1173 matches found
SQL Injection Vulnerability in File Server Configuration Management System of UFIDA Network Technology Co.
Founded in 1988, UFIDA is a global provider of advanced cloud services, software, and financial services for enterprises and public organizations. A SQL injection vulnerability exists in the File Server Configuration Management System of UFIDA Network Technology Co., Ltd. that can be exploited by...
Vulnerabilities fixed in xen
Vulnerabilities have been fixed in xen. The vulnerabilities allow a malicious party the ability to launch a Denial-of-Service on the host system. The malicious party is able to obtain system data. -= SUSE =- SUSE has made updates available to fix the vulnerabilities in SUSE 12 and 15. fixes in SU...
Trojan.Win32.Sharer.h Buffer Overflow / Denial Of Service / Heap Corruption
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/9f80c3b1e7f5f6f7d0c8aea25fe83551C.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan.Win32.Sharer.h Vulnerability: Known Vulnerable Component - Heap Corruption Description:...
Microsoft Windows Folder Redirection Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists in Microsoft Windows when Folder redirection has been enabled via Group Policy. When folder redirection file server is co-located with Terminal server, an attacker who successfully exploited the vulnerability would be able to begin redirecting anothe...
HFS (HTTP File Server) 2.3.x - Remote Command Execution (3)
Exploit Title: HFS HTTP File Server 2.3.x - Remote Command Execution 3 Google Dork: intext:"httpfileserver 2.3" Date: 20/02/2021 Exploit Author: Pergyz Vendor Homepage: http://www.rejetto.com/hfs/ Software Link: https://sourceforge.net/projects/hfs/ Version: 2.3.x Tested on: Microsoft Windows...
HFS (HTTP File Server) 2.3.x Remote Code Execution
Exploit Title: HFS HTTP File Server 2.3.x - Remote Command Execution 3 Google Dork: intext:"httpfileserver 2.3" Date: 20/02/2021 Exploit Author: Pergyz Vendor Homepage: http://www.rejetto.com/hfs/ Software Link: https://sourceforge.net/projects/hfs/ Version: 2.3.x Tested on: Microsoft Windows...
HFS Http File Server 2.3.x - Remote Command Execution Exploit (3)
Exploit Title: HFS HTTP File Server 2.3.x - Remote Command Execution 3 Google Dork: intext:"httpfileserver 2.3" Exploit Author: Pergyz Vendor Homepage: http://www.rejetto.com/hfs/ Software Link: https://sourceforge.net/projects/hfs/ Version: 2.3.x Tested on: Microsoft Windows Server 2012 R2...
SolarWinds Serv-U File Server Cross-Site Scripting Vulnerability (CNVD-2021-14808)
Solarwinds SolarWinds Serv-U File Server is a file transfer server from SolarWinds USA. A cross-site scripting vulnerability exists in SolarWinds Serv-U File Server before 15.2.2, which stems from a WEB application lacking proper authentication of client data. An authenticated attacker could...
SolarWinds Serv-U File Server Security Vulnerability
Solarwinds SolarWinds Serv-U File Server is a file transfer server from SolarWinds USA. A security vulnerability exists in SolarWinds Serv-U File Server before 15.2.2 that allows unauthenticated macro injection...
SolarWinds Serv-U File Server 跨站脚本漏洞
Solarwinds SolarWinds Serv-U File Server is a file transfer server from SolarWinds USA. A cross-site scripting vulnerability exists in SolarWinds Serv-U File Server before 15.2.2, which stems from a WEB application lacking proper authentication of client data. An authenticated attacker could...
Design/Logic Flaw
OAuth2 Proxy is an open-source reverse proxy and static file server that provides authentication using Providers Google, GitHub, and others to validate accounts by email, domain or group. In OAuth2 Proxy before version 7.0.0, for users that use the whitelist domain feature, a domain that ended in...
CVE-2021-21291
CVE-2021-21291: OAuth2 Proxy (open-source reverse proxy) before v7.0.0 had a vulnerability in the whitelist-domain feature where a domain matched for redirects could be broader than intended (e.g., .example.com could match example.com and badexample.com). This could allow unintended redirects. Im...
CVE-2020-36164
An issue was discovered in Veritas Enterprise Vault through 14.0. On start-up, it loads the OpenSSL library. The OpenSSL library then attempts to load the openssl.cnf configuration file which does not exist at the following locations in both the System drive typically C:\ and the product's...
CVE-2020-36164
An issue was discovered in Veritas Enterprise Vault through 14.0. On start-up, it loads the OpenSSL library. The OpenSSL library then attempts to load the openssl.cnf configuration file which does not exist at the following locations in both the System drive typically C:\ and the product's...
WinSCP Buffer Overflow Vulnerability
WinSCP is a free open source SFTP, FTP, WebDAV, Amazon S3 and SCP client for Microsoft Windows. A buffer overflow vulnerability exists in WinSCP 5.17.8. An attacker can exploit this vulnerability to cause a denial of service via a malicious FTP server via a long filename...
Unauthenticated domain takeover via netlogon ("ZeroLogon")
Description The following applies to Samba used as domain controller only most seriously the Active Directory DC, but also the classic/NT4-style DC. Installations running Samba as a file server only are not directly affected by this flaw, though they may need configuration changes to continue to...
GHSA-44G9-W23C-5RW7 Directory Traversal in nhouston
All versions of the static file server module nhouston are vulnerable to directory traversal. An attacker can provide input such as ../ to read files outside of the served directory. Recommendation It is recommended that a different module be used, as we have been unable to reacher the maintainer...
Directory Traversal in nhouston
All versions of the static file server module nhouston are vulnerable to directory traversal. An attacker can provide input such as ../ to read files outside of the served directory. Recommendation It is recommended that a different module be used, as we have been unable to reacher the maintainer...
CVE-2020-1517
An elevation of privilege vulnerability exists when the Windows File Server Resource Management Service improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to...
CVE-2020-1518
An elevation of privilege vulnerability exists when the Windows File Server Resource Management Service improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to...