214 matches found
EUVD-2013-6866
Malware in sbrugna...
EUVD-2022-1052
Malicious code in bioql PyPI...
CVE-2019-25087
A vulnerability was found in RamseyK httpserver. It has been rated as critical. This issue affects the function ResourceHost::getResource of the file src/ResourceHost.cpp of the component URI Handler. The manipulation of the argument uri leads to path traversal: '../filedir'. The attack may be...
Access Control Bypass
Overview Affected versions of this package are vulnerable to Access Control Bypass through the dispatchReadPump function. An attacker can execute arbitrary commands by sending specially crafted websocket requests. PoC echo -e '"type": "command", "content": "id"' |./websocat...
Fedora 37 : java-17-openjdk (2022-f687000ef7)
The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-f687000ef7 advisory. New in release OpenJDK 17.0.5 2022-10-18 Release announcement Full release notes Security Fixes - JDK-8282252: Improve BigInteger/Decimal validation...
Fedora 37 : java-11-openjdk (2022-945d2996cd)
The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-945d2996cd advisory. New in release OpenJDK 11.0.17 2022-10-18 Release announcement Full release notes Security Fixes - JDK-8282252: Improve BigInteger/Decimal validatio...
SUSE-SU-2024:3963-1 Security update for java-17-openjdk
This update for java-17-openjdk fixes the following issues: - Update to upstream tag jdk-17.0.13+11 October 2024 CPU Security fixes + JDK-8307383: Enhance DTLS connections + JDK-8290367, JDK-8332643: Update default value and extend the scope of com.sun.jndi.ldap.object.trustSerialData system...
cups-browsed Information Disclosure
Retrieve CUPS version and kernel version information from cups-browsed services. Module Options msf use auxiliary/scanner/misc/cupsbrowsedinfodisclosure msf auxiliarycupsbrowsedinfodisclosure show actions ...actions... msf auxiliarycupsbrowsedinfodisclosure set ACTION msf...
Magento XXE Unserialize Arbitrary File Read
This module exploits a XXE vulnerability in Magento 2.4.7-p1 and below which allows an attacker to read any file on the system. Module Options msf use auxiliary/gather/magentoxxecve202434102 msf auxiliarymagentoxxecve202434102 show actions ...actions... msf auxiliarymagentoxxecve202434102 set...
[SECURITY] Fedora 38 Update: proxygen-2023.10.16.00-1.fc38
Proxygen comprises the core C++ HTTP abstractions used at Facebook. Internally, it is used as the basis for building many HTTP servers, proxies, and clients. This release focuses on the common HTTP abstractions and our simple HTTPServer framework. Future releases will provide simple client APIs a...
[SECURITY] Fedora 37 Update: proxygen-2023.10.16.00-1.fc37
Proxygen comprises the core C++ HTTP abstractions used at Facebook. Internally, it is used as the basis for building many HTTP servers, proxies, and clients. This release focuses on the common HTTP abstractions and our simple HTTPServer framework. Future releases will provide simple client APIs a...
CVE-2023-5257
A vulnerability was found in WhiteHSBG JNDIExploit 1.4 on Windows. It has been rated as problematic. Affected by this issue is the function handleFileRequest of the file src/main/java/com/feihong/ldap/HTTPServer.java. The manipulation leads to path traversal. The exploit has been disclosed to the...
OpenJDK: HttpServer no connection count limit (Lightweight HTTP Server, 8286918)
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Lightweight HTTP Server. Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0...
CVE-2019-25087
A vulnerability was found in RamseyK httpserver. It has been rated as critical. This issue affects the function ResourceHost::getResource of the file src/ResourceHost.cpp of the component URI Handler. The manipulation of the argument uri leads to path traversal: '../filedir'. The attack may be...
CVE-2019-25087
A vulnerability was found in RamseyK httpserver. It has been rated as critical. This issue affects the function ResourceHost::getResource of the file src/ResourceHost.cpp of the component URI Handler. The manipulation of the argument uri leads to path traversal: '../filedir'. The attack may be...
Path traversal
A vulnerability was found in RamseyK httpserver. It has been rated as critical. This issue affects the function ResourceHost::getResource of the file src/ResourceHost.cpp of the component URI Handler. The manipulation of the argument uri leads to path traversal: '../filedir'. The attack may be...
CVE-2019-25087 RamseyK httpserver URI ResourceHost.cpp getResource path traversal
A vulnerability was found in RamseyK httpserver. It has been rated as critical. This issue affects the function ResourceHost::getResource of the file src/ResourceHost.cpp of the component URI Handler. The manipulation of the argument uri leads to path traversal: '../filedir'. The attack may be...
CVE-2019-25087 RamseyK httpserver URI ResourceHost.cpp getResource path traversal
A vulnerability was found in RamseyK httpserver. It has been rated as critical. This issue affects the function ResourceHost::getResource of the file src/ResourceHost.cpp of the component URI Handler. The manipulation of the argument uri leads to path traversal: '../filedir'. The attack may be...
CVE-2019-25087
CVE-2019-25087 concerns RamseyK httpserver. The vulnerability affects the ResourceHost::getResource function in src/ResourceHost.cpp (URI Handler) where improper handling of the uri argument enables path traversal (e.g., '../filedir'). The issue is exploitable remotely. A patch is referenced: 1a0...
RamseyK httpserver 路径遍历漏洞
RamseyK httpserver is used as a learning tool and is a high performance, single-threaded, HTTP/1.1 server written in C++. A security vulnerability exists in RamseyK httpserver that stems from a path traversal due to incorrect manipulation of the parameter uri...