Lucene search
K

347 matches found

RedHat Linux
RedHat Linux
added 2017/04/03 9:2 p.m.4 views

Spark: Directory traversal vulnerability in version 2.5

A path traversal issue was found in Spark version 2.5 and potentially earlier versions. The vulnerability resides in the functionality to serve static files where there's no protection against directory traversal attacks. This could allow attackers access to private files including sensitive data...

7.5CVSS5.7AI score0.05074EPSS
Exploits1References5
NVD
NVD
added 2016/01/12 8:59 p.m.16 views

CVE-2016-1231

Directory traversal vulnerability in the HTTP file-serving module modhttpfiles in Prosody 0.9.x before 0.9.9 allows remote attackers to read arbitrary files via a .. dot dot in an unspecified path...

5.9CVSS6.5AI score0.02867EPSS
Exploits0References7
OSV
OSV
added 2016/01/12 8:59 p.m.7 views

CVE-2016-1231

Directory traversal vulnerability in the HTTP file-serving module modhttpfiles in Prosody 0.9.x before 0.9.9 allows remote attackers to read arbitrary files via a .. dot dot in an unspecified path...

5.9CVSS7.4AI score
Exploits0References7
Prion
Prion
added 2016/01/12 8:59 p.m.21 views

Directory traversal

Directory traversal vulnerability in the HTTP file-serving module modhttpfiles in Prosody 0.9.x before 0.9.9 allows remote attackers to read arbitrary files via a .. dot dot in an unspecified path...

4.3CVSS7AI score0.02867EPSS
Exploits0References7Affected Software3
UbuntuCve
UbuntuCve
added 2016/01/12 8:59 p.m.27 views

CVE-2016-1231

Directory traversal vulnerability in the HTTP file-serving module modhttpfiles in Prosody 0.9.x before 0.9.9 allows remote attackers to read arbitrary files via a .. dot dot in an unspecified path...

5.9CVSS7AI score0.02867EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2016/01/12 8:0 p.m.27 views

CVE-2016-1231

Directory traversal vulnerability in the HTTP file-serving module modhttpfiles in Prosody 0.9.x before 0.9.9 allows remote attackers to read arbitrary files via a .. dot dot in an unspecified path...

5.9CVSS6.4AI score0.02867EPSS
Exploits0
Cvelist
Cvelist
added 2016/01/12 8:0 p.m.30 views

CVE-2016-1231

Directory traversal vulnerability in the HTTP file-serving module modhttpfiles in Prosody 0.9.x before 0.9.9 allows remote attackers to read arbitrary files via a .. dot dot in an unspecified path...

6.4AI score0.02867EPSS
Exploits0References7
Debian
Debian
added 2016/01/10 10:7 a.m.29 views

[SECURITY] [DSA 3439-1] prosody security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3439-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 10, 2016 https://www.debian.org/security/faq -...

7.5CVSS7.5AI score0.02867EPSS
Exploits0
OpenVAS
OpenVAS
added 2016/01/10 12:0 a.m.30 views

Debian Security Advisory DSA 3439-1 (prosody - security update)

Two vulnerabilities were discovered in Prosody, a lightweight Jabber/XMPP server. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2016-1231 Kim Alvefur discovered a flaw in Prosody OpenVAS Vulnerability Test $Id: deb3439.nasl 6608 2017-07-07 12:05:05Z cfische...

5CVSS0.02867EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2016/01/09 12:0 a.m.31 views

Debian: Security Advisory (DSA-3439-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.3AI score0.02867EPSS
Exploits0References3
Cvelist
Cvelist
added 2015/07/16 10:0 a.m.32 views

CVE-2015-3244

The Portlet Bridge for JavaServer Faces in Red Hat JBoss Portal 6.2.0, when used in portlets with the default resource serving for GenericPortlet, does not properly restrict access to restricted resources, which allows remote attackers to obtain sensitive information via a URL with a modified...

6.1AI score0.01496EPSS
Exploits0References4
PyPA
PyPA
added 2015/01/16 4:59 p.m.5 views

PYSEC-2015-6

The django.views.static.serve view in Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 reads files an entire line at a time, which allows remote attackers to cause a denial of service memory consumption via a long line in a file...

5CVSS6.8AI score0.04334EPSS
Exploits1References14Affected Software1
OSV
OSV
added 2015/01/13 12:0 a.m.0 views

UBUNTU-CVE-2015-0221

The django.views.static.serve view in Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 reads files an entire line at a time, which allows remote attackers to cause a denial of service memory consumption via a long line in a file...

5CVSS5.8AI score0.04334EPSS
Exploits1References4
OSV
OSV
added 2014/11/26 10:14 a.m.9 views

MGASA-2014-0486 Updated perl-Plack package fixes security vulnerability

Plack::App::File would previously strip trailing slashes off provided paths. This in combination with the common pattern of serving files with Plack::Middleware::Static could allow an attacker to bypass a whitelist of generated files CVE-2014-5269...

5CVSS6.2AI score0.02455EPSS
Exploits0References3
Drupal
Drupal
added 2014/07/30 12:0 a.m.24 views

SA-CONTRIB-2014-074 - Storage API - Code execution prevention

Storage API is a low-level framework for managed file storage and serving. The module creates an .htaccess file in the files directory to prevent code execution, but copied the Drupal core file and wasn't updated to include the improved file contents after SA-CORE-2013-003. This vulnerability is...

9.8CVSS9.5AI score0.0402EPSS
Exploits0References11
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.26 views

RobTex Viking Server 1.0.7 Relative Path Webroot Escaping Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2643/info The Viking Server is a freely available software package maintained and distributed by Robtex. The Viking Server provides multiple protocol service on Windows 95, 98, and NT systems. A problem in the software...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2011/09/30 6:9 p.m.5 views

Virus removal website compromised to serving malware

Virus removal website compromised to serving malware One of the Famous Virus Removal Service website : laptopvirusrepair.co.uk is compromised and Hacker is Serving Malware on the website. In above screenshot Avira detects the JS/Blacole.psak Java script Virus hosted on the site. The snippet of co...

7.3AI score
Exploits0
ThreatPost
ThreatPost
added 2009/12/23 9:6 p.m.8 views

OpenX Ad Serving SW Attacked

Hackers have exploited flaws in a popular open-source advertising software to place malicious code on advertisements on several popular Web sites over the past week. Read the full article. Computerworld...

3.7AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2009/08/31 12:0 a.m.40 views

IBM WebSphere Application Server 7.0 < Fix Pack 5

IBM WebSphere Application Server 7.0 before Fix Pack 5 appears to be running on the remote host. As such, it is reportedly affected by multiple vulnerabilities : - Non-standard HTTP methods are allowed. PK73246 - If the admin console is directly accessed from HTTP, the console fails to redirect t...

10CVSS7.7AI score0.04254EPSS
Exploits4References15
Prion
Prion
added 2009/08/13 6:30 p.m.15 views

Design/Logic Flaw

IBM WebSphere Application Server WAS 7.0 before 7.0.0.5 does not properly read the portletServingEnabled parameter in ibm-portlet-ext.xmi, which allows remote attackers to bypass intended access restrictions via unknown vectors...

7.5CVSS6.9AI score0.01539EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder