CVE-2023-39903

An issue was discovered in Fujitsu Software Infrastructure Manager ISM before 2.8.0.061. The ismsnap component in this specific case at /var/log/fujitsu/ServerViewSuite/ism/FirmwareManagement/FirmwareManagement.log allows insecure collection and storage of authorization credentials in cleartext...

Fujitsu Software Infrastructure Manager (ISM) stores sensitive information in cleartext

Overview Fujitsu Software Infrastructure Manager ISM V2.8.0.060, provided by Fujitsu Limited, stores the password for the proxy server in cleartext form to the product's maintenance data ismsnap CWE-312 under the following conditions. Using a proxy server that requires authentication in the...

GHSA-QG5V-JW6F-RPFJ SabreDAV Directory Traversal vulnerability

The HTML\Browser plugin in SabreDAV before 1.6.9, 1.7.x before 1.7.7, and 1.8.x before 1.8.5, as used in ownCloud, when running on Windows, does not properly check path separators in the base path, which allows remote attackers to read arbitrary files via a \ backslash character...

Exploit for Off-by-one Error in Sudo_Project Sudo

CVE-2021-3156 Ansible role patches CVE-2021-3156 for Cent...

Hostname spoofing via backslashes in URL

Overview URI.js is a javascript URL mutation library npm package urijs. In URI.js before version 1.19.4, the hostname can be spoofed by using a backslash \ character followed by an at @ character. If the hostname is used in security decisions, the decision may be incorrect. Depending on library...

Hostname Spoofing

urijs is vulnerable to hostname spoofing. The hostname can be spoofed by using a backslash \ character followed by an @ character, which could potentially allow an attacker to bypass authorization if the hostname is used in security decisions...

GHSA-H56M-VWXC-3QPW Directory traversal vulnerability in actionpack

Directory traversal vulnerability in actionpack/lib/actiondispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.21, 4.0.x before 4.0.12, 4.1.x before 4.1.8, and 4.2.x before 4.2.0.beta4, when servestaticassets is enabled, allows remote attackers to determine the existence o...

logrotate: DoS due improper escaping of file names within 'write state' action

The writeState function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to cause a denial of service rotation outage via a 1 \n newline or 2 \ backslash character in a log filename, as demonstrated by a filename that is automatically constructed on the basis ...

Smarty 2.6.20 php injection

2008-10-22 числа Secunia.com была найдена уязвимость в функции expandquotedtext полный текст http://secunia.com/Advisories/32329/. Разработчики попытались исправить уязвимость как видно из их кода http://smarty-php.googlecode.com/svn/trunk/libs/SmartyCompiler.class.php путем экранированием символ...

CVE-2005-1824

The sqlescapestring function in auth/sql.c for the mailutils SQL authentication module does not properly quote the "" backslash character, which is used as an escape character and makes the module vulnerable to SQL injection attacks...