3 matches found
WsgiDAV encoded dot segments can escape filesystem share roots
Impact WsgiDAV 4.3.3 can allow a WebDAV request path containing an encoded parent-directory segment to escape the configured filesystem share root in a specific path layout. Patches The issue is fixed with version 4.3.4. Preconditions The practical impact depends on the deployment. The deployment...
Code injection
fusermount in FUSE before 2.7.5, and 2.8.x before 2.8.2, allows local users to unmount an arbitrary FUSE filesystem share via a symlink attack on a mountpoint...
CVE-2007-1222
Vulnerability: Parallels Desktop for Mac before 20070216 allows a guest OS user to affect the host by exposing the entire host filesystem via the .psf share. Root cause: the Drag and Drop mechanism shares the host filesystem with the guest, enabling write access to host files. Impact: local guest...