CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27092 – Path Traversal Vulnerability in GHOSTS Photo Retrieval Endpoint
https://notcve.org/view.php?id=CVE-2025-27092
19 Feb 2025 — GHOSTS is an open source user simulation framework for cyber experimentation, simulation, training, and exercise. A path traversal vulnerability was discovered in GHOSTS version 8.0.0.0 that allows an attacker to access files outside of the intended directory through the photo retrieval endpoint. The vulnerability exists in the /api/npcs/{id}/photo endpoint, which is designed to serve profile photos for NPCs (Non-Player Characters) but fails to properly validate and sanitize file paths. When an NPC is creat... • https://github.com/cmu-sei/GHOSTS/commit/e69827556a52ff813de00e1017c4b62598d2c887 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-31506
https://notcve.org/view.php?id=CVE-2022-31506
11 Jul 2022 — The cmusatyalab/opendiamond repository through 10.1.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. El repositorio cmusatyalab/opendiamond versiones hasta 10.1.1 en GitHub, permite un salto de ruta absoluto porque la función send_file de Flask es usada de forma no segura • https://github.com/cmusatyalab/opendiamond/commit/398049c187ee644beabab44d6fece82251c1ea56 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2014-7723
https://notcve.org/view.php?id=CVE-2014-7723
21 Oct 2014 — The Carnegie Mellon Silicon Valley (aka edu.cmu.sv.mobile) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. La aplicación para Android Carnegie Mellon Silicon Valley (también conocido como edu.cmu.sv.mobile) 0.1 no verifica los certificados X.509 de los servidores SSL, lo que permite a atacantes man-in-the-middle suplantar servidores y obtener información sens... • http://www.kb.cert.org/vuls/id/582497 • CWE-310: Cryptographic Issues •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2014-0027 – Mandriva Linux Security Advisory 2014-032
https://notcve.org/view.php?id=CVE-2014-0027
26 Jan 2014 — The play_wave_from_socket function in audio/auserver.c in Flite 1.4 allows local users to modify arbitrary files via a symlink attack on /tmp/awb.wav. NOTE: some of these details are obtained from third party information. La función play_wave_from_socket en audio/auserver.c en Flite 1.4 permite a usuarios locales modificar archivos de forma arbitraria a través de un ataque simlink en /tmp/awb.wav. NOTA: Algunos de estos detalles fueron obtenidos de información de terceros. The play_wave_from_socket function... • http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127748.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.5EPSS: 2%CPEs: 33EXPL: 1CVE-2013-4122 – Ubuntu Security Notice USN-1988-1
https://notcve.org/view.php?id=CVE-2013-4122
02 Sep 2013 — Cyrus SASL 2.1.23, 2.1.26, and earlier does not properly handle when a NULL value is returned upon an error by the crypt function as implemented in glibc 2.17 and later, which allows remote attackers to cause a denial of service (thread crash and consumption) via (1) an invalid salt or, when FIPS-140 is enabled, a (2) DES or (3) MD5 encrypted password, which triggers a NULL pointer dereference. SASL de Cyrus, 2.1.23, 2.1.26 y anteriores no trabaja correctamente cuando un valor NULL se devuelve a un error de... • http://git.cyrusimap.org/cyrus-sasl/commit/?id=dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 8%CPEs: 40EXPL: 0CVE-2011-3208 – cyrus-imapd: nntpd buffer overflow in split_wildmats()
https://notcve.org/view.php?id=CVE-2011-3208
14 Sep 2011 — Stack-based buffer overflow in the split_wildmats function in nntpd.c in nntpd in Cyrus IMAP Server before 2.3.17 and 2.4.x before 2.4.11 allows remote attackers to execute arbitrary code via a crafted NNTP command. Desbordamiento de búfer basado en la pila en la función split_wildmats en nntpd.c en nntpd en el servidor Cyrus IMAP antes de la verison v2.3.17 y en v2.4.x antes de v2.4.11 permite a atacantes remotos ejecutar código de su elección mediante un comando NNTP debidamente modificado. • http://asg.andrew.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce&msg=199 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 1%CPEs: 40EXPL: 0CVE-2011-3481 – cyrus-imapd: NULL pointer dereference via crafted References header in email
https://notcve.org/view.php?id=CVE-2011-3481
14 Sep 2011 — The index_get_ids function in index.c in imapd in Cyrus IMAP Server before 2.4.11, when server-side threading is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted References header in an e-mail message. La función index_get_ids en index.c en imapd del Servidor Cyrus IMAP antes de la versión v2.4.11, cuando multihilo en elado del servidor está activado, permite a atacantes remotos causar una denegación de servicio (puntero a NULL y caída d... • http://bugzilla.cyrusimap.org/show_bug.cgi?id=2772 • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 4%CPEs: 35EXPL: 0CVE-2011-1926 – cyrus-imapd: STARTTLS plaintext command injection
https://notcve.org/view.php?id=CVE-2011-1926
23 May 2011 — The STARTTLS implementation in Cyrus IMAP Server before 2.4.7 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411. La implementación STARTTLS en Cyrus IMAP Server anterior a v2.4.7 no restringe adecuadamente el búfer de Entrada/Salida, lo que permite ataques "man-in-the-middle" par... • http://bugzilla.cyrusimap.org/show_bug.cgi?id=3423 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2009-2632 – cyrus-imapd: buffer overflow in cyrus sieve
https://notcve.org/view.php?id=CVE-2009-2632
08 Sep 2009 — Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error. Un desbordamiento de búfer en el componente script SIEVE (archivo sieve/script.c), tal y como es ... • http://dovecot.org/list/dovecot-news/2009-September/000135.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 4%CPEs: 2EXPL: 0CVE-2009-0663 – perl-DBD-Pg: pg_getline buffer overflow
https://notcve.org/view.php?id=CVE-2009-0663
30 Apr 2009 — Heap-based buffer overflow in the DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module 1.49 for Perl might allow context-dependent attackers to execute arbitrary code via unspecified input to an application that uses the getline and pg_getline functions to read database rows. Desbordamiento de búfer basado en pila en el módulo DBD::Pg (alias DBD-Pg o libdbd-pg-perl) v1.49 para Perl podría permitir a atacantes, dependiendo del contexto, ejecutar código arbitrario a través de una entrada sin especificar a una aplica... • http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •