Apache Answer 代码问题漏洞

Apache Answer is a community platform of the Apache Foundation in the United States. Versions of Apache Answer 2.0.0 and earlier had code vulnerabilities. These vulnerabilities stemmed from insufficient restrictions on the upload of dangerous types of files. The server did not properly verify the...

Froxlor 后置链接漏洞

Froxlor is a set of lightweight server management software developed by the Froxlor team. Versions of Froxlor prior to 2.3.6 had a post-installation link vulnerability. This vulnerability stemmed from the DataDump.add function not passing the $fixedhomedir parameter when constructing the export...

BusyBox 安全漏洞

BusyBox is a set of applications developed by Denis Vlasenko from Ukraine. It contains multiple Linux commands and tools. BusyBox has a security vulnerability; this vulnerability arises from the lack of verification during the extraction of hard links or symbolic links in tar archives. This may...

CLSA-2025-1763136711 Fix CVE(s): CVE-2022-29154, CVE-2024-12087, CVE-2024-12088

SECURITY UPDATE: malicious remote servers to write arbitrary files inside the directories of connecting peers: - debian/patches/els/0001-CVE-2022-29154.patch: fix insufficient validation of file names. - CVE-2022-29154. SECURITY UPDATE: path traversal vulnerability. -...

rsync: Fix of CVE-2024-12088

CVE-2024-12088: fix improper verification of symbolic link destinations to prevent path traversal vulnerability...

Amazon Linux 2023 : rsync, rsync-daemon (ALAS2023-2025-801)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-801 advisory. A flaw was found in the rsync daemon which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length s2length to cause a comparison...

Amazon Linux AMI : rsync (ALAS-2025-1955)

The version of rsync installed on the remote host is prior to 3.0.6-12.17. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2025-1955 advisory. A flaw was found in the rsync daemon which could be triggered when rsync compares file checksums. This flaw allows an...

CVE-2024-12088 Rsync: --safe-links option bypass leads to path traversal

A flaw was found in rsync. When using the --safe-links option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the...

Ghost unauthorized newsletter modification vulnerability

Talos Vulnerability Report TALOS-2022-1624 Ghost unauthorized newsletter modification vulnerability December 21, 2022 CVE Number CVE-2022-41654 SUMMARY An authentication bypass vulnerability exists in the newsletter subscription functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted...

Shopify: Account takeover intercepting magic link for Arrive app

Summary The "magic link" used for login by Arrive app uses Branch.io to pass the login token via deeplink to the app. But the URL contained in the link app.link domain is not verified so it can be intercepted by a malicious app at takeover the account. Description When trying to login with Arrive...

DEBIAN-CVE-2010-2023

transports/appendfile.c in Exim before 4.72, when a world-writable sticky-bit mail directory is used, does not verify the stnlink field of mailbox files, which allows local users to cause a denial of service or possibly gain privileges by creating a hard link to another user's file...

Hot Links Pro 3.x XSS vuln.

Hot Links Pro 3.x XSS vuln. Vuln. dicovered by : r0t Date: 5 dec. 2005 Orginal advisory:http://pridels.blogspot.com/2005/12/hot-links-pro-3x-xss-vuln.html vendor:http://www.mrcgiguy.com/hl3details.shtml affected version:3.x and prior Product Description: Directory style index allows for easy...

Hot Links SQL 3.x XSS vuln.

Hot Links SQL 3.x XSS vuln. Vuln. dicovered by : r0t Date: 5 dec. 2005 Orginal advisory:http://pridels.blogspot.com/2005/12/hot-links-sql-3x-xss-vuln.html vendor:http://www.mrcgiguy.com/hlsqldetails.shtml affected version:3.1.x and prior Product Description: irectory style index allows for easy...

Чтение файлов через rlmadmin (unauthorized access)

При чтении файла в директории указанной пользователем не проверяется наличие символьных линков...