180 matches found
Directory traversal
The Sympa Community Sympa version prior to version 6.2.32 contains a Directory Traversal vulnerability in wwsympa.fcgi template editing function that can result in Possibility to create or modify files on the server filesystem. This attack appear to be exploitable via HTTP GET/POST request. This...
CVE-2018-1000550
The Sympa Community Sympa version prior to version 6.2.32 contains a Directory Traversal vulnerability in wwsympa.fcgi template editing function that can result in Possibility to create or modify files on the server filesystem. This attack appear to be exploitable via HTTP GET/POST request. This...
CVE-2017-16213
mfrserver is a simple file server. mfrserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url...
CVE-2017-16215
sgqserve is a simple file server. sgqserve is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url...
CVE-2017-16196
quickserver is a simple static file server. quickserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url...
CVE-2017-16183
iter-server is a static file server. iter-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url...
CVE-2017-16123
welcomyzt is a simple file server. welcomyzt is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url...
Directory traversal
jnjjserver is a static file server. jnjjserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url...
CVE-2017-16182
serverxxx is a static file server. serverxxx is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url...
CVE-2017-16197
qinserve is a static file server. qinserve is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url...
Root Path Disclosure in send
Versions of send prior to 0.11.2 are affected by an information leakage vulnerability which may allow an attacker to enumerate paths on the server filesystem. Recommendation Update to version 0.11.1 or later...
Opentext Documentum Content Server File Hijack / Privilege Escalation
!/usr/bin/env python Opentext Documentum Content Server formerly known as EMC Documentum Content Server does not properly validate input of PUTFILE RPC-command which allows any authenticated user to hijack arbitrary file from Content Server filesystem, because some files on Content Server...
[ MDVSA-2015:051 ] sympa
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:051 http://www.mandriva.com/en/support/security/ Package : sympa Date : March 3, 2015 Affected: Business Server 1.0 Problem Description: Updated sympa packages fix security vulnerability: A vulnerability hav...
Updated sympa packages fix CVE-2015-1306
Updated sympa packages fix security vulnerability: A vulnerability have been discovered in Sympa web interface that allows access to files on the server filesystem. This breach allows to send to a list or a user any file readable by the Sympa user, located on the server filesystem, using the Symp...
[SECURITY] [DLA 148-1] sympa security update
Package : sympa Version : 6.0.1+dfsg-4+squeeze3 CVE ID : CVE-2015-1306 A vulnerability has been discovered in the web interface of sympa, a mailing list manager. An attacker could take advantage of this flaw in the newsletter posting area, which allows sending to a list, or to oneself, any file...
Debian DSA-3134-1 : sympa - security update
A vulnerability has been discovered in the web interface of sympa, a mailing list manager. An attacker could take advantage of this flaw in the newsletter posting area, which allows sending to a list, or to oneself, any file located on the server filesystem and readable by the sympa user...
DSA-3134-1 sympa - security update
Bulletin has no description...
Cobalt RaQ 2.0/3.0/4.0 XTR MultiFileUpload.php Authentication Bypass Vulnerability (1)
No description provided by source. source: http://www.securityfocus.com/bid/4252/info Cobalt RaQ is a server appliance for Internet-based services. It is distributed and maintained by Sun Microsystems. The 'MultiFileUpload.php' script is not sufficiently protected from outside access. While other...
vTiger CRM 5.4.06.0 RC6.0.0 GA - browse.php Local File Inclusion
vTiger CRM 5.4.06.0 RC6.0.0 GA - browse.php Local File Inclusion CVE: CVE-2014-1222 Vendor: Vtiger Product: CRM Affected version: Vtiger 5.4.0, 6.0 RC & 6.0.0 GA Fixed version: Vtiger 6.0.0 Security patch 1 Reported by: Jerzy Kramarz Details: A local file inclusion vulnerability was discovered in...
Platinum FTP server Multiple Vulnerabilities
Binary data 1825.prm...