584 matches found
RUSTSEC-2022-0082 Improper validation of Windows paths could lead to directory traversal attack
Path resolution in warp::filters::fs::dir didn't correctly validate Windows paths meaning paths like /foo/bar/c:/windows/web/screen/img101.png would be allowed and respond with the contents of c:/windows/web/screen/img101.png. Thus users could potentially read files anywhere on the filesystem. Th...
Improper validation of Windows paths could lead to directory traversal attack
Path resolution in warp::filters::fs::dir didn't correctly validate Windows paths meaning paths like /foo/bar/c:/windows/web/screen/img101.png would be allowed and respond with the contents of c:/windows/web/screen/img101.png. Thus users could potentially read files anywhere on the filesystem. Th...
VulnCheck KEV: CVE-2021-27860
A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software allows a remote, unauthenticated attacker to upload a file to any location on the filesystem...
FatPipe WARP, IPVPN, and MPVPN Configuration Upload exploit
A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software allows a remote, unauthenticated attacker to upload a file to any location on the filesystem...
FatPipe WARP, IPVPN and MPVPN authorization vulnerabilities
FatPipe is a WAN redundancy technology from FatPipe USA that provides companies with automated and dynamic failover due to a WAN component or service failure that results in a data line connection outage.A security vulnerability exists in FatPipe WARP, IPVPN and MPVPN that stems from a lack of...
FatPipe WARP, IPVPN and MPVPN have unspecified vulnerabilities (CNVD-2021-101931)
FatPipe is a WAN redundancy technology from FatPipe USA that provides companies with automated and dynamic failover as a result of a WAN component or service failure resulting in a data line connection outage.FatPipe WARP, IPVPN and MPVPN have a security vulnerability that could be exploited by a...
GHSA-GJRJ-9RJ4-PGWX DoS Vulnerability from Upstream Actix Web Issues
Impact This vulnerability affects all users of the perseus deploy functionality who have not exported their sites to static files. If you are using the inbuilt Perseus server in production, there is a memory leak in Actix Web stemming from this upstream issue which can allow even a single user to...
CVE-2021-27856
FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 includes an account named "cmuser" that has administrative privileges and no password. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA002...
CVE-2021-27859
A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows an authenticated, remote attacker with read-only privileges to create an account with administrative privileges. Older versions of...
CVE-2021-27855
FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote, authenticated attacker with read-only privileges to grant themselves administrative privileges. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this...
CVE-2021-27855
FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote, authenticated attacker with read-only privileges to grant themselves administrative privileges. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this...
Design/Logic Flaw
FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote, authenticated attacker with read-only privileges to grant themselves administrative privileges. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this...
Authorization
A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows an authenticated, remote attacker with read-only privileges to create an account with administrative privileges. Older versions of...
Authorization
A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote attacker to access at least the URL "/fpui/jsp/index.jsp" leading to unknown impact, presumably some violation of...
CVE-2021-27859
CVE-2021-27859 (FatPipe WARP/IPVPN/MPVPN) is a missing authorization vulnerability in the web management interface that allows an authenticated, read-only user to create an administrative account. Affected versions are FatPipe software prior to 10.1.2r60p91 and 10.2.2 prior to r42; older FatPipe ...
CVE-2021-27857
CVE-2021-27857 describes a missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN. Before versions 10.1.2r60p91 and 10.2.2r42, remote unauthenticated attackers can download a configuration archive, with the hostname used as part of the file name. Old...
CVE-2021-27855
CVE-2021-27855 affects FatPipe WARP/IPVPN/MPVPN software prior to 10.1.2r60p91 and 10.2.2r42. The vulnerability allows a remote, authenticated user with read-only privileges to elevate to administrative privileges via a privileged action (HTTP/JSON parameter manipulation). Affected versions inclu...
CVE-2021-27856
CVE-2021-27856 affects FatPipe WARP/IPVPN/MPVPN software prior to 10.1.2r60p91 and 10.2.2r42. A backdoor admin account named “cmuser” exists with no password, enabling unauthenticated administrative access and potential full device compromise. Connected sources consistently describe the issue as ...
FatPipe 安全漏洞
FatPipe is a WAN redundancy technology from FatPipe USA that provides companies with automated and dynamic failover due to the failure of a WAN component or service resulting in the loss of data line connectivity.A security vulnerability exists in FatPipe WARP, IPVPN and MPVPN, which stems from t...
CVE-2021-27860
A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p92 and 10.2.2r44p1 allows a remote, unauthenticated attacker to upload a file to any location on the filesystem. The FatPipe advisory identifier for this vulnerability is FPSA006...