CVE-2022-23644

BookWyrm is a decentralized social network for tracking reading habits and reviewing books. The functionality to load a cover via url is vulnerable to a server-side request forgery attack. Any BookWyrm instance running a version prior to v0.3.0 is susceptible to attack from a logged-in user. The...

Multiple FTP Server quote stat Command Traversal Arbitrary Directory Access

The remote FTP server is vulnerable to a flaw that allows users to access files outside the FTP server root. An attacker may break out of his FTP jail by issuing the command : ftp quote stat ../ Some versions of VisNetic FTP Server and Titan FTP Server are known to be affected by this issue. C...

Thunderstone Software Texis Crafted Request Information Disclosure

The remote installation of Texis can be abused to disclose potentially sensitive information about the remote host, such as its internal IP address and the path to various components eg, cmd.exe. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...

Taskpads ActiveX Control incorrectly marked safe-for-scripting

Overview The taskpads ActiveX control included with some resource kit products circa February 1999 was incorrectly marked safe-for-scripting. Description The taskpads ActiveX control included with the Microsoft Windows 98 resource kit, the Microsoft Windows 98 resource kit sampler, and the Back...