CVE-2026-40189

goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.4, goshs enforces the documented per-folder .goshs ACL/basic-auth mechanism for directory listings and file reads, but it does not enforce the same authorization checks for state-changing routes. An unauthenticated attacker can upload...

CVE-2026-40189

CVE-2026-40189 affects goshs, a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.4, goshs enforces per-folder .goshs ACL/basic-auth for directory listings and file reads but does not enforce the same authorization checks for state-changing routes. An unauthenticated attacker can perform state-...

EUVD-2000-1118

Malware in sbrugna...

CVE-2023-45159

1E Client installer can perform arbitrary file deletion on protected files. A non-privileged user could provide a symbolic link or Windows junction to point to a protected directory in the installer that the 1E Client would then clear on service startup. A hotfix is available from the 1E support...

CVE-2023-45159 1E Client installer can perform arbitrary file deletion on protected files

1E Client installer can perform arbitrary file deletion on protected files. A non-privileged user could provide a symbolic link or Windows junction to point to a protected directory in the installer that the 1E Client would then clear on service startup. A hotfix is available from the 1E support...

EulerOS 2.0 SP10 : lxc (EulerOS-SA-2023-1532)

According to the versions of the lxc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may allow local users to infer whether any file exists, even within a protected...

EulerOS 2.0 SP9 : lxc (EulerOS-SA-2023-1476)

According to the versions of the lxc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may allow local users to infer whether any file exists, even within a protected...

CVE-2022-47952

lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may allow local users to infer whether any file exists, even within a protected directory tree, because "Failed to open" often indicates that a file does not exist, whereas "does not refer to a network namespace path" often indicates...

CVE-2022-47952

lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may allow local users to infer whether any file exists, even within a protected directory tree, because "Failed to open" often indicates that a file does not exist, whereas "does not refer to a network namespace path" often indicates...

CVE-2022-47952

lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may allow local users to infer whether any file exists, even within a protected directory tree, because "Failed to open" often indicates that a file does not exist, whereas "does not refer to a network namespace path" often indicates...

IBM SPSS Statistics for Windows Denial of Service Vulnerability

IBM SPSS Statistics is a powerful statistical software platform currently available for Windows and Mac operating systems. a denial of service vulnerability exists in IBM SPSS Statistics for Windows. A local attacker can exploit this vulnerability to cause a denial of service by writing arbitrary...

IBM Spss Statistics 缓冲区错误漏洞

IBM SPSS Statistics is a powerful statistical software platform currently available for Windows and Mac operating systems. a denial of service vulnerability exists in IBM SPSS Statistics for Windows. A local attacker can exploit this vulnerability to cause a denial of service by writing arbitrary...

Undertow Missing Authorization when requesting a protected directory without trailing slash

undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api...

Net Monitor for Employees Pro Unordered Service Path Privilege Escalation Vulnerability

NetMonitorForEmployeesProfessional is a remote employee monitoring software, it is a software application for PC platforms, the software size is 13362KB. An out-of-order service path privilege escalation vulnerability exists in Net Monitor for Employees Pro. The vulnerability stems from a "block...

Blazix 1.2 Password Protected Directory Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5567/info Blazix is a freely available, open source web server written in Java. It is available for Linux and Microsoft Windows operating systems. Blazix does not properly handle some special characters when appended to...

Blazix 1.2 - Password Protected Directory Information Disclosure

Blazix 1.2 - Password Protected Directory Information Disclosure source: https://www.securityfocus.com/bid/5567/info Blazix is a freely available, open source web server written in Java. It is available for Linux and Microsoft Windows operating systems. Blazix does not properly handle some specia...