Lucene search
K

1217 matches found

Nuclei
Nuclei
added yesterday43 views

HTTP File Server <2.3c - Remote Command Execution

HTTP File Server before 2.3c is susceptible to remote command execution. The findMacroMarker function in parserLib.pas allows an attacker to execute arbitrary programs via a %00 sequence in a search action. Therefore, an attacker can obtain sensitive information, modify data, and/or gain full...

10CVSS7.3AI score0.99323EPSS
Exploits23References5
Metasploit
Metasploit
added 4 days ago15 views

FTP Fetch, Windows Reverse HTTP Stager (winhttp)

Fetch and execute an x86 payload from an FTP server. Tunnel communication over HTTP Windows winhttp Module Options msf use payload/cmd/windows/ftp/x86/dllinject/reversewinhttp msf payloadreversewinhttp show actions ...actions... msf payloadreversewinhttp set ACTION msf payloadreversewinhttp show...

6.2AI score
Exploits0
Metasploit
Metasploit
added 4 days ago22 views

FTP Fetch, Windows shellcode stage, Windows x86 Reverse Named Pipe (SMB) Stager

Fetch and execute an x86 payload from an FTP server. Custom shellcode stage. Connect back to the attacker via a named pipe pivot Module Options msf use payload/cmd/windows/ftp/x86/custom/reversenamedpipe msf payloadreversenamedpipe show actions ...actions... msf payloadreversenamedpipe set ACTION...

6.2AI score
Exploits0
Nuclei
Nuclei
added 6 days ago210 views

Rejetto HTTP File Server - Template injection

This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. id: CVE-2024-23692 info: name: Rejetto HTTP File Server - Template injection author: johnk3r severity: critical description: | This...

9.8CVSS7.6AI score0.99485EPSS
Exploits20References2
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.28 views

CVE-2026-53026 NFSD: fix nfs4_file access extra count in nfsd4_add_rdaccess_to_wrdeleg

In the Linux kernel, the following vulnerability has been resolved: NFSD: fix nfs4file access extra count in nfsd4addrdaccesstowrdeleg In nfsd4addrdaccesstowrdeleg, if fp-fifdsORDONLY is already set by another thread, nfs4filegetaccess should not be called to increment the nfs4file access count...

7.5CVSS0.00432EPSS
Exploits0References3
NVD
NVD
added 2026/06/24 10:17 a.m.14 views

CVE-2026-52944

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix FSCTL permission bypass by adding a permission check for FSCTLSETSPARSE FSCTLSETSPARSE in fsctlsetsparse modifies the file's sparse attribute and saves it through xattr without any permission checks. This exposes two...

5.5CVSS0.00121EPSS
Exploits0References4
NVD
NVD
added 2026/06/23 6:18 p.m.9 views

CVE-2026-52844

Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, on Windows, Caddy path matchers treat /private\secret.txt as outside /private/, but fileserver later resolves the same request path as private\secret.txt on disk. An unauthenticated remote client can bypass Caddy...

7.5CVSS0.00409EPSS
Exploits1References1
CVE
CVE
added 2026/06/23 5:50 p.m.16 views

CVE-2026-52844

CVE-2026-52844 describes a Windows-specific path handling bug in Caddy prior to 2.11.4 where path matchers do not normalize backslashes, causing a request like /private%5csecret.txt to bypass path-scoped auth and reach the protected file, e.g., /private/*, through file_server. The issue is exploi...

7.5CVSS5.9AI score0.00409EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/06/23 3:35 p.m.2 views

SUSE-SU-2026:2571-1 Security update for the Linux Kernel (Live Patch 30 for SUSE Linux Enterprise 15 SP5)

This update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.121 fixes various security issues The following security issues were fixed: - CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache bsc1261640. - CVE-2026-31504: net: fix fanout UAF in packetrelease via NETDEVUP rac...

