2 matches found
Possible arbitrary path traversal and file access via yard server
Impact A path traversal vulnerability was discovered in YARD = 0.9.41 when using yard server to serve documentation. This bug would allow unsanitized HTTP requests to access arbitrary files on the machine of a yard server host under certain conditions. The original patch in GHSA-xfhh-rx56-rxcr wa...
[Full-Disclosure] WebCalendar Include File
Webcalendar 0.9.41 and below. http://webcalendar.sourceforge.net/ Since this appears to be public info now. Problem: http://sourceforge.net/forum/forum.php?threadid=901234&forumid=11588 Exploit: http://www.some.host/webcalendar/filename.php?userinc=../../../../../etc/passwd - nocon...