23 matches found
CVE-2021-33896
Dino before 0.1.2 and 0.2.x before 0.2.1 allows Directory Traversal only for creation of new files via URI-encoded path separators...
EUVD-2006-5035
Malware in sbrugna...
EUVD-2021-20569
Malware in sbrugna...
MGASA-2021-0401 Updated dino packages fix security vulnerability
Updated dino packages fix security vulnerability: Dino before 0.1.2 and 0.2.x before 0.2.1 allows Directory Traversal only for creation of new files via URI-encoded path separators CVE-2021-33896...
[ASA-202107-35] dino: directory traversal
Arch Linux Security Advisory ASA-202107-35 ========================================== Severity: Medium Date : 2021-07-20 CVE-ID : CVE-2021-33896 Package : dino Type : directory traversal Remote : Yes Link : https://security.archlinux.org/AVG-2043 Summary ======= The package dino before version...
Dino Path Traversal Vulnerability
Dino is an open source chat client application for desktop from the Dino DINO team. Dino suffers from a path traversal vulnerability that stems from Dino prior to 0.1.2 and 0.2 failing to properly filter for special elements in the path of a resource or file. An attacker could use this...
FreeBSD : dino -- Path traversal in Dino file transfers (fc1bcbca-c88b-11eb-9120-f02f74d0e4bd)
Dino team reports : It was discovered that when a user receives and downloads a file in Dino, URI-encoded path separators in the file name will be decoded, allowing an attacker to traverse directories and create arbitrary files in the context of the user. %NASLMINLEVEL 70300 C Tenable Network...
Directory Traversal
Dino is vulnerable to Directory Traversal only for creation of new files via URI-encoded path separators...
CVE-2021-33896
Dino before 0.1.2 and 0.2.x before 0.2.1 allows Directory Traversal only for creation of new files via URI-encoded path separators...
CVE-2021-33896
Dino before 0.1.2 and 0.2.x before 0.2.1 allows Directory Traversal only for creation of new files via URI-encoded path separators...
Directory traversal
Dino before 0.1.2 and 0.2.x before 0.2.1 allows Directory Traversal only for creation of new files via URI-encoded path separators...
CVE-2021-33896
Dino before 0.1.2 and 0.2.x before 0.2.1 is vulnerable to directory traversal via URI-encoded path separators when creating new files. The underlying issue allows a remote attacker to create files in arbitrary locations in the context of the user, by tricking them into downloading a crafted file ...
CVE-2021-33896
Dino before 0.1.2 and 0.2.x before 0.2.1 allows Directory Traversal only for creation of new files via URI-encoded path separators...
CVE-2021-33896
Dino before 0.1.2 and 0.2.x before 0.2.1 allows Directory Traversal only for creation of new files via URI-encoded path separators...
CVE-2021-33896
Dino before 0.1.2 and 0.2.x before 0.2.1 allows Directory Traversal only for creation of new files via URI-encoded path separators...
dino -- Path traversal in Dino file transfers
Dino team reports: It was discovered that when a user receives and downloads a file in Dino, URI-encoded path separators in the file name will be decoded, allowing an attacker to traverse directories and create arbitrary files in the context of the user...
CVE-2021-33896
Dino before 0.1.2 and 0.2.x before 0.2.1 allows Directory Traversal only for creation of new files via URI-encoded path separators...
Dino 路径遍历漏洞
Dino is an open source chat client application for desktop from the Dino DINO team. Dino suffers from a path traversal vulnerability that stems from Dino prior to 0.1.2 and 0.2 failing to properly filter for special elements in the path of a resource or file. An attacker could use this...
GHSA-333X-9VGQ-V2J4 Directory Traversal in geddy
Versions 13.0.8 and earlier of geddy are vulnerable to a directory traversal attack via URI encoded attack vectors. Proof of Concept http://localhost:4000/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc/passwd Recommendation Update geddy to version = 13.0.8...
Directory Traversal
Overview Versions 13.0.8 and earlier of geddy are vulnerable to a directory traversal attack via URI encoded attack vectors. Proof of Concept http://localhost:4000/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc/passwd Recommendation Update geddy to version =...