6 matches found
CVE-2025-34171 CasaOS <= 0.4.15 Unauthenticated File and Debug Data Exposure
CasaOS versions up to and including 0.4.15 expose multiple unauthenticated endpoints that allow remote attackers to retrieve sensitive configuration files and system debug information. The /v1/users/image endpoint can be abused with a user-controlled path parameter to access files under...
CVE-2024-42007
SPX aka php-spx through 0.4.15 allows SPXUIURI Directory Traversal to read arbitrary files...
PT-2024-29686 · Spx · Spx
Name of the Vulnerable Software and Affected Versions: SPX aka php-spx versions 0.4.15 and earlier Description: The issue allows for SPX UI URI Directory Traversal, enabling the reading of arbitrary files. Recommendations: For SPX aka php-spx versions 0.4.15 and earlier, consider restricting acce...
CVE-2020-25219 affecting package libproxy for versions less than 0.4.15-20
CVE-2020-25219 affecting package libproxy for versions less than 0.4.15-20. A patched version of the package is available...
UBUNTU-CVE-2020-26154
url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is delivered without a Content-length header...
AZL-7270 CVE-2020-25219 affecting package libproxy for versions less than 0.4.15-20
url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. This leads to stack exhaustion...