Directory Traversal

Overview psitransfer is a Simple open source self-hosted file sharing solution Affected versions of this package are vulnerable to Directory Traversal through the Store.getFilename path resolution in the upload storage component. An attacker can escape the upload jail and read or overwrite files...

XWiki Platform 安全漏洞

XWiki Platform is XWiki's open source suite of wiki platforms for creating web collaboration applications. A security vulnerability exists in XWiki Platform versions 16.10.10 and earlier, 17.0.0-rc-1 through 17.4.3, and 17.5.0-rc-1 through 17.6.0, which stems from a missing request restriction th...

PYSEC-2021-25

Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 requests to user provided domains were not restricted to external IP addresses when transitional IPv6...

Security Bulletin: Apache Tomcat vulnerability affects IBM SONAS (CVE-2016-3092)

Summary Apache Tomcat Commons FileUpload Vulnerability Vulnerability Details This bulletin relates to vulnerabilities in the Apache Tomcat component which is used to provide the product’s management GUI. The CLI interface is unaffected. CVEID: CVE-2016-3092 DESCRIPTION: Apache Tomcat is vulnerabl...

CVE-2015-5828

The API in the WebKit Plug-ins component in Apple Safari before 9 does not provide notification of an HTTP Redirection aka 3xx status code to a plugin, which allows remote attackers to bypass intended request restrictions via a crafted web site...