Lucene search
K

7 matches found

Github Security Blog
Github Security Blog
added 2026/06/12 9:53 p.m.13 views

File Browser: Symlink following lets scoped users read, overwrite, and share files outside their filebrowser scope

Summary File Browser enforces per-user scope with afero.NewBasePathFsafero.NewOsFs, scope, set up in users/users.go. This blocks lexical ../ traversal, but it does not stop the HTTP file handlers from following symbolic links before they open, serve, write, share, or list a file. As a result, a...

7.5CVSS5.1AI score0.0046EPSS
Exploits0References4Affected Software2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-3416

Malicious code in bioql PyPI...

5CVSS6.4AI score0.02118EPSS
Exploits0References9
Packet Storm
Packet Storm
added 2025/07/04 12:0 a.m.111 views

📄 AndroMouse Server 8.0 Unauthenticated Directory Enumeration

AndroMouse Server version 8.0 exposes an unauthenticated TCP command interface on port 8888. A remote attacker can send crafted commands to enumerate the contents of arbitrary directories on the host file system, without user interaction or authentication. Exploit Title: AndroMouse Server 8.0 –...

8AI score
Exploits0
OSV
OSV
added 2022/05/13 1:13 a.m.24 views

GHSA-9P54-PC88-36C4 Moodle does not properly restrict access to category and course data

The filebrowser component in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 does not properly restrict access to category and course data, which allows remote attackers to obtain potentially sensitive information via a request for a file...

5CVSS6AI score0.02118EPSS
Exploits0References9
UbuntuCve
UbuntuCve
added 2012/07/11 10:26 a.m.20 views

CVE-2011-4300

The filebrowser component in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 does not properly restrict access to category and course data, which allows remote attackers to obtain potentially sensitive information via a request for a file...

5CVSS5.9AI score0.02118EPSS
Exploits0References1
CVE
CVE
added 2012/07/11 10:0 a.m.51 views

CVE-2011-4300

The CVE-2011-4300 issue affects Moodle’s file_browser in versions 2.0.0–2.0.4 and 2.1.0–2.1.1. It fails to properly restrict access to category and course data, enabling remote attackers to obtain potentially sensitive information by requesting a file. The documented remediation is to upgrade to ...

5CVSS6.2AI score0.02118EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2012/07/11 10:0 a.m.21 views

CVE-2011-4300

The filebrowser component in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 does not properly restrict access to category and course data, which allows remote attackers to obtain potentially sensitive information via a request for a file...

6AI score0.02118EPSS
Exploits0References3
Rows per page
Query Builder