Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static files.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-29970
https://github.com/sinatra/sinatra/pull/1683/commits/462c3ca1db53ed3cfc394cf5948e9c9…
Snipe-IT is a free, open-source IT asset/license management systemIn Snipe-IT, versions v3.0-alpha to v5.3.7 are vulnerable to Host Header Injection. By sending a specially crafted host header in the reset password request, it is possible to send passw…
ShopXO v2.2.5 and below was discovered to contain a system re-install vulnerability via the Add function in app/install/controller/Index.php.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-28056
https://github.com/gongfuxiang/shopxo/issues/66
ht…
Impact
This vulnerability affects customers who utilize non-admin users that are able to create or edit Global Roles. The most common use case for this scenario is the restricted-admin role.
A flaw was discovered in Rancher versions from 2.5.0 up to an…
Impact
This issue only happens when the user configures access credentials to a private repository in Rancher inside Apps & Marketplace > Repositories. It affects Rancher versions 2.5.0 up to and including 2.5.11 and from 2.6.0 up to and includi…
Impact
This vulnerability only affects customers using the restricted-admin role in Rancher. For this role to be active, Rancher must be bootstrapped with the environment variable CATTLE_RESTRICTED_DEFAULT_ADMIN=true or the configuration flag restricte…
Cross-site scripting (XSS) vulnerability in Sun Java Server Faces (JSF) 1.2 before 1.2_08 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
References
https://nvd.nist.gov/vuln/detail/CVE-2008-1285
https://bugzilla.re…
The ftp_PORT function in FTPServer.py in pyftpdlib before 0.2.0 does not prevent TCP connections to privileged ports if the destination IP address matches the source IP address of the connection from the FTP client, which might allow remote authenticat…
The ftp_STOU function in FTPServer.py in pyftpdlib before 0.2.0 does not limit the number of attempts to discover a unique filename, which might allow remote authenticated users to cause a denial of service via a STOU command.
References
https://nvd.n…
Python FTP server library provides a high-level portable interface to easily write very efficient, scalable and asynchronous FTP servers with Python. Multiple directory traversal vulnerabilities in FTPServer.py in pyftpdlib before 0.2.0 allow remote au…
