CVE-2024-52793 XSS vulnerability in serveDir API of @std/http/file-server on POSIX systems

The Deno Standard Library provides APIs for Deno and the Web. Prior to version 1.0.11, http/file-server's serveDir with showDirListing: true option is vulnerable to cross-site scripting when the attacker is a user who can control file names in the source directory on systems with POSIX file names...

CVE-2024-52793 XSS vulnerability in serveDir API of @std/http/file-server on POSIX systems

The Deno Standard Library provides APIs for Deno and the Web. Prior to version 1.0.11, http/file-server's serveDir with showDirListing: true option is vulnerable to cross-site scripting when the attacker is a user who can control file names in the source directory on systems with POSIX file names...

HP Web JetAdmin 6.5 Server Arbitrary Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HP Web JetAdmin 6.5 Server Arbitrary Command Execution', 'Description' = %q This module abuses a command execution vulnerability within the web...

CVE-2023-30571

A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archivewritediskheader on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can...

Debian DSA-5008-1 : node-tar - security update

The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-5008 advisory. It was discovered that the symlink extraction protections in node-tar, a Tar archives module for Node.js could by bypassed; allowing a malicious Tar archive to...

Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links

Impact Arbitrary File Creation, Arbitrary File Overwrite, Arbitrary Code Execution node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symlinks. Additionally, in...

CVE-2021-37701

The npm package "tar" aka node-tar before versions 4.4.16, 5.0.8, and 6.1.7 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieve...

Duplicate numbering

Freyrscada IEC-60879-5-104 Server Simulator is a software from Freyrscada India for simulating communication between IEDs and RTUs over TCP. The software is written in C for all POSIX compliant operating systems and supports single server simulation with multiple workstations. "Obsolete" Do not u...

Host Based Intrusion Detection System: Samhain

The Samhain host-based intrusion detection system HIDS provides file integrity checking and log file monitoring/analysis, as well as rootkit detection, port monitoring, detection of rogue SUID executables, and hidden processes. samhain is a file and host integrity and intrusion alert system...

[SAMHAIN 3.0.9] File Integrity Checker / Host-Based Intrusion Detection System

The Samhain host-based intrusion detection system HIDS provides file integrity checking and log file monitoring/analysis , as well as rootkit detection, port monitoring, detection of rogue SUID executables, and hidden processes. Samhain been designed to monitor multiple hosts with potentially...

Weborf 0.12.4 Denial Of Service

Discussion - DcLabs Security Research Group advises about the following vulnerabilityies: Software - Weborf-0.12.4 Denial-of-Service Vendor Product Description - Weborf is a lightweight webserver designed to rapidly share directories. Runs on POSIX systems. - Source:...

Pulseaudio 0.9.5 (rev 1437) termination

Luigi Auriemma Application: PulseAudio http://www.pulseaudio.org Versions: 0.9.5 svn 1437 Platforms: POSIX and Win32 Bugs: termination of the server through failed assert Exploitation: local and remote Date: 29 Mar 2007 Author: Luigi Auriemma e-mail: [email protected] web: aluigi.org 1...

[UNIX] Wu-FTPd SKEY Stack Overflow Vulnerability

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

RUS-CERT Advisory 2002-02:01: Temporary file handling in GNAT

RUS-CERT Advisory 2002-02:01: Temporary file handling in GNAT The run-time library of the GNU Ada compiler GNAT handles temporary files in an unsafe manner. Systems Affected All POSIX multi-user systems running GNAT-compiled binaries which use Ada language facilities for creating temporary files...