232 matches found
Directory Traversal
shit-server is vulnerable to directory traversal attacks. This is possible by requesting a URL such as /..%2f..%2fetc/passwd to get sensitive information...
Directory Traversal
tmock is vulnerable to directory traversal attacks. This attack is possible by requesting a url such as /..%2f..%2fetc/passwd to get sensitive information...
Directory Traversal
mockserve is vulnerable to directory traversal attacks. It is possible by requesting a URL such as /..%2f..%2fetc/passwd to get sensitive information...
Directory Traversal
hftp is vulnerable to directory traversal attacks. These attacks are possible by requesting a url such as /..%2f..%2fetc/passwd to get sensitive information...
CVE-2017-1279
IBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system. IBM X-Force ID: 124757...
Design/Logic Flaw
IBM Sterling File Gateway 2.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system. IBM X-Force ID: 131288...
CVE-2017-1577
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system. IBM X-Force ID: 132117...
CVE-2017-1577
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system. IBM X-Force ID: 132117...
CVE-2017-14001
An Improper Neutralization of Special Elements used in an OS Command issue was discovered in Digium Asterisk GUI 2.1.0 and prior. An OS command injection vulnerability has been identified that may allow the execution of arbitrary code on the system through the inclusion of OS commands in the URL...
Directory Traversal
koa-static-cache is vulnerable to directory traversal attacks. The library does not check the path of the URL request, allowing attackers to use %2E%2E/ in its URL request to access any files from the server. This attack can only be executed if the application is in dynamic mode...
CVE-2016-9976
IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL request, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-Force ID: 120252...
Path Traversal
list-n-stream is vulnerable to path traversal attacks. The vulnerability is possible because it fails to sanitize the URL request and prevent access to sensitive files and data on the server. Attackers can leak passwords if they request the /api/v1/fs/..%2f..%2fetc/passwd URL...
Double free
An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. A specially crafted URL request sent to the SoftCMS ASP Webserver can cause a double free condition on the server allowing an attacker to modify memory locations and possibly cause a denial of service or the execution of...
Design/Logic Flaw
IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing dot dot sequences /../ to view arbitrary files on the system...
CVE-2016-10138
An issue was discovered on BLU Advance 5.0 and BLU R1 HD devices with Shanghai Adups software. The com.adups.fota.sysoper app is installed as a system app and cannot be disabled by the user. In the com.adups.fota.sysoper app's AndroidManifest.xml file, it sets the android:sharedUserId attribute t...
CVE-2016-5162
The CVE-2016-5162 entry describes a Chrome vulnerability in the AllowCrossRendererResourceLoad function (extensions/browser/url_request_util.cc) where the web_accessible_resources manifest field was not correctly restricting IFRAME usage. Affects Google Chrome prior to 53.0.2785.89 (Windows/OS X)...
GeoVision (GeoHttpServer) Webcams - Remote File Disclosure
!/usr/bin/python import os import sys import socket import binascii ''' Title : GeoVision GeoHttpServer WebCams Remote File Disclosure Exploit CVE-ID : none Product : GeoVision System : GeoHttpServer Affected : 8.3.3.0 may be more Impact : Critical Remote : Yes Website link:...
Information disclosure
The log viewer in IBM Workload Deployer 3.1 before 3.1.0.7 allows remote attackers to obtain sensitive information via a direct request for the URL of a log document...
The vulnerability of Google Chrome browser allows a malicious intruder to gain access to protected information.
The vulnerability of Google Chrome’s URLRequest::GetHSTSRedirect function in urlrequest/urlrequest.cc lies in the absence of replacing the ws scheme with wss when using the HSTS policy a mechanism for enforcing HTTPS use. As a result, attackers who monitor traffic can gain access to protected...
Google Chrome 'URLRequest::GetHSTSRedirect' Information Disclosure Vulnerability
Google Chrome is a web browsing tool developed by Google. A security vulnerability exists in the 'URLRequest::GetHSTSRedirect' function in the urlrequest/urlrequest.cc file in versions of Google Chrome prior to 42.0.2311.90, which stems from a program that failed to replace the ws scheme with the...