Nuuo Central Management Server Authenticated Arbitrary File Download

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Nuuo Central Management Server Authenticated Arbitrary File Download', 'Description' = %q The Nuuo Central Management Server allows an...

Debian DLA-2307-1 : ruby-zip security update

rubyzip gem version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. This attack appear to be exploitable via if a site allows uploading of .zip files, an attacker can upload a malicious file that...

Debian: Security Advisory (DLA-2307-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DLA-2307-1 ruby-zip - security update

Bulletin has no description...

[SECURITY] [DLA 2307-1] ruby-zip security update

----------------------------------------------------------------------- Debian LTS Advisory DLA-2307-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta August 02, 2020 https://wiki.debian.org/LTS -...

Nuuo Central Management Server Authenticated Arbitrary File Download

The Nuuo Central Management Server allows an authenticated user to download files from the installation folder. This functionality can be abused to obtain administrative credentials, the SQL Server database password and arbitrary files off the system with directory traversal. The module will...

Debian DLA-1467-1 : ruby-zip security update

It was found that rubyzip, a Ruby module for reading and writing zip files, contained a Directory Traversal vulnerability that can be exploited to write arbitrary files to the filesystem. For Debian 8 'Jessie', this problem has been fixed in version 1.1.6-1+deb8u2. We recommend that you upgrade...

[SECURITY] [DLA 1467-1] ruby-zip security update

Package : ruby-zip Version : 1.1.6-1+deb8u2 CVE ID : CVE-2018-1000544 Debian Bug : 902720 It was found that rubyzip, a Ruby module for reading and writing zip files, contained a Directory Traversal vulnerability that can be exploited to write arbitrary files to the filesystem. For Debian 8...

DLA-1467-1 ruby-zip - security update

Bulletin has no description...

Debian: Security Advisory (DLA-1467-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-3801-1 : ruby-zip - security update

It was discovered that ruby-zip, a Ruby module for reading and writing zip files, is prone to a directory traversal vulnerability. An attacker can take advantage of this flaw to overwrite arbitrary files during archive extraction via a .. dot dot in an extracted filename. %NASLMINLEVEL 70300 C...

[SECURITY] [DSA 3801-1] ruby-zip security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3801-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 04, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3801-1] ruby-zip security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3801-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 04, 2017 https://www.debian.org/security/faq -...

DSA-3801-1 ruby-zip - security update

Bulletin has no description...

Debian Security Advisory DSA 3801-1 (ruby-zip - security update)

It was discovered that ruby-zip, a Ruby module for reading and writing zip files, is prone to a directory traversal vulnerability. An attacker can take advantage of this flaw to overwrite arbitrary files during archive extraction via a .. dot dot in an extracted filename. OpenVAS Vulnerability Te...

Debian: Security Advisory (DSA-3801-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...