Gurock TestRail Application files.md5 Exposure

Improper access control in Gurock TestRail versions 7.2.0.3014 resulted in sensitive information exposure. A threat actor can access the /files.md5 file on the client side of a Gurock TestRail application, disclosing a full list of application files and the corresponding file paths which can then...

CVE-2026-4542

A vulnerability has been found in SSCMS 4.7.0. The affected element is an unknown function of the file LayerImageController.Submit.cs of the component layerImage Endpoint. Such manipulation of the argument filePaths leads to path traversal. The attack may be performed from remote. The exploit has...

MiracleLinux 8 : squashfs-tools-4.3-21.el8 (AXSA:2024-8222:02)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2024-8222:02 advisory. squashfs-tools: unvalidated filepaths allow writing outside of destination CVE-2021-40153 squashfs-tools: possible Directory Traversal via symbolic...

MiracleLinux 9 : squashfs-tools-4.4-10.git1.el9 (AXSA:2024-7853:01)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2024-7853:01 advisory. squashfs-tools: unvalidated filepaths allow writing outside of destination CVE-2021-40153 squashfs-tools: possible Directory Traversal via symbolic...

squashfs-tools security update

An update is available for squashfs-tools. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list SquashFS is a highly compressed read-only file system for Linux. These...

RockyLinux 9 : squashfs-tools (RLSA-2024:2396)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2396 advisory. squashfs-tools: unvalidated filepaths allow writing outside of destination CVE-2021-40153 squashfs-tools: possible Directory Traversal via symbolic link...

Rocky Linux 8 : squashfs-tools (RLSA-2024:3139)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3139 advisory. squashfs-tools: unvalidated filepaths allow writing outside of destination CVE-2021-40153 squashfs-tools: possible Directory Traversal via symbolic link...

Oracle Linux 8 : squashfs-tools (ELSA-2024-3139)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-3139 advisory. 4.3-21 - CVE-2021-41072 squashfs-tools: additional write outside destination directory exploit fix CVE-2021-40153 squashfs-tools: unvalidated filepaths...

squashfs-tools security update

4.3-21 - CVE-2021-41072 squashfs-tools: additional write outside destination directory exploit fix CVE-2021-40153 squashfs-tools: unvalidated filepaths allow writing outside of destination Resolves: rhbz2007303 rhbz2000637...

RHEL 8 : squashfs-tools (RHSA-2024:3139)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:3139 advisory. SquashFS is a highly compressed read-only file system for Linux. These packages contain the utilities for manipulating squashfs file systems...

Moderate: Red Hat Security Advisory: squashfs-tools security update

An update for squashfs-tools is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

RHEL 9 : squashfs-tools (RHSA-2024:2396)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:2396 advisory. SquashFS is a highly compressed read-only file system for Linux. These packages contain the utilities for manipulating squashfs file systems...

Filepaths contain Dangerous characters (Windows)

This Tenable product detected files or paths on the scanned Windows system which contain characters with command injection or privilege escalation potential. Although characters such as singlequote, ampersand, and semicolon are perfectly valid Windows filepath characters, use of them may lead to...

Filepaths contain Dangerous characters (Linux)

This Tenable product detected files or paths on the scanned Unix-like system which contain characters with command injection or privilege escalation potential. Although almost any character is valid for an entry in this kind of filesystem, such as semicolons, use of some of them may lead to...

Directory Traversal

smarty is vulnerable to a directory traversal attack. The library does not properly sanitize filepaths in the templates, allowing a malicious user to traverse the directory by executing the code on the templates...

Directory Traversal

github.com/kubernetes/kubernetes is vulnerable to directory traversals. The library does not properly validate filepaths when copying files to a pod, allowing a malicious user to traverse the directory...

Windows x64 - Download & Execute Shellcode (358 bytes)

Windows x64 - Download & Execute Shellcode 358 bytes. Shellcode exploit for Winx86-64 platform / Title : Windows x64 Download+Execute Shellcode Author : Roziul Hasan Khan Shifat Date : 24-11-2016 size : 358 bytes Tested on : Windows 7 x64 Professional Email : [email protected] / / section .text...