Lucene search
+L

4 matches found

OSV
OSV
added 2026/06/29 11:50 a.m.7 views

PYSEC-2026-265 NASA AMMOS Instrument Toolkit: Path traversal resulting in arbitrary file append (can be triggered over the network by unauthenticated attacker)

Summary The Binary Stream Capture BSC component exposes an unauthenticated HTTP API for dynamically creating packet capture “handlers.” Because the code blindly trusts path‑related form fields, a remote client can: - Bypass the configured log root and direct BSC to log to arbitrary filesystem...

9.1CVSS6.1AI score0.00163EPSS
Exploits0References7
OSV
OSV
added 2026/06/05 6:11 p.m.15 views

GHSA-P462-PRXW-MJX4 NASA AMMOS Instrument Toolkit: Path traversal resulting in arbitrary file append (can be triggered over the network by unauthenticated attacker)

Summary The Binary Stream Capture BSC component exposes an unauthenticated HTTP API for dynamically creating packet capture “handlers.” Because the code blindly trusts path‑related form fields, a remote client can: - Bypass the configured log root and direct BSC to log to arbitrary filesystem...

9.1CVSS6AI score0.00163EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/06/05 6:11 p.m.18 views

NASA AMMOS Instrument Toolkit: Path traversal resulting in arbitrary file append (can be triggered over the network by unauthenticated attacker)

Summary The Binary Stream Capture BSC component exposes an unauthenticated HTTP API for dynamically creating packet capture “handlers.” Because the code blindly trusts path‑related form fields, a remote client can: - Bypass the configured log root and direct BSC to log to arbitrary filesystem...

6AI score0.00163EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.21 views

PT-2026-47089

Name of the Vulnerable Software and Affected Versions AIT-Core versions prior to 3.1.1 AIT-Core versions 2.x prior to 2.6.1 Description The Binary Stream Capture BSC component features an unauthenticated HTTP API for creating packet capture handlers. The system blindly trusts path-related form...

9.1CVSS6AI score0.00163EPSS
Exploits0References9
Rows per page
Query Builder