PT-2024-33487 · Misskey · Misskey

Name of the Vulnerable Software and Affected Versions: Misskey versions 2024.10.1 or earlier Description: Misskey is an open source, federated social media platform. In affected versions, the FileServerService media proxy did not detect proxy loops, allowing remote actors to execute a...

Exploit for Code Injection in Rejetto Http_File_Server

CVE-2024-23692-poc CVE-2024-23692 is a template injection vu...

CVE-2024-52793

The CVE affects the Deno Standard Library, specifically http/file-server.serveDir with showDirListing: true on POSIX systems, where file names controlled by an attacker can trigger cross-site scripting. Versions prior to 1.0.11 are affected; 1.0.11 fixes the issue. Exploitation is documented as p...

CVE-2024-52793 XSS vulnerability in serveDir API of @std/http/file-server on POSIX systems

The Deno Standard Library provides APIs for Deno and the Web. Prior to version 1.0.11, http/file-server's serveDir with showDirListing: true option is vulnerable to cross-site scripting when the attacker is a user who can control file names in the source directory on systems with POSIX file names...

PT-2024-35445 · Deno · Deno Standard Library

Name of the Vulnerable Software and Affected Versions: Deno Standard Library versions prior to 1.0.11 Description: The issue affects the Deno Standard Library, specifically the http/file-server module's serveDir function when used with the showDirListing: true option. This setup is vulnerable to...

Arbitrary File Read

Gradio is vulnerable to Arbitrary File Read. The vulnerability is due to improper handling of File or UploadButton components, allowing attackers to read arbitrary files from the application server...

Rejetto HTTP File Server 2.x <= 2.3m RCE (CVE-2024-23692) (direct check)

Binary data rejettohfsrceCVE-2024-23692.nbin...

OpenAFS 安全漏洞

OpenAFS is an OpenAFS open source set of distributed file systems. It allows files and resources to be shared between systems over LANs and WANs. A security vulnerability exists in OpenAFS, which stems from the fact that an authenticated user can provide an incorrectly formatted ACL to a file...

Rejetto HTTP File Server 2.x <= 2.3m RCE (CVE-2024-23692)

The version of Rejetto HTTP File Server installed on the remote host is 2.x up to 2.3m. It is, therefore, affected by a vulnerability: - Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote,...

WPAD.dat File Server

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WPAD.dat File Server', 'Description' = %q This module generates a valid wpad.dat file for WPAD mitm attacks. Usually this module is used in...

Rejetto HTTP File Server (HFS) Service Detection

Binary data rejettohttpfileserverdetect.nbin...

kernel: NFSD: Fix NFSv3 SETATTR/CREATE&#39;s handling of large file sizes

A vulnerability was found in the Linux kernel's NFSD, specifically in the handling of large file sizes during NFSv3 SETATTR and CREATE operations. The iasize field, being a signed 64-bit type, can lead to unexpected behavior when clients send size values larger than the maximum allowed. This...

SUSE CVE-2024-42256

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix server re-repick on subrequest retry When a subrequest is marked for needing retry, netfs will call cifspreparewrite which will make cifs repick the server for the op before renegotiating credits; it then calls...

Ukrainian Institutions Targeted Using HATVIBE and CHERRYSPY Malware

The Computer Emergency Response Team of Ukraine CERT-UA has alerted of a spear-phishing campaign that targeted a scientific research institution in the country with malware known as HATVIBE and CHERRYSPY. The agency attributed the attack to a threat actor it tracks under the name UAC-0063, which...

Rejetto HTTP File Server template injection

Added: 07/10/2024 Background Rejetto HTTP File Server is a web-based file system application. Problem A template injection vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted GET request. Resolution Upgrade to a version higher than HTTP File Server H...

Rejetto HTTP File Server template injection

Added: 07/10/2024 Background Rejetto HTTP File Server is a web-based file system application. Problem A template injection vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted GET request. Resolution Upgrade to a version higher than HTTP File Server H...

[SECURITY] Fedora 40 Update: netatalk-3.2.1-1.fc40

Netatalk is a freely-available Open Source AFP file server. A NIX/BSD system running Netatalk is capable of serving many Macintosh clients simultaneously as an AppleShare file server AFP...

Rejetto HTTP File Server Improper Neutralization of Special Elements Used in a Template Engine Vulnerability

Rejetto HTTP File Server contains an improper neutralization of special elements used in a template engine vulnerability. This allows a remote, unauthenticated attacker to execute commands on the affected system by sending a specially crafted HTTP request...

CVE-2024-39943

rejetto HFS aka HTTP File Server 3 before 0.52.10 on Linux, UNIX, and macOS allows OS command execution by remote authenticated users if they have Upload permissions. This occurs because a shell is used to execute df i.e., with execSync instead of spawnSync in childprocess in Node.js...

Microsoft Uncovers Critical Flaws in Rockwell Automation PanelView Plus

Microsoft has revealed two security flaws in Rockwell Automation PanelView Plus that could be weaponized by remote, unauthenticated attackers to execute arbitrary code and trigger a denial-of-service DoS condition. "The remote code execution vulnerability in PanelView Plus involves two custom...