CVE-2019-5447

A path traversal vulnerability in = v0.2.6 of http-file-server npm module allows attackers to list files in arbitrary folders...

CVE-2019-5447

CVE-2019-5447 affects the http-file-server npm module (versions

PT-2019-17676 · Unknown · Http File Server

Name of the Vulnerable Software and Affected Versions: http-file-server versions = 0.2.6 Description: A path traversal issue allows attackers to list files in arbitrary folders. The package fails to sanitize URLs, allowing attackers to access server files outside of the served folder using relati...

Serve-here.js path traversal vulnerability

serve-here.js is an HTTP static file server. A path traversal vulnerability in serve-here.js v1.1.3 and prior versions, which arises from a failure of a networked system or product to properly filter for special elements in the path of a resource or file, can be exploited by an attacker to access...

Directory Traversal

http-file-server is vulnerable to directory traversal. It does not prevent the use of ../ in the path name of URL, allowing an attacker to list any files or folder in another folder of web root...

Rejetto HTTP File Server Remote Code Execution (CVE-2014-6287)

A remote code execution vulnerability exists in Rejetto HTTP File Server. This vulnerability is due to a regular expression that fails to handle null bytes. A remote unauthenticated attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to a target server...

Servicing stack update for Windows 10, Version 1903: May 14, 2019

Servicing stack update for Windows 10, Version 1903: May 14, 2019 Summary This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Key changes include: Addresses an issue that may prevent updates from installing when using an...

CVE-2018-20014

In UrBackup 2.2.6, an attacker can send a malformed request to the client over the network, and trigger a fileservplugin/CClientThread.cpp CClientThread::GetFileHashAndMetadata NULL pointer dereference, leading to shutting down the client application...

GHSA-886V-MM6P-4M66 High severity vulnerability that affects gun

Urgent Upgrade The static file server module included with GUN had a serious vulnerability: - Using curl --path-as-is allowed reads on any parent directory or files. This did not work via the browser or via curl without as-is option. Fixed This has been fixed since version 0.2019.416 and higher...

High severity vulnerability that affects gun

Urgent Upgrade The static file server module included with GUN had a serious vulnerability: - Using curl --path-as-is allowed reads on any parent directory or files. This did not work via the browser or via curl without as-is option. Fixed This has been fixed since version 0.2019.416 and higher...

VulnCheck KEV: CVE-2014-6287

The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server HFS or HttpFileServer allows remote attackers to execute arbitrary programs...

50k Servers Infected with Cryptomining Malware in Nansh0u Campaign

Up to 50,000 servers were infected over the past four months as part of a high-profile cryptojacking campaign, believed to orchestrated by Chinese-language adversaries. Researchers with Guardicore Labs, who disclosed the campaign Wednesday, said that the Nansh0u​ campaign named due to a text file...

What’s Behind the Wolters Kluwer Tax Outage?

Early in the afternoon on Friday, May, 3, I asked a friend to relay a message to his security contact at CCH, the cloud-based tax division of the global information services firm Wolters Kluwer in the Netherlands. The message was that the same file directories containing new versions of CCH's...

Node.js third-party modules: [http-file-server] Stored XSS in the filename when directories listing

I would like to report Stored XSS in module "http-file-server". It allows to inject malicious scripts in the file name, store them on the server, then execute these scripts in the browser via the XSS vulnerability. Module module name: http-file-server version: 0.2.6 npm page:...

Node.js third-party modules: [http-file-server] List any files and sub folders in the folder by using path traversal.

I would like to report Path Traversal in http-file-server. It allows to list any files and sub folders in another folder of web root. Module module name: http-file-server version: 0.2.6 npm page: https://www.npmjs.com/package/http-file-server Vulnerability Vulnerability Description http-file-serv...

Node.js third-party modules: [statichttpserver] List any file in the folder by using path traversal.

I would like to report Path Traversal in statichttpserver. It allows to list any file in another folder of web root. Module module name: statichttpserver version: 0.9.7 npm page: https://www.npmjs.com/package/statichttpserver Module Description 'statichttpserver' is inspired by SimpleHTTPServer.p...

Denial Of Service (DoS)

samba is vulnerable to denial of service. The Samba file server daemon did not properly handle certain files that were stored on the disk and used a valid Unicode character in the file name. An attacker able to send an authenticated non-Unicode request that attempted to read such a file could cau...

buttle npm package cross-site scripting vulnerability

buttle npm package is a static file server. A cross-site scripting vulnerability exists in version 0.2.0 of the buttle npm package, which stems from a lack of proper validation of client-side data by the WEB application. An attacker can exploit this vulnerability to execute client-side code...

Node.js third-party modules: [file-browser] Inadequate Output Encoding and Escaping

I would like to report stored xss in file-browser module It allows an attacker to embed malicious js code as filenames,which get executed once browsed to the file over the web browser Module module name: file-browser version: 0.0.5 npm page: https://www.npmjs.com/package/file-browser Module...

mIRC Remote Command Execution

Exploit Title: RCE on mIRC 7.55 using argument injection through custom URI protocol handlers Date: 18/02/2019 Exploit Author: https://twitter.com/proofofcalc/ Vendor Homepage: https://www.mirc.com Software Link: https://www.mirc.com/get.php Version: 7.55 Tested on: Windows CVE : CVE-2019-6453 RC...