary files by leveraging replacement of backslashes with slashes in the path parameter of HTTP API requests...

Directory Traversal

Apache Solr is vulnerable to directory traversal attacks. The vulnerability exists because a replication handler provided by Apache Solr supports an HTTP API which does not validate the user supplied filename parameter. Therefore, attackers can pull index files from a master/leader node using thi...

Apache CouchDB 2.0.0 - Local Privilege Escalation Vulnerability

Exploit for windows platform in category local exploits + Credits: John Page aka hyp3rlinx Vendor: ================== couchdb.apache.org Product: ============== CouchDB v2.0.0 Apache CouchDB is open source database software that focuses on ease of use and having an architecture. It has a...

Toxy - Hackable Http Proxy To Simulate Server Failure Scenarios And Network Conditions

Toxy is a fully programmatic and hackable HTTP proxy to simulate server failure scenarios and unexpected network conditions , built for node.js / io.js . It was mainly designed for fuzzing/evil testing purposes, when toxy becomes particularly useful to cover fault tolerance and resiliency...

VMware NSX Detection (HTTP-API)

HTTP-API based detection of VMware NSX. Copyright C 2015 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute ...

Two Instagram Android App Security Vulnerabilities

Affected app: Instagram for Android Affected versions: 4.0.2 and 4.1.2, probably also earlier versions as well as iOS affected. Summary After the Instagram iOS vulnerability discovered last year 1, the app's HTTP API has been extended with a cryptographic authentication for changes like "likes" a...