7 matches found
rsync: rsync server leaks arbitrary client files
A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare wi...
SUSE-SU-2025:20223-1 Security update for rsync
This update for rsync fixes the following issues: - Bump protocol version to 32 - make it easier to show server is patched. - Fix FLAGGOTDIRFLIST collission with FLAGHLINKED - Security update,CVE-2024-12747, bsc1235475 race condition in handling symbolic links - Security update, fix multiple...
SUSE-SU-2025:20122-1 Security update for rsync
This update for rsync fixes the following issues: - CVE-2024-12084: Fixed Heap Buffer Overflow in Checksum Parsing bsc1234100. - CVE-2024-12085: Fixed Info Leak via uninitialized Stack contents defeating ASLR bsc1234101. - CVE-2024-12086: Fixed server leaking arbitrary client files bsc1234102. -...
GHSA-V4HR-4JPX-56GC Streamlit directory traversal vulnerability
Impact Users hosting Streamlit apps that use custom components are vulnerable to a directory traversal attack that could leak data from their web server file-system such as: server logs, world readable files, and potentially other sensitive information. An attacker can craft a malicious URL with...
OS4Ed OpenSIS 路径遍历漏洞
OS4Ed OpenSIS is OS4Ed's commercial grade, secure, scalable and intuitive student information system, school management software. With all the features to run single or multiple organizations in one installation. Web-based, php code, MySQL database. A path traversal vulnerability exists in OS4Ed...
Ruby on Rails Arbitrary File Read Vulnerability
Ruby on Rails is a very productive, high-maintenance, easy-to-deploy Ruby on Rails Ruby on Rails is a very productive, high-maintenance, and easy-to-deploy web development framework developed using Ruby, and is one of the preferred frameworks for web application development worldwide. Ruby on Rai...
CVE-2018-8819
An XXE issue was discovered in Automated Logic Corporation ALC WebCTRL Versions 6.0, 6.1 and 6.5. An unauthenticated attacker could enter malicious input to WebCTRL and a weakly configured XML parser will allow the application to disclose full file contents from the underlying web server OS via t...