Author: Cyberthreat Blog

Chef Software’s mixlib-archive versions 0.3.0 and older are vulnerable to a directory traversal attack allowing attackers to overwrite arbitrary files by using “..” in tar archive entries

SYN Flood or FIN Flood attack in ECos 1 and other versions embedded devices results in web Authentication Bypass. “eCos Embedded Web Servers used by Multiple Routers and Home devices, while sending SYN Flood or FIN Flood...

Koozali Foundation SME Server versions 8.x, 9.x, 10.x are vulnerable to an open URL redirect vulnerability in the user web login function resulting in unauthorized account access.

Chyrp Lite version 2016.04 is vulnerable to a CSRF in the user settings function allowing attackers to hijack the authentication of logged in users to modify account information, including their password.

Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Traversal vulnerability, that can be exploited by issuing a specially crafted HTTP GET request.