CVE-2023-34092 Vite Server Options (server.fs.deny) can be bypassed using double forward-slash (//)

Vite provides frontend tooling. Prior to versions 2.9.16, 3.2.7, 4.0.5, 4.1.5, 4.2.3, and 4.3.9, Vite Server Options server.fs.deny can be bypassed using double forward-slash // allows any unauthenticated user to read file from the Vite root-path of the application including the default fs.deny...

CVE-2022-0011

PAN-OS software provides options to exclude specific websites from URL category enforcement and those websites are blocked or allowed depending on your rules regardless of their associated URL category. This is done by creating a custom URL category list or by using an external dynamic list EDL i...

Flash Broker-Based - Sandbox Escape via Forward Slash Instead of Backslash

Source: https://code.google.com/p/google-security-research/issues/detail?id=278&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id FlashBroker - Junction Check Bypass With Forward Slash IE PM Sandbox Escape 1. Windows 8.1 Internet Explorer Protected Mode Bypass in FlashBroker...

Flash Broker-Based - Sandbox Escape via Forward Slash Instead of Backslash

Flash Broker-Based - Sandbox Escape via Forward Slash Instead of Backslash Source: https://code.google.com/p/google-security-research/issues/detail?id=278&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id FlashBroker - Junction Check Bypass With Forward Slash IE PM Sandbox...

CVE-2013-2182

The Mandril security plugin in Monkey HTTP Daemon monkeyd before 1.5.0 allows remote attackers to bypass access restrictions via a crafted URI, as demonstrated by an encoded forward slash...

Authentication flaw

The Mandril security plugin in Monkey HTTP Daemon monkeyd before 1.5.0 allows remote attackers to bypass access restrictions via a crafted URI, as demonstrated by an encoded forward slash...

CVE-2013-2182

The CVE-2013-2182 entry concerns the Mandril security plugin in Monkey HTTP Daemon (monkeyd) prior to 1.5.0. The root cause is a bypass of access restrictions via a crafted URI, demonstrated by an encoded forward slash, enabling remote attackers to access restricted paths. Public references corro...

CVE-2013-2182

The Mandril security plugin in Monkey HTTP Daemon monkeyd before 1.5.0 allows remote attackers to bypass access restrictions via a crafted URI, as demonstrated by an encoded forward slash...

Apache Patch released for Reverse proxy Bypass Vulnerability

Apache Patch released for Reverse proxy Bypass Vulnerability Security experts at Context have discovered a hole in the Apache web server that allows remote attackers to access internal servers. Security experts are warning firms running the Apache web server to keep up to date with the latest...

3D-FTP 8.01 - 'LIST' / 'MLSD' Directory Traversal

source: https://www.securityfocus.com/bid/29749/info 3D-FTP is prone to multiple directory-traversal vulnerabilities because it fails to sufficiently sanitize user-supplied input data. Exploiting these issues allows an attacker to write arbitrary files to locations outside of the FTP client's...