1173 matches found
mIRC < 7.55 - Remote Command Execution Using Argument Injection Through Custom URI Vulnerability
Exploit Title: RCE on mIRC 7.55 using argument injection through custom URI protocol handlers Date: 18/02/2019 Exploit Author: https://twitter.com/proofofcalc/ Vendor Homepage: https://www.mirc.com Software Link: https://www.mirc.com/get.php Version: 7.55 Tested on: Windows CVE : CVE-2019-6453 RC...
CVE-2018-11798
A flaw was found in the Node.js static web server in Apache Thrift, where it allowed a remote user to access files outside of the set web servers' docroot path. An attacker could use this flaw to possibly access unauthorized files and sensitive information...
Stored Cross-Site Scripting
Overview All versions of tianma-static are vulnerable to stored cross-site scripting XSS. The vulnerability is exploitable if a user can control the name of a file that is served by tianma-static Recommendation As no fix is available for this vulnerability at this time it is our recommendation to...
Path Traversal
Overview All versions of takeapeek are vulnerable to path traversal exposing files and directories. Recommendation As no fix is currently available for this vulnerability is it is our recommendation to use another static file server. References - HackerOne Report - Node.js Security-wg - GitHub...
GHSA-23XP-J737-282V Path Traversal in takeapeek
All versions of takeapeek are vulnerable to path traversal exposing files and directories. Recommendation As no fix is currently available for this vulnerability is it is our recommendation to use another static file server...
Path Traversal in takeapeek
All versions of takeapeek are vulnerable to path traversal exposing files and directories. Recommendation As no fix is currently available for this vulnerability is it is our recommendation to use another static file server...
Stored Cross-Site Scripting in tianma-static
All versions of tianma-static are vulnerable to stored cross-site scripting XSS. The vulnerability is exploitable if a user can control the name of a file that is served by tianma-static Recommendation As no fix is available for this vulnerability at this time it is our recommendation to use...
Directory Traversal in augustine
Affected versions of augustine resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system. Proof of...
Path Traversal in general-file-server
All versions of general-file-server are vulnerable to path traversal. Recommendation No fix is currently available for this vulnerability. It is our recommendation to not use this module until a fix has been provided...
GHSA-WV2F-3RXV-JQHP Path Traversal in general-file-server
All versions of general-file-server are vulnerable to path traversal. Recommendation No fix is currently available for this vulnerability. It is our recommendation to not use this module until a fix has been provided...
Directory Traversal in tmock
tmock is a static file server. tmock is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. Example request: http GET /../../../../../../../../../../etc/passwd HTTP/1.1 host: localhost and server Response: http HTTP/1.1 200 OK Date:...
GHSA-J6W4-PG6P-5MRV Directory Traversal in tmock
tmock is a static file server. tmock is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. Example request: http GET /../../../../../../../../../../etc/passwd HTTP/1.1 host: localhost and server Response: http HTTP/1.1 200 OK Date:...
Directory Traversal in intsol-package
intsol-package is a file server. intsol-package is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. Example Request: http GET /../../../../../../../../../../etc/passwd HTTP/1.1 host:localhost and the server's Response http HTTP/1....
GHSA-VFP9-GWRH-WQ9G Path Traversal in crud-file-server
Versions of crud-file-server prior to 0.9.0 are vulnerable to Path Traversal. The package fails to sanitize URLs, allowing attackers to access server files outside of the served folder using relative paths. Recommendation Upgrade to version 0.9.0 or later...
GHSA-H24F-9MM4-W336 Cross-site Scripting (XSS) - Stored in crud-file-server
Versions of crud-file-server before 0.8.0 are vulnerable to stored cross-site scripting XSS. This is due to insufficient santiziation of filenames when directory index is served by crud-file-server. Recommendation Update to version 0.8.0 or later...
Cross-site Scripting (XSS) - Stored in crud-file-server
Versions of crud-file-server before 0.8.0 are vulnerable to stored cross-site scripting XSS. This is due to insufficient santiziation of filenames when directory index is served by crud-file-server. Recommendation Update to version 0.8.0 or later...
CVE-2016-9483
The PHP form code generated by PHP FormMail Generator deserializes untrusted input as part of the phpfmgfilmandownload function. A remote unauthenticated attacker may be able to use this vulnerability to inject PHP code, or along with CVE-2016-9484 to perform local file inclusion attacks and obta...
tmock Directory Traversal Vulnerability
tmock is a static file server. A directory traversal vulnerability exists in tmock. An attacker can exploit this vulnerability to gain access to the file system by placing a '... /' sequence in a URL to gain access to the file system...
nodeaaaaa Directory Traversal Vulnerability
nodeaaaaa is a static file server. A directory traversal vulnerability exists in nodeaaaaa. An attacker can gain access to the file system by placing a '... /' sequence in a URL to gain access to the file system...
Welcomyzt Path Traversal Vulnerability
welcomyzt is a file server. A path traversal vulnerability exists in welcomyzt. An attacker could gain access to the file system by placing a '... /' sequence in a URL to gain access to the file system...