Lucene search
+L

115 matches found

nvd
nvd
added 2016/01/12 8:59 p.m.16 views

CVE-2016-1231

Directory traversal vulnerability in the HTTP file-serving module modhttpfiles in Prosody 0.9.x before 0.9.9 allows remote attackers to read arbitrary files via a .. dot dot in an unspecified path...

5.9CVSS6.5AI score0.02867EPSS
Exploits0References7
osv
osv
added 2016/01/12 8:59 p.m.7 views

CVE-2016-1231

Directory traversal vulnerability in the HTTP file-serving module modhttpfiles in Prosody 0.9.x before 0.9.9 allows remote attackers to read arbitrary files via a .. dot dot in an unspecified path...

5.9CVSS7.4AI score
Exploits0References7
prion
prion
added 2016/01/12 8:59 p.m.21 views

Directory traversal

Directory traversal vulnerability in the HTTP file-serving module modhttpfiles in Prosody 0.9.x before 0.9.9 allows remote attackers to read arbitrary files via a .. dot dot in an unspecified path...

4.3CVSS7AI score0.02867EPSS
Exploits0References7Affected Software3
ubuntucve
ubuntucve
added 2016/01/12 8:59 p.m.27 views

CVE-2016-1231

Directory traversal vulnerability in the HTTP file-serving module modhttpfiles in Prosody 0.9.x before 0.9.9 allows remote attackers to read arbitrary files via a .. dot dot in an unspecified path...

5.9CVSS7AI score0.02867EPSS
Exploits0References2
debiancve
debiancve
added 2016/01/12 8:0 p.m.40 views

CVE-2016-1231

Directory traversal vulnerability in the HTTP file-serving module modhttpfiles in Prosody 0.9.x before 0.9.9 allows remote attackers to read arbitrary files via a .. dot dot in an unspecified path...

5.9CVSS6.4AI score0.02867EPSS
Exploits0
cvelist
cvelist
added 2016/01/12 8:0 p.m.30 views

CVE-2016-1231

Directory traversal vulnerability in the HTTP file-serving module modhttpfiles in Prosody 0.9.x before 0.9.9 allows remote attackers to read arbitrary files via a .. dot dot in an unspecified path...

6.4AI score0.02867EPSS
Exploits0References7
debian
debian
added 2016/01/10 10:7 a.m.51 views

[SECURITY] [DSA 3439-1] prosody security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3439-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 10, 2016 https://www.debian.org/security/faq -...

7.5CVSS7.5AI score0.02867EPSS
Exploits0
openvas
openvas
added 2016/01/10 12:0 a.m.32 views

Debian Security Advisory DSA 3439-1 (prosody - security update)

Two vulnerabilities were discovered in Prosody, a lightweight Jabber/XMPP server. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2016-1231 Kim Alvefur discovered a flaw in Prosody OpenVAS Vulnerability Test $Id: deb3439.nasl 6608 2017-07-07 12:05:05Z cfische...

5CVSS0.02867EPSS
Exploits0References1
openvas
openvas
added 2016/01/09 12:0 a.m.31 views

Debian: Security Advisory (DSA-3439-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.3AI score0.02867EPSS
Exploits0References3
pypa
pypa
added 2015/01/16 4:59 p.m.6 views

PYSEC-2015-6

The django.views.static.serve view in Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 reads files an entire line at a time, which allows remote attackers to cause a denial of service memory consumption via a long line in a file...

5CVSS6.8AI score0.04334EPSS
Exploits1References14Affected Software1
osv
osv
added 2015/01/13 12:0 a.m.2 views

UBUNTU-CVE-2015-0221

The django.views.static.serve view in Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 reads files an entire line at a time, which allows remote attackers to cause a denial of service memory consumption via a long line in a file...

5CVSS5.8AI score0.04334EPSS
Exploits1References4
osv
osv
added 2014/11/26 10:14 a.m.9 views

MGASA-2014-0486 Updated perl-Plack package fixes security vulnerability

Plack::App::File would previously strip trailing slashes off provided paths. This in combination with the common pattern of serving files with Plack::Middleware::Static could allow an attacker to bypass a whitelist of generated files CVE-2014-5269...

5CVSS6.2AI score0.02455EPSS
Exploits0References3
drupal
drupal
added 2014/07/30 12:0 a.m.25 views

SA-CONTRIB-2014-074 - Storage API - Code execution prevention

Storage API is a low-level framework for managed file storage and serving. The module creates an .htaccess file in the files directory to prevent code execution, but copied the Drupal core file and wasn't updated to include the improved file contents after SA-CORE-2013-003. This vulnerability is...

9.8CVSS9.5AI score0.0402EPSS
Exploits0References11
metasploit
metasploit
added 2009/07/22 7:10 p.m.47 views

FTP File Server

This module provides a FTP service This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'FTP File Server', 'Description' = %q This module provides a FTP service , 'Author' = 'hdm', 'License' =...

7AI score
Exploits0
httpd
httpd
added 2002/11/15 12:0 a.m.53 views

Apache Httpd < 2.0.44 : Apache can serve unexpected files

On Windows platforms Apache could be forced to serve unexpected files by appending illegal characters such as '' to the request URL...

5CVSS2.4AI score0.05581EPSS
Exploits0Affected Software1
Rows per page
Query Builder