850 matches found
CVE-2021-36370
An issue was discovered in Midnight Commander through 4.8.26. When establishing an SFTP connection, the fingerprint of the server is neither checked nor displayed. As a result, a user connects to the server without the ability to verify its authenticity...
CVE-2021-36370
CVE-2021-36370 affects Midnight Commander (mc) up to version 4.8.26, where the SFTP fingerprint of the server is neither checked nor displayed, preventing verification of server authenticity. Reported across multiple advisories (e.g., ALAS-2023-2147 for Amazon Linux 2 and openSUSE/SUSE advisories...
GNU Midnight Commander 授权问题漏洞
GNU Midnight Commander is a visual file manager. A security vulnerability exists in Midnight Commander that stems from the fact that starting with version 4.8.26, the server's fingerprint is neither checked nor displayed when Midnight Commander establishes an SFTP connection. An attacker could us...
CVE-2021-33211
A Directory Traversal vulnerability in the Unzip feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to write files to arbitrary directories via relative paths in ZIP archives...
CVE-2021-33212
A Cross-site scripting XSS vulnerability in the "View in Browser" feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted SVG image...
CVE-2021-33213
An SSRF vulnerability in the "Upload from URL" feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to retrieve HTTP and FTP files from the internal server network by inserting an internal address...
CVE-2021-33212
A Cross-site scripting XSS vulnerability in the "View in Browser" feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted SVG image...
CVE-2021-33213
An SSRF vulnerability in the "Upload from URL" feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to retrieve HTTP and FTP files from the internal server network by inserting an internal address...
Server side request forgery (ssrf)
An SSRF vulnerability in the "Upload from URL" feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to retrieve HTTP and FTP files from the internal server network by inserting an internal address...
Cross site scripting
A Cross-site scripting XSS vulnerability in the "View in Browser" feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted SVG image...
Directory traversal
A Directory Traversal vulnerability in the Unzip feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to write files to arbitrary directories via relative paths in ZIP archives...
CVE-2021-33211
CVE-2021-33211 affects Elements-IT HTTP Commander 5.3.3, due to a path traversal flaw in the Unzip feature. The vulnerability allows remote authenticated users to write files to arbitrary directories by supplying relative paths inside ZIP archives, enabling potential data impact beyond the intend...
CVE-2021-33212
A Cross-site scripting XSS vulnerability in the "View in Browser" feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted SVG image...
CVE-2021-33212
Elements-IT HTTP Commander 5.3.3 contains a cross-site scripting (XSS) flaw in the "View in Browser"/"Browser View" feature. A remote authenticated user can inject arbitrary script/HTML through a crafted SVG image. Documented impact is XSS with partial integrity impact; no patch/version remediati...
CVE-2021-33213
The CVE-2021-33213 entry documents an SSRF in Elements-IT HTTP Commander 5.3.3, specifically in the Upload from URL feature. When authenticated, an attacker can supply an internal address to retrieve HTTP/FTP resources from the internal network, exposing internal resources. Root cause: SSRF in th...
CVE-2021-33213
An SSRF vulnerability in the "Upload from URL" feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to retrieve HTTP and FTP files from the internal server network by inserting an internal address...
Elements-IT HTTP Commander 路径遍历漏洞
Elements-IT HTTP Commander is a server-hosted, web-based file management solution from Elements-IT Germany. It provides basic functionality for working with files creating, copying, deleting, etc. and many other additional features, such as integration with cloud services, online editing of Offic...
Elements-IT HTTP Commander 跨站脚本漏洞
Elements-IT HTTP Commander is a server-hosted, web-based file management solution from Elements-IT Germany. It provides basic functionality for working with files creating, copying, deleting, etc. and many other additional features, such as integration with cloud services, online editing of Offic...
CVE-2020-2318
Jenkins Mail Commander Plugin for Jenkins-ci Plugin 1.0.0 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...
CVE-2020-2318
Jenkins Mail Commander Plugin for Jenkins-ci Plugin 1.0.0 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...