15 matches found
ROS-20230406-01
A vulnerability in the curl program is related to the incorrect replacement of the tilde character when used as a prefix in the first path element, in addition to its intended use as the first element to specify a path relative to a user's home directory. element to specify a path relative to the...
CVE-2023-27534
A path traversal vulnerability exists in curl 8.0.0 SFTP implementation causes the tilde character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can...
CVE-2023-27534
A path traversal vulnerability exists in curl 8.0.0 SFTP implementation causes the tilde character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can...
CVE-2023-27534
A path traversal vulnerability exists in curl 8.0.0 SFTP implementation causes the tilde character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can...
CVE-2023-27534
A path traversal vulnerability exists in curl 8.0.0 SFTP implementation causes the tilde character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can...
CVE-2023-27534
A path traversal vulnerability exists in curl 8.0.0 SFTP implementation causes the tilde character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can...
Path Traversal
curl is vulnerable to Path Traversal. The library supports SFTP transfers with a tilde character as the first path element to denote a path relative to the user's home directory. However, due to a bug, this can be used wrongly when used as a prefix in the first element...
Exposure of home directory through shescape on Unix with Bash
Impact The issue allows for exposure of the home directory on Unix systems when using Bash with the escape or escapeAll functions from the shescape API with the interpolation option set to true. Other tested shells, Dash and Zsh, are not affected. javascript const cp = require"childprocess"; cons...
GHSA-446W-RRM4-R47F Exposure of home directory through shescape on Unix with Bash
Impact The issue allows for exposure of the home directory on Unix systems when using Bash with the escape or escapeAll functions from the shescape API with the interpolation option set to true. Other tested shells, Dash and Zsh, are not affected. javascript const cp = require"childprocess"; cons...
November 11, 2014 update for SharePoint Server 2013 (KB2883055)
November 11, 2014 update for SharePoint Server 2013 KB2883055 This article describes update KB2883055 for Microsoft SharePoint Server 2013 that was released on November 11, 2014. This update has a prerequisite. Fixes and Improvements Fixes the following issue: Assume that you open an Excel workbo...
IIS Short Name Scanner - Scanner For IIS Short File Name Disclosure Vulnerability (using the tilde [~] character)
Scanner for IIS short file name 8.3 disclosure vulnerability by using the tilde character. Description Microsoft IIS contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered during the parsing of a request that contains a tilde character . This may allow a...
IIS Short File/Folder Name Disclosure
No description provided by source. PoC: http://www.exploit-db.com/sploits/19525.zip Paper: http://www.exploit-db.com/downloadpdf/19527 Security Research - IIS Short File/Folder Name Disclosure Website : http://soroush.secproject.com/blog/ I. BACKGROUND --------------------- IIS is a web server...
.Net Framework Tilde Character DoS - Sorry, exploit-db link corrected
Link: http://soroush.secproject.com/downloadable/iistildedos.txt Exploit-db link: www.exploit-db.com/exploits/19575 ---------------------------- Security Research - .Net Framework Tilde Character DoS Website : http://soroush.secproject.com/blog/ I. BACKGROUND --------------------- "The .NET...
.NET Framework - Tilde Character Denial of Service
.NET Framework - Tilde Character Denial of Service Paper: http://www.exploit-db.com/docs/19527.pdf Security Research - .Net Framework Tilde Character DoS Website : http://soroush.secproject.com/blog/ I. BACKGROUND --------------------- "The .NET Framework is a software framework developed by...
Microsoft IIS - Short File/Folder Name Disclosure
PoC: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/19525.zip Paper: http://www.exploit-db.com/docs/19527.pdf Security Research - IIS Short File/Folder Name Disclosure Website : http://soroush.secproject.com/blog/ I. BACKGROUND --------------------- "IIS is a web...