CVE-2022-50351

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix xid leak in cifscreate If the cifs already shutdown, we should free the xid before return, otherwise, the xid will be leaked...

Linux Distros Unpatched Vulnerability : CVE-2022-22936

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Job publishes and file server replies are susceptible to replay attacks,...

Rejetto HTTP File Server 2.3x < 2.3c RCE

The version of Rejetto HTTP File Server installed on the remote host is 2.3x prior to 2.3c. It is, therefore, affected by a remote code execution vulnerability. The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server aks HFS or HttpFileServer 2.3x before 2.3c allows remote...

CVE-2025-9654

A security flaw has been discovered in AiondaDotCom mcp-ssh up to 1.0.3. Affected by this issue is some unknown functionality of the file server-simple.mjs. Performing manipulation results in command injection. The attack can be initiated remotely. Upgrading to version 1.0.4 and 1.1.0 can resolve...

CVE-2025-9654

CVE-2025-9654 affects the AiondaDotCom mcp-ssh package (up to 1.0.3) with a vulnerability in the file server-simple.mjs that allows remote command injection via manipulated input. The root cause is improper handling in the server-simple.mjs path that enables execution of system commands through u...

MCP SSH Agent 安全漏洞

MCP SSH Agent is an open source Model Context Protocol server for managing and controlling SSH connections from Aionda GmbH. A security vulnerability exists in MCP SSH Agent version 1.0.3 and earlier, which stems from a command injection in the file server-simple.mjs...

Exploit for External Control of File Name or Path in Microsoft

CVE-2025-33053 POC Exploit Overview The working director...

CVE-2010-20049

LeapFTP 3.1.x contains a stack-based buffer overflow vulnerability in its FTP client parser. When the client receives a directory listing containing a filename longer than 528 bytes, the application fails to properly bound-check the input and overwrites the Structured Exception Handler SEH chain...

Linux Distros Unpatched Vulnerability : CVE-2023-32253

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the Linux kernel's ksmbd component. A deadlock is triggered by sending multiple concurrent session setup requests, possibly leading to a...

CVE-2025-38567 nfsd: avoid ref leak in nfsd_open_local_fh()

In the Linux kernel, the following vulnerability has been resolved: nfsd: avoid ref leak in nfsdopenlocalfh If two calls to nfsdopenlocalfh race and both successfully call nfsdfileacquirelocal, they will both get an extra reference to the net to accompany the file reference stored in pnf. One of...

Microsoft Windows 10.0.19045 - NTLMv2 Hash Disclosure

Exploit Title: Microsoft Windows 10.0.19045 - NTLMv2 Hash Disclosure Date: 13/08/2025 Exploit Author: Ruben Enkaoua Author link: https://x.com/RubenLabs, https://github.com/rubenformation Original Blog: https://cymulate.com/blog/zero-click-one-ntlm-microsoft-security-patch-bypass-cve-2025-50154/...

CVE-2011-10010 QuickShare File Server 1.2.1 Path Traversal RCE

QuickShare File Server 1.2.1 contains a path traversal vulnerability in its FTP service due to improper sanitation of user-supplied file paths. Authenticated users can exploit this flaw by submitting crafted sequences to access or write files outside the intended virtual directory. When the...

CVE-2011-10010 QuickShare File Server 1.2.1 Path Traversal RCE

QuickShare File Server 1.2.1 contains a path traversal vulnerability in its FTP service due to improper sanitation of user-supplied file paths. Authenticated users can exploit this flaw by submitting crafted sequences to access or write files outside the intended virtual directory. When the...

CVE-2011-10010

QuickShare File Server 1.2.1 contains a path traversal vulnerability in its FTP service due to improper sanitation of user-supplied file paths. Authenticated users can exploit this flaw by submitting crafted sequences to access or write files outside the intended virtual directory. When the...

PT-2025-33079 · Unknown · Quickshare File Server

Name of the Vulnerable Software and Affected Versions: QuickShare File Server version 1.2.1 Description: QuickShare File Server version 1.2.1 contains a path traversal vulnerability in its FTP service due to improper sanitation of user-supplied file paths. Authenticated users can exploit this fla...

QuickShare File Server 安全漏洞

QuickShare File Server is a file sharing server software from QuickShare, Inc. A security vulnerability exists in QuickShare File Server version 1.2.1, which stems from an improperly cleaned path to user-supplied files by the FTP service, which could lead to a path traversal attack...

Rejetto HTTP File Server < 2.3c Remote Code Execution

Rejetto HTTP File Server versions prior to 2.3c, is vulnerable to a remote code execution. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. No source data...

CVE-2025-54796

Copyparty is a portable file server. Versions prior to 1.18.9, the filter parameter for the "Recent Uploads" page allows arbitrary RegExes. If this feature is enabled which is the default, an attacker can craft a filter which deadlocks the server. This is fixed in version 1.18.9...

CVE-2025-54589

Copyparty is a portable file server. In versions 1.18.6 and below, when accessing the recent uploads page at /?ru, users can filter the results using an input field at the top. This field appends a filter parameter to the URL, which reflects its value directly into a...

CVE-2025-54796 Copyparty is vulnerable to Regex Denial of Service (ReDoS) attacks through "Recent Uploads" page

Copyparty is a portable file server. Versions prior to 1.18.9, the filter parameter for the "Recent Uploads" page allows arbitrary RegExes. If this feature is enabled which is the default, an attacker can craft a filter which deadlocks the server. This is fixed in version 1.18.9...