CVE-2018-8727

Path Traversal in Gateway in Mirasys DVMS Workstation 5.12.6 and earlier allows an attacker to traverse the file system to access files or directories via the Web Client webserver...

CVE-2018-8727

CVE-2018-8727 affects Mirasys DVMS Workstation ≤ 5.12.6. The vulnerability is a path traversal/local file inclusion in the Gateway’s Web Client webserver, allowing an attacker to traverse the file system and access sensitive files. Impact and details are confirmed by multiple connected sources (L...

WebRTC - VP9 Missing Frame Processing Out-of-Bounds Memory Access

WebRTC - VP9 Missing Frame Processing Out-of-Bounds Memory Access There is a missing check in VP9 frame processing that could lead to memory corruption. In the file videocoding/rtpframereferencefinder.cc, the function RtpFrameReferenceFinder::MissingRequiredFrameVp9 contains the following code:...

CVE-2017-16150

wanggoujing123 is a simple webserver. wanggoujing123 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url...

CVE-2017-16150

wanggoujing123 is a simple webserver. wanggoujing123 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url...

CVE-2017-16085

tinyserver2 is a webserver for static files. tinyserver2 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL...

Directory traversal

wanggoujing123 is a simple webserver. wanggoujing123 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url...

CVE-2017-16085

tinyserver2 is a webserver for static files. tinyserver2 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL...

CVE-2017-16150

CVE-2017-16150 affects the simple webserver package wangguojing123, which exposes a directory traversal vulnerability. An attacker can place ../ in the URL to access files outside the intended root, potentially exposing private filesystem data. The connected advisories (GHSA-XPQW-FQPW-35FC and OS...

CVE-2017-16150

wanggoujing123 is a simple webserver. wanggoujing123 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url...

CVE-2017-16085

CVE-2017-16085 affects the tinyserver2 static-file webserver. The vulnerability is a directory traversal flaw exposed by requests that use path components like "../../" in the URL, allowing an attacker to access files outside the intended document root. Impact is partial confidentiality (filesyst...

CVE-2017-16025

Nes is a websocket extension library for hapi. Hapi is a webserver framework. Versions below and including 6.4.0 have a denial of service vulnerability via an invalid Cookie header. This is only present when websocket authentication is set to cookie. Submitting an invalid cookie on the websocket...

CVE-2017-16025

Nes is a websocket extension library for hapi. Hapi is a webserver framework. Versions below and including 6.4.0 have a denial of service vulnerability via an invalid Cookie header. This is only present when websocket authentication is set to cookie. Submitting an invalid cookie on the websocket...

CVE-2018-7526

In TotalAlert Web Application in BeaconMedaes Scroll Medical Air Systems prior to v4107600010.23, by accessing a specific uniform resource locator URL on the webserver, a malicious user may be able to access information in the application without authenticating...

CVE-2018-7526

In TotalAlert Web Application in BeaconMedaes Scroll Medical Air Systems prior to v4107600010.23, by accessing a specific uniform resource locator URL on the webserver, a malicious user may be able to access information in the application without authenticating...

Code injection

An issue was discovered in Joomla! Core before 3.8.8. Depending on the server configuration, PHAR files might be handled as executable PHP scripts by the webserver...

CVE-2018-11322

An issue was discovered in Joomla! Core before 3.8.8. Depending on the server configuration, PHAR files might be handled as executable PHP scripts by the webserver...

CVE-2018-11322

An issue was discovered in Joomla! Core before 3.8.8. Depending on the server configuration, PHAR files might be handled as executable PHP scripts by the webserver...

CVE-2018-11322

An issue was discovered in Joomla! Core before 3.8.8. Depending on the server configuration, PHAR files might be handled as executable PHP scripts by the webserver...

CVE-2018-11322

CVE-2018-11322 relates to Joomla! Core up to version 3.8.7 where PHAR files can be treated by the webserver as executable PHP scripts depending on server configuration. Connected sources confirm Joomla! 3.x line variants (up to 3.8.7) are affected by multiple vulnerabilities, including issues aro...