9.8CVSS5.9AI score0.0049EPSS
Exploits8References11
OSV
OSV
added 2026/06/23 12:59 p.m.7 views

JLSEC-2026-617 Open redirect in the HTTP.jl static file server canonical redirects

Description The static file server's canonical 301 redirects index-file strip, directory trailing-slash add, and file trailing-slash strip built the Location header verbatim from the un-normalized request target. Request-target validation only requires a leading /, has no CTL bytes, and the...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/06/23 12:59 p.m.6 views

JLSEC-2026-612 Path traversal in the HTTP.jl static file server via separator/absolute path segments

Description The static file server decoded the request path, split it on /, and rejected only segments exactly equal to . or ... Because URL-decoding ran before the / split, an encoded backslash %5c, a Windows drive specifier C:..., or a UNC prefix \host\share survived inside a single segment and...

6AI score
Exploits0References2
Snyk
Snyk
added 2026/06/22 8:18 p.m.3 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the handler/router.go process. An attacker can access arbitrary files on the host filesystem by sending requests with percent-encoded backslashes %5C that bypass path sanitization. Details A Directory Traversal...

8.7CVSS6.5AI score0.00408EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/19 10:10 p.m.7 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the getImageForOcclusion function. An attacker can access arbitrary files readable by the application process and exfiltrate their contents over the network by embedding malicious scripts in iframes within import...

7.1CVSS6.5AI score0.00169EPSS
Exploits0References2
OSV
OSV
added 2026/06/16 9:28 p.m.7 views

GHSA-QRP7-CVWR-J2C6 Caddy: Windows `file_server` path authorization bypass via encoded backslash

Summary On Windows, Caddy path matchers treat /private\secret.txt as outside /private/, but fileserver later resolves the same request path as private\secret.txt on disk. An unauthenticated remote client can request /private%5csecret.txt and bypass Caddy path-scoped auth/deny routes protecting...

7.5CVSS5.4AI score0.00409EPSS
Exploits1References2
OSV
OSV
added 2026/06/15 8:16 p.m.8 views

GHSA-WQP7-X3PW-XC5R Starlette: SSRF and NTLM credential theft via UNC paths in StaticFiles on Windows

Summary When serving static files on Windows, StaticFiles resolves the requested path with os.path.realpath. If a UNC path such as \attacker.com\share reaches the resolver, realpath causes the process to open a connection to the remote host over SMB port 445. This is a server-side request forgery...

7.5CVSS5.6AI score0.00368EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.19 views

PT-2026-48615

Name of the Vulnerable Software and Affected Versions Spring Integration versions 7.0.0 through 7.0.4 Spring Integration versions 6.5.0 through 6.5.8 Spring Integration versions 6.4.0 through 6.4.11 Spring Integration versions 6.3.0 through 6.3.14 Spring Integration versions 5.5.0 through 5.5.20...

7.1CVSS5.9AI score0.0021EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.12 views

CVE-2025-67223

The Aranda File Server AFS component in Aranda Software Aranda Service Desk before 8.3.12 stores daily activity logs with predictable names in a publicly accessible directory, which allows unauthenticated remote attackers to obtain direct virtual paths of uploaded files and bypass access controls...

7.5CVSS5.5AI score0.00631EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:47 p.m.10 views

CVE-2026-6593

A vulnerability was found in ComfyUI up to 0.13.0. Affected by this issue is some unknown functionality of the file server.py of the component View Endpoint. Performing a manipulation results in cross site scripting. The attack is possible to be carried out remotely. The exploit has been made...

5.1CVSS3.9AI score0.00206EPSS
Exploits0References1
NVD
NVD
added 2026/06/01 4:16 a.m.12 views

CVE-2026-10216

A vulnerability was detected in unitedbyai droidclaw up to 0.5.3. The affected element is an unknown function of the file server/src/routes/pairing.ts of the component claim Endpoint. The manipulation results in improper restriction of excessive authentication attempts. The attack may be launched...

6.3CVSS0.00406EPSS
Exploits0References7
Fedora
Fedora
added 2026/05/31 1:14 a.m.14 views

[SECURITY] Fedora 43 Update: netatalk-4.4.3-1.fc43

Netatalk is a freely-available Open Source AFP file server. A NIX/BSD system running Netatalk is capable of serving many Macintosh clients simultaneously as an AppleShare file server AFP. In addition to the AFP file server daemon, the following utility programs are also included: ad - AppleDouble...

9.9CVSS5.8AI score0.00516EPSS
Exploits0
Rows per page
Query Builder