EulerOS Virtualization for ARM 64 3.0.2.0 : lua (EulerOS-SA-2020-1220)

According to the version of the lua package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attackers to...

lua-resty-waf

This repository is an exploit module/toolkit targeting OpenResty, a high-performance web server built on the Nginx core. The primary vulnerability class/vector is not explicitly stated, but based on the code and metadata, it appears to be a remote code execution RCE vulnerability. The probable...

Wing FTP Server - Authenticated CSRF (Delete Admin)

Exploit Title: Wing FTP Server 6.2.3 - Privilege Escalation Date: 2020-03-10 Exploit Author: Dhiraj Mishra Vendor Homepage: https://www.wftpserver.com Version: v6.2.6 Tested on: Windows 10 Summary: An authenticated CSRF exists in web client and web administration of Wing FTP v6.2.6, a crafted HTM...

Wing FTP Server 6.2.3 Cross Site Request Forgery Vulnerability

Exploit Title: Wing FTP Server 6.2.3 - Privilege Escalation Exploit Author: Dhiraj Mishra Vendor Homepage: https://www.wftpserver.com Version: v6.2.6 Tested on: Windows 10 Summary: An authenticated CSRF exists in web client and web administration of Wing FTP v6.2.6, a crafted HTML page could dele...

Wing FTP Server Local Elevation of Privilege Vulnerability

Wing FTP Server is an easy-to-use, secure and reliable FTP server software for Windows, Linux, Mac OS and Solaris. A local elevation of privilege vulnerability exists in Wing FTP Server 6.2.5 and earlier versions. The vulnerability stems from insecure permissions when handling session cookies. A...

lua-users.org Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1113149 Security Researcher ipsbruno Helped patch 4 vulnerabilities Received 0 Coordinated Disclosure badges , found a security vulnerability affecting lua-users.org website and its users. Following coordinated and responsible vulnerability disclosure guidelines of the ISO...

CVE-2020-9470

An issue was discovered in Wing FTP Server 6.2.5 before February 2020. Due to insecure permissions when handling session cookies, a local user may view the contents of the session and sessionadmin directories, which expose active session cookies within the Wing FTP HTTP interface and administrati...

CVE-2020-9470

An issue was discovered in Wing FTP Server 6.2.5 before February 2020. Due to insecure permissions when handling session cookies, a local user may view the contents of the session and sessionadmin directories, which expose active session cookies within the Wing FTP HTTP interface and administrati...

Design/Logic Flaw

An issue was discovered in Wing FTP Server 6.2.5 before February 2020. Due to insecure permissions when handling session cookies, a local user may view the contents of the session and sessionadmin directories, which expose active session cookies within the Wing FTP HTTP interface and administrati...

CVE-2020-9470

An issue was discovered in Wing FTP Server 6.2.5 before February 2020. Due to insecure permissions when handling session cookies, a local user may view the contents of the session and sessionadmin directories, which expose active session cookies within the Wing FTP HTTP interface and administrati...

Wing FTP Server 6.2.5 - Privilege Escalation

Wing FTP Server 6.2.5 - Privilege Escalation Exploit Title: Wing FTP Server 6.2.5 - Privilege Escalation Google Dork: intitle:"Wing FTP Server - Web" Date: 2020-03-03 Exploit Author: Cary Hooper Vendor Homepage: https://www.wftpserver.com Software Link:...

CVE-2020-9432

opensslx509checkhost in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses luapushboolean for certain non-boolean return values...

CVE-2020-9434

opensslx509checkipasc in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses luapushboolean for certain non-boolean return values...

CVE-2020-9434

opensslx509checkipasc in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses luapushboolean for certain non-boolean return values...

CVE-2020-9432

opensslx509checkhost in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses luapushboolean for certain non-boolean return values...

CVE-2020-9433

opensslx509checkemail in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses luapushboolean for certain non-boolean return values...

CVE-2020-9433

opensslx509checkemail in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses luapushboolean for certain non-boolean return values...

Input validation

opensslx509checkemail in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses luapushboolean for certain non-boolean return values...

Input validation

opensslx509checkipasc in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses luapushboolean for certain non-boolean return values...

Input validation

opensslx509checkhost in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses luapushboolean for certain non-boolean return values...