Page 14 of 71 results (0.013 seconds)

CVSS: 5.8EPSS: 0%CPEs: 3EXPL: 0

Absolute path traversal vulnerability in curl 7.20.0 through 7.21.1, when the --remote-header-name or -J option is used, allows remote servers to create or overwrite arbitrary files by using \ (backslash) as a separator of path components within the Content-disposition HTTP header. Vulnerabilidad de salto de directorio absoluto en curl v7.20.0 hasta v7.21.1, cuando se utiliza la opción --remote-header-name o -J, permite a los servidores remotos crear o sobreescribir archivos arbitrarios mediante el uso de \ (barra invertida) como un separador de componentes de la ruta dentro de la cabecera HTTP Content-disposition. • http://curl.haxx.se/docs/adv_20101013.html http://secunia.com/advisories/39532 http://securitytracker.com/id?1024583 http://www.openwall.com/lists/oss-security/2010/10/13/1 http://www.openwall.com/lists/oss-security/2010/10/13/4 http://www.openwall.com/lists/oss-security/2010/10/13/5 https://bugzilla.redhat.com/show_bug.cgi?id=642642 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.8EPSS: 0%CPEs: 80EXPL: 2

The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to (1) trigger arbitrary requests to intranet servers, (2) read or overwrite arbitrary files via a redirect to a file: URL, or (3) execute arbitrary commands via a redirect to an scp: URL. La implementación de redirección en curl y libcurl v5.11 hasta v7.19.3, cuando CURLOPT_FOLLOWLOCATION esta activado, acepta valores de localización a elección del usuario, lo que permite a servidores HTTP remotos (1)iniciar peticiones arbitrarias a servidores de red interna, (2) leer o sobreescribir ficheros arbitrariamente a través de una redirección a un fichero: URL, o (3) ejecutar comando arbitrariamente a través de una redirección a un scp: URL. libcURL suffers from an arbitrary file access and creation vulnerability. • https://www.exploit-db.com/exploits/32834 http://curl.haxx.se/docs/adv_20090303.html http://curl.haxx.se/lxr/source/CHANGES http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html http://lists.vmware.com/pipermail/security-announce/2009/000060.html http://secunia.com/advisories/34138 http://secunia.com/advisories/34202 http://secunia.com/advisories/34237 http://secunia.com/advisories&# • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 7.5EPSS: 3%CPEs: 3EXPL: 0

Heap-based buffer overflow in cURL and libcURL 7.15.0 through 7.15.2 allows remote attackers to execute arbitrary commands via a TFTP URL (tftp://) with a valid hostname and a long path. • http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1326.html http://curl.haxx.se/docs/adv_20060320.html http://secunia.com/advisories/19271 http://secunia.com/advisories/19335 http://secunia.com/advisories/19344 http://secunia.com/advisories/19371 http://www.gentoo.org/security/en/glsa/glsa-200603-19.xml http://www.osvdb.org/23982 http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00048.html http://www.securityfocus.com/bid/17154 http://www •

CVSS: 4.6EPSS: 0%CPEs: 11EXPL: 0

Multiple off-by-one errors in the cURL library (libcurl) 7.11.2 through 7.15.0 allow local users to trigger a buffer overflow and cause a denial of service or bypass PHP security restrictions via certain URLs that (1) are malformed in a way that prevents a terminating null byte from being added to either a hostname or path buffer, or (2) contain a "?" separator in the hostname portion, which causes a "/" to be prepended to the resulting string. • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.16/SCOSA-2006.16.txt http://curl.haxx.se/docs/adv_20051207.html http://docs.info.apple.com/article.html?artnum=307562 http://lists.apple.com/archives/security-announce/2006/May/msg00003.html http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://qa.openoffice.org/issues/show_bug.cgi?id=59032 http://secunia.com/advisories/17907 http://secunia.com/advisories/17960 http://secunia.com/advisories/17961& • CWE-189: Numeric Errors •

CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0

Stack-based buffer overflow in the ntlm_output function in http-ntlm.c for (1) wget 1.10, (2) curl 7.13.2, and (3) libcurl 7.13.2, and other products that use libcurl, when NTLM authentication is enabled, allows remote servers to execute arbitrary code via a long NTLM username. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.10/SCOSA-2006.10.txt http://docs.info.apple.com/article.html?artnum=302847 http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html http://secunia.com/advisories/17192 http://secunia.com/advisories/17193 http://secunia.com/advisories/17203 http://secunia.com/advisories/17208 http://secunia.com/advisories/17228 http://secunia.com/advisories/17247 http://secunia.com/advisories/17297 http://secunia.com/adviso • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •