8 matches found
GHSA-4C3C-R6P8-C863 Flawfinder output manipulation via untrusted filenames and source text
Impact This vulnerability is an improper input neutralization issue leading to output manipulation, specifically, Terminal/ANSI Escape Sequence Injection and XML Injection: Terminal Output Spoofing: A malicious file whose name contains ANSI escape sequences can end up being included in flawfinder...
GHSA-5RQ4-664W-9X2C Basic FTP has Path Traversal Vulnerability in its downloadToDir() method
The basic-ftp library contains a path traversal vulnerability in the downloadToDir method. A malicious FTP server can send directory listings with filenames containing path traversal sequences ../ that cause files to be written outside the intended download directory. Source-to-Sink Flow 1. SOURC...
Linux Distros Unpatched Vulnerability : CVE-2021-21289
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mechanize is an open-source ruby library that makes automated web interaction easy. In Mechanize from version 2.0.0 and before version 2.7.7 there is a command...
httpd: mod_negotiation XSS via untrusted file names in directories with MultiViews enabled
Multiple cross-site scripting XSS vulnerabilities in the makevariantlist function in modnegotiation.c in the modnegotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted...
httpd: mod_negotiation XSS via untrusted file names in directories with MultiViews enabled
Multiple cross-site scripting XSS vulnerabilities in the makevariantlist function in modnegotiation.c in the modnegotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted...
httpd: mod_negotiation XSS via untrusted file names in directories with MultiViews enabled
Multiple cross-site scripting XSS vulnerabilities in the makevariantlist function in modnegotiation.c in the modnegotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted...
httpd: mod_negotiation XSS via untrusted file names in directories with MultiViews enabled
Multiple cross-site scripting XSS vulnerabilities in the makevariantlist function in modnegotiation.c in the modnegotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted...
[SA12375] GNU a2ps Command Injection Vulnerability
TITLE: GNU a2ps Command Injection Vulnerability SECUNIA ADVISORY ID: SA12375 VERIFY ADVISORY: http://secunia.com/advisories/12375/ CRITICAL: Less critical IMPACT: Privilege escalation WHERE: Local system SOFTWARE: GNU a2ps 4.x http://secunia.com/product/3837/ DESCRIPTION: Rudolf Polzer has...