EUVD-2009-3542

Malware in sbrugna...

CVE-2021-23434

This affects the package object-path before 0.11.6. A type confusion vulnerability can lead to a bypass of CVE-2020-15256 when the path components used in the path parameter are arrays. In particular, the condition currentPath === 'proto' returns false if currentPath is 'proto'. This is because t...

CVE-2021-23434

This affects the package object-path before 0.11.6. A type confusion vulnerability can lead to a bypass of CVE-2020-15256 when the path components used in the path parameter are arrays. In particular, the condition currentPath === 'proto' returns false if currentPath is 'proto'. This is because t...

Xerver管理界面currentPath参数跨站脚本和目录遍历漏洞

BUGTRAQ ID: 36457 CVE ID: CVE-2009-3562,CVE-2009-3561 Xerver是一个免费的包括Web与FTP的服务器。 当action设置为chooseDirectory时，Xerver HTTP服务器中运行在32123端口上的管理接口没有正确地验证用户提交的currentPath参数便返回给了用户，远程攻击者可以通过提交恶意参数请求执行跨站脚本或目录遍历攻击。 Xerver 4.32 厂商补丁： Xerver ------ 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本：...

Directory traversal

Directory traversal vulnerability in Xerver HTTP Server 4.32 allows remote attackers to read arbitrary files via a full pathname with a drive letter in the currentPath parameter in a chooseDirectory action...

Cross site scripting

Cross-site scripting XSS vulnerability in Xerver HTTP Server 4.32 allows remote attackers to inject arbitrary web script or HTML via the currentPath parameter in a chooseDirectory action...

CVE-2009-3562

Cross-site scripting XSS vulnerability in Xerver HTTP Server 4.32 allows remote attackers to inject arbitrary web script or HTML via the currentPath parameter in a chooseDirectory action...

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in devalcms 1.4a allows remote attackers to inject arbitrary web script or HTML via the currentpath parameter...