1217 matches found
HTTP File Server <2.3c - Remote Command Execution
HTTP File Server before 2.3c is susceptible to remote command execution. The findMacroMarker function in parserLib.pas allows an attacker to execute arbitrary programs via a %00 sequence in a search action. Therefore, an attacker can obtain sensitive information, modify data, and/or gain full...
FTP Fetch, Windows Reverse HTTP Stager (winhttp)
Fetch and execute an x86 payload from an FTP server. Tunnel communication over HTTP Windows winhttp Module Options msf use payload/cmd/windows/ftp/x86/dllinject/reversewinhttp msf payloadreversewinhttp show actions ...actions... msf payloadreversewinhttp set ACTION msf payloadreversewinhttp show...
FTP Fetch, Windows shellcode stage, Windows x86 Reverse Named Pipe (SMB) Stager
Fetch and execute an x86 payload from an FTP server. Custom shellcode stage. Connect back to the attacker via a named pipe pivot Module Options msf use payload/cmd/windows/ftp/x86/custom/reversenamedpipe msf payloadreversenamedpipe show actions ...actions... msf payloadreversenamedpipe set ACTION...
Rejetto HTTP File Server - Template injection
This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. id: CVE-2024-23692 info: name: Rejetto HTTP File Server - Template injection author: johnk3r severity: critical description: | This...
CVE-2026-53026 NFSD: fix nfs4_file access extra count in nfsd4_add_rdaccess_to_wrdeleg
In the Linux kernel, the following vulnerability has been resolved: NFSD: fix nfs4file access extra count in nfsd4addrdaccesstowrdeleg In nfsd4addrdaccesstowrdeleg, if fp-fifdsORDONLY is already set by another thread, nfs4filegetaccess should not be called to increment the nfs4file access count...
CVE-2026-52944
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix FSCTL permission bypass by adding a permission check for FSCTLSETSPARSE FSCTLSETSPARSE in fsctlsetsparse modifies the file's sparse attribute and saves it through xattr without any permission checks. This exposes two...
CVE-2026-52844
Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, on Windows, Caddy path matchers treat /private\secret.txt as outside /private/, but fileserver later resolves the same request path as private\secret.txt on disk. An unauthenticated remote client can bypass Caddy...
CVE-2026-52844
CVE-2026-52844 describes a Windows-specific path handling bug in Caddy prior to 2.11.4 where path matchers do not normalize backslashes, causing a request like /private%5csecret.txt to bypass path-scoped auth and reach the protected file, e.g., /private/*, through file_server. The issue is exploi...
SUSE-SU-2026:2571-1 Security update for the Linux Kernel (Live Patch 30 for SUSE Linux Enterprise 15 SP5)
This update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.121 fixes various security issues The following security issues were fixed: - CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache bsc1261640. - CVE-2026-31504: net: fix fanout UAF in packetrelease via NETDEVUP rac...
JLSEC-2026-617 Open redirect in the HTTP.jl static file server canonical redirects
Description The static file server's canonical 301 redirects index-file strip, directory trailing-slash add, and file trailing-slash strip built the Location header verbatim from the un-normalized request target. Request-target validation only requires a leading /, has no CTL bytes, and the...
JLSEC-2026-612 Path traversal in the HTTP.jl static file server via separator/absolute path segments
Description The static file server decoded the request path, split it on /, and rejected only segments exactly equal to . or ... Because URL-decoding ran before the / split, an encoded backslash %5c, a Windows drive specifier C:..., or a UNC prefix \host\share survived inside a single segment and...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the handler/router.go process. An attacker can access arbitrary files on the host filesystem by sending requests with percent-encoded backslashes %5C that bypass path sanitization. Details A Directory Traversal...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the getImageForOcclusion function. An attacker can access arbitrary files readable by the application process and exfiltrate their contents over the network by embedding malicious scripts in iframes within import...
GHSