2 matches found
PT-2022-15040 · Unknown +2 · Onionshare +2
Name of the Vulnerable Software and Affected Versions: OnionShare versions 2.4 Description: The receive mode in OnionShare limits concurrent uploads to 100 per second and blocks other uploads in the same second, which can be triggered by a simple script. An adversary with access to the receive mo...
httpd: <FilesMatch> bypass with a trailing newline in the file name
In Apache httpd 2.4.0 to 2.4.29, the expression specified in could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the...