544 matches found
CVE-2022-3438 Open Redirect in ikus060/rdiffweb
Open Redirect in GitHub repository ikus060/rdiffweb prior to 2.5.0a4...
Information Disclosure
rdiffweb is vulnerable to Information Disclosure. The vulnerability is due to not having a rate limit on the password change feature which allows an attacker to bruteforce the existing password and set a new password...
Path Traversal
rdiffweb is vulnerable to path traversal. The vulnerability exists in dispatch.py due to improper access restrictions allowing an attacker to traverse the file system accessing files or directories that are outside of the restricted directory on the remote server...
GHSA-HRRM-895H-XH34 rdiffweb Path Traversal vulnerability
rdiffweb prior to 2.4.10 is vulnerable to Path Traversal. Version 2.4.10 contains a patch...
GHSA-7WR6-FJ4X-893V rdiffweb allows a new password to be the same as the previous password
rdiffweb prior to 2.5.0a4 allows users to set their new password to be the same as the old password during a password reset. Version 2.5.0a4 enforces a password policy in which a new password cannot be the same as the old one...
rdiffweb Path Traversal vulnerability
rdiffweb prior to 2.4.10 is vulnerable to Path Traversal. Version 2.4.10 contains a patch...
rdiffweb allows a new password to be the same as the previous password
rdiffweb prior to 2.5.0a4 allows users to set their new password to be the same as the old password during a password reset. Version 2.5.0a4 enforces a password policy in which a new password cannot be the same as the old one...
rdiffweb does not have a rate limit on incorrect password attempts to prevent brute force attacks
rdiffweb prior to 2.5.0a4 does not have a rate limit to prevent attackers attempting brute force attacks to guess passwords. Version 2.5.0a4 limits the number of incorrect password attempts...
GHSA-9G3V-V24Q-JJ5P rdiffweb does not have a rate limit on incorrect password attempts to prevent brute force attacks
rdiffweb prior to 2.5.0a4 does not have a rate limit to prevent attackers attempting brute force attacks to guess passwords. Version 2.5.0a4 limits the number of incorrect password attempts...
CVE-2022-3389
Path Traversal in GitHub repository ikus060/rdiffweb prior to 2.4.10...
CVE-2022-3389
Path Traversal in GitHub repository ikus060/rdiffweb prior to 2.4.10...
CVE-2022-3376
Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.5.0a4...
CVE-2022-3273
Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a4...
CVE-2022-3273
Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a4...
PYSEC-2022-43157
Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.5.0a4...
PYSEC-2022-302
Path Traversal in GitHub repository ikus060/rdiffweb prior to 2.4.10...
PYSEC-2022-43157
Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.5.0a4...
PYSEC-2022-43156
Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a4...
Path traversal
Path Traversal in GitHub repository ikus060/rdiffweb prior to 2.4.10...
PYSEC-2022-302
Path Traversal in GitHub repository ikus060/rdiffweb prior to 2.4.10...