115 matches found
CVE-2016-1231
Directory traversal vulnerability in the HTTP file-serving module modhttpfiles in Prosody 0.9.x before 0.9.9 allows remote attackers to read arbitrary files via a .. dot dot in an unspecified path...
CVE-2016-1231
Directory traversal vulnerability in the HTTP file-serving module modhttpfiles in Prosody 0.9.x before 0.9.9 allows remote attackers to read arbitrary files via a .. dot dot in an unspecified path...
Directory traversal
Directory traversal vulnerability in the HTTP file-serving module modhttpfiles in Prosody 0.9.x before 0.9.9 allows remote attackers to read arbitrary files via a .. dot dot in an unspecified path...
CVE-2016-1231
Directory traversal vulnerability in the HTTP file-serving module modhttpfiles in Prosody 0.9.x before 0.9.9 allows remote attackers to read arbitrary files via a .. dot dot in an unspecified path...
CVE-2016-1231
Directory traversal vulnerability in the HTTP file-serving module modhttpfiles in Prosody 0.9.x before 0.9.9 allows remote attackers to read arbitrary files via a .. dot dot in an unspecified path...
CVE-2016-1231
Directory traversal vulnerability in the HTTP file-serving module modhttpfiles in Prosody 0.9.x before 0.9.9 allows remote attackers to read arbitrary files via a .. dot dot in an unspecified path...
[SECURITY] [DSA 3439-1] prosody security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3439-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 10, 2016 https://www.debian.org/security/faq -...
Debian Security Advisory DSA 3439-1 (prosody - security update)
Two vulnerabilities were discovered in Prosody, a lightweight Jabber/XMPP server. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2016-1231 Kim Alvefur discovered a flaw in Prosody OpenVAS Vulnerability Test $Id: deb3439.nasl 6608 2017-07-07 12:05:05Z cfische...
Debian: Security Advisory (DSA-3439-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
PYSEC-2015-6
The django.views.static.serve view in Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 reads files an entire line at a time, which allows remote attackers to cause a denial of service memory consumption via a long line in a file...
UBUNTU-CVE-2015-0221
The django.views.static.serve view in Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 reads files an entire line at a time, which allows remote attackers to cause a denial of service memory consumption via a long line in a file...
MGASA-2014-0486 Updated perl-Plack package fixes security vulnerability
Plack::App::File would previously strip trailing slashes off provided paths. This in combination with the common pattern of serving files with Plack::Middleware::Static could allow an attacker to bypass a whitelist of generated files CVE-2014-5269...
SA-CONTRIB-2014-074 - Storage API - Code execution prevention
Storage API is a low-level framework for managed file storage and serving. The module creates an .htaccess file in the files directory to prevent code execution, but copied the Drupal core file and wasn't updated to include the improved file contents after SA-CORE-2013-003. This vulnerability is...
FTP File Server
This module provides a FTP service This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'FTP File Server', 'Description' = %q This module provides a FTP service , 'Author' = 'hdm', 'License' =...
Apache Httpd < 2.0.44 : Apache can serve unexpected files
On Windows platforms Apache could be forced to serve unexpected files by appending illegal characters such as '' to the request URL...