Lucene search
K

225 matches found

Veracode
Veracode
added 2016/12/29 2:56 a.m.8 views

Directory Traversal

aiohttp is vulnerable to directory traversal attacks. This is because it does not sanitize relative paths correctly...

6.7AI score
Exploits0
CNVD
CNVD
added 2016/09/06 12:0 a.m.4 views

plone file system information disclosure vulnerability

Plone is a free, open source Content Management System CMS. An information disclosure vulnerability exists in the plone file system. An attacker could exploit this vulnerability to read data on a target machine running plone by using relative paths and guessing the location of the Plone server...

4.9CVSS6.2AI score0.0258EPSS
Exploits2References1
FreeBSD
FreeBSD
added 2015/01/18 12:0 a.m.24 views

ha -- Directory traversals

Alexander Cherepanov reports: Version 0.999b and older of ha archiver is susceptible to directory traversal vulnerabilities via absolute and relative paths...

7.5CVSS7.6AI score0.03323EPSS
Exploits0References1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.17 views

YaBB 9.1.2000 Arbitrary File Read Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1668/info YaBB.pl, a web-based bulletin board script, stores board postings in numbered text files. The numbered file name is specified in the call to YaBB.pl in the variable num=file. Before retrieving the file, YaBB wil...

7.1AI score
Exploits0
ThreatPost
ThreatPost
added 2014/02/20 2:13 p.m.40 views

Google Fixes 28 Security Flaws in Chrome 33

Google Chrome 33 is out, and the new version of the browser includes fixes for 28 security vulnerabilities, including a number of high-severity bugs. The company paid out more than $13,000 in rewards to researchers who reported vulnerabilities that were fixed in this release. One of the...

7.5CVSS0.3AI score0.02057EPSS
Exploits1References10
securityvulns
securityvulns
added 2013/05/04 12:0 a.m.67 views

WowzaMediaServer StorageDir escape (regression)

Product: Wowza Media Server URL: http://www.wowza.com/ Description: WMS is a quite popular RTMP/HLS/HDS/RTSP streaming server Issue: In early 2009 I reported problem with processing of requests with relative paths. The issue surfaced again. In a nutshell, you can escape Applications StorageDir...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2013/04/30 12:0 a.m.30 views

WowzaMediaServer StorageDir Constraint Bypass

Product: Wowza Media Server URL: http://www.wowza.com/ Description: WMS is a quite popular RTMP/HLS/HDS/RTSP streaming server Issue: In early 2009 I reported problem with processing of requests with relative paths. The issue surfaced again. In a nutshell, you can escape Applications StorageDir...

0.2AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2012/08/01 12:0 a.m.22 views

Scientific Linux Security Update : elinks on SL4.x, SL5.x i386/x86_64

CVE-2007-2027 elinks tries to load .po files from a non-absolute path CVE-2008-7224 elinks: entitycache static array buffer overflow off-by-one An off-by-one buffer overflow flaw was discovered in the way ELinks handled its internal cache of string representations for HTML special entities. A...

7.8CVSS6.4AI score0.02835EPSS
Exploits2References3
OpenVAS
OpenVAS
added 2011/08/09 12:0 a.m.15 views

CentOS Update for elinks CESA-2009:1471 centos5 i386

Check for the Version of elinks OpenVAS Vulnerability Test CentOS Update for elinks CESA-2009:1471 centos5 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it und...

7.8CVSS0.2AI score0.02835EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2011/01/21 12:0 a.m.11 views

SuSE 10 Security Update : cvs (ZYPP Patch Number 7302)

cvs fails with 'invalid pathname' error when using relative paths. This has been fixed. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid51638; scriptversion"1.7...

7AI score
Exploits0
OpenVAS
OpenVAS
added 2009/04/09 12:0 a.m.18 views

Mandriva Update for symlinks MDVA-2008:140 (symlinks)

Check for the Version of symlinks OpenVAS Vulnerability Test Mandriva Update for symlinks MDVA-2008:140 symlinks Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

7.4AI score
Exploits0References2
OpenVAS
OpenVAS
added 2009/04/09 12:0 a.m.10 views

Mandriva Update for symlinks MDVA-2008:140 (symlinks)

Check for the Version of symlinks OpenVAS Vulnerability Test Mandriva Update for symlinks MDVA-2008:140 symlinks Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

7.4AI score
Exploits0References2
NVD
NVD
added 2009/04/08 6:30 p.m.22 views

CVE-2009-1272

The phpzipmakerelativepath function in phpzip.c in PHP 5.2.x before 5.2.9 allows context-dependent attackers to cause a denial of service crash via a ZIP file that contains filenames with relative paths, which is not properly handled during extraction...

5CVSS7.3AI score0.01965EPSS
Exploits0References10
Prion
Prion
added 2009/04/08 6:30 p.m.20 views

Input validation

The phpzipmakerelativepath function in phpzip.c in PHP 5.2.x before 5.2.9 allows context-dependent attackers to cause a denial of service crash via a ZIP file that contains filenames with relative paths, which is not properly handled during extraction...

5CVSS6.8AI score0.01965EPSS
Exploits0References10Affected Software1
Mozilla
Mozilla
added 2008/11/12 12:0 a.m.37 views

-moz-binding property bypasses security checks on codebase principals — Mozilla

Security researcher Collin Jackson reported that the -moz-binding CSS property can be used to bypass security checks which validate codebase principals. Similar to the issue reported in MFSA 2008-23, Jackson demonstrated that an attacker can replace a stylesheet in a signed JAR which uses relativ...

7.5CVSS1.8AI score0.03261EPSS
Exploits0References3Affected Software2
OpenVAS
OpenVAS
added 2008/01/17 12:0 a.m.33 views

Debian Security Advisory DSA 534-1 (mailreader)

The remote host is missing an update to mailreader announced via advisory DSA 534-1. OpenVAS Vulnerability Test $Id: deb5341.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 534-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

5CVSS0.0764EPSS
Exploits1
securityvulns
securityvulns
added 2003/10/30 12:0 a.m.31 views

kpopup multiple bugs

relative paths on system call, format string bugs, etc...

1.2AI score
Exploits0References1Affected Software1
CVE
CVE
added 2002/03/09 5:0 a.m.70 views

CVE-2001-0507

CVE-2001-0507 describes a privilege-elevation flaw in IIS 5.0 where local users can gain privileges by abusing relative path resolution to system files used to run in-process Trojan horse files. OpenVAS/NVD entries corroborate an IIS remote/content-exploitation lineage around early MS01-044 era; ...

7.2CVSS6.4AI score0.08846EPSS
Exploits0References7Affected Software1
securityvulns
securityvulns
added 2002/02/08 12:0 a.m.28 views

AtheOS: escaping from a chroot jail

------- AtheOS ------- AtheOS is a free desktop operating system under the GPL license. AtheOS currently run on Intel, AMD and other compatible processors and support the Intel Multi Processor architecture. AtheOS home page is : http://www.atheos.cx ------- Vulnerability ------- A chroot call is...

7AI score
Exploits0
securityvulns
securityvulns
added 2002/01/23 12:0 a.m.41 views

Обратный путь в директориях Comprehensive Web Programming API (directory traversal)

Метод GetRelativePath не проверяет относительные пути...

2.1AI score
Exploits0References1Affected Software1
Rows per page
Query Builder