75 matches found
CLSA-2021-1638804072 Fix CVE(s): CVE-2021-3426
SECURITY UPDATE: directory traversal - debian/patches/CVE-2021-3426.patch: remove 'getfile' feature from pydoc which can be used to leak sensitive data to unauthorized actors. - CVE-2021-3426...
Python < 3.6.14, 3.7.x < 3.7.11, 3.8.x < 3.8.9, 3.9.x < 3.9.3 Python Issue (bpo-42988) - Mac OS X
Python is prone to an information disclosure vulnerability via pydoc getfile. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
MDT AutoSave 信息泄露漏洞
MDT AutoSave is a software application. It provides an automated change management function. An information disclosure vulnerability exists in MDT AutoSave, which stems from the lack of security restrictions on the working directory, and allows an attacker to obtain information about a temporary...
CVE-2021-3426
There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to...
Arbitrary File Read
python3.5 is vulnerable to arbitrary file read. Running pydoc -p allows other local users to extract arbitrary files. The /getfile?key=path URL allows to read arbitrary file on the file system...
CVE-2019-1000031
A disk space or quota exhaustion issue exists in article2pdfgetfile.php in the article2pdf Wordpress plugin 0.24, 0.25, 0.26, 0.27. Visiting PDF generation link but not following the redirect will leave behind a PDF file on disk which will never be deleted by the plug-in...
PT-2019-11530 · WordPress · Article2Pdf
Name of the Vulnerable Software and Affected Versions: article2pdf Wordpress plugin versions 0.24 through 0.27 Description: An Information Disclosure / Data Modification issue exists in the article2pdf getfile.php file. A URL can be constructed to override the PDF file's path, allowing the downlo...
Claymore Dual GPU miner directory traversal vulnerability
Claymore Dual GPU miner is a GPU monitoring software for mining virtual currency computing. A directory traversal vulnerability exists in the remote management interface in Claymore Dual GPU miner version 10.1. A remote attacker could exploit this vulnerability by sending a pathname to minerfile ...
PT-2011-4788 · Ammsoft · Scriptftp
Name of the Vulnerable Software and Affected Versions: AmmSoft ScriptFTP version 3.3 Description: The issue is a stack-based buffer overflow that allows remote FTP servers to execute arbitrary code. This can occur when a long filename is received in response to a LIST command. The exploitation ca...
ScriptFTP 'GETLIST' or 'GETFILE' Commands Remote Buffer Overflow Vulnerability
This host is installed with ScriptFTP and is prone to buffer overflow vulnerability. OpenVAS Vulnerability Test $Id: secpodscriptftpcmdbofvuln.nasl 5367 2017-02-20 14:16:52Z cfi $ ScriptFTP 'GETLIST' or 'GETFILE' Commands Remote Buffer Overflow Vulnerability Authors: Sooraj KS Copyright: Copyrigh...
BlogEngine.NET api/BlogImporter.asmx GetFile Function Unauthorized Access
The web server hosts BlogEngine.NET, an open source .NET blogging project. An install of the software on the remote host allows unauthenticated access to the 'GetFile' function of the 'api/BlogImporter.asmx' script. An unauthenticated, remote attacker may be able to abuse this function to copy...
Path traversal
Absolute path traversal vulnerability in a certain ActiveX control in the CYFT object in ft60.dll in Yahoo! Messenger 8.1.0.421 allows remote attackers to force a download, and create or overwrite arbitrary files via a full pathname in the second argument to the GetFile method...
yim-download.txt
----------------------------------------------------------------------------- Yahoo! Messenger 8.1.0.421 CYFT Object ft60.dll Arbitrary File Download url: http://download.yahoo.com/dl/msgr8/us/ymsgr8us.exe Author: shinnai mail: shinnaiatautisticidotorg site: http://shinnai.altervista.org This was...
PT-2003-2448 · Aol · Aol Instant Messenger
Name of the Vulnerable Software and Affected Versions: AOL Instant Messenger AIM version 5.2.3292 Description: The issue allows remote attackers to execute arbitrary code via an aim:getfile URL with a long screen name. This is a result of a buffer overflow. Recommendations: For AOL Instant...
Allaire Forums 2.0.4 - Getfile
source: https://www.securityfocus.com/bid/229/info An Allaire Forums file "GetFile.cfm" in the root of the application directory allows anyone to access any file on the Forums server. This vulnerability affects Forums 2.0.4 and earlier. Type the URL...