GHSA-WQP7-X3PW-XC5R Starlette: SSRF and NTLM credential theft via UNC paths in StaticFiles on Windows

Summary When serving static files on Windows, StaticFiles resolves the requested path with os.path.realpath. If a UNC path such as \attacker.com\share reaches the resolver, realpath causes the process to open a connection to the remote host over SMB port 445. This is a server-side request forgery...

PT-2024-9749

Name of the Vulnerable Software and Affected Versions systeminformation versions prior to 5.23.7 Description The issue is related to the getWindowsIEEE8021x function in the systeminformation library for node.js, where SSIDs are not sanitized before being passed as a parameter to cmd.exe. This...

ACC/Ericsson Tigris Accounting Failure

The Tigris is a high-density router/remote-access platform, currently a product of Ericsson, more information on it can be found at: http://www.ericsson.com/datacom/products/wanaccess/tigris/index.shtml There appears to be a bug in the Tigris operating system software that causes Radius accountin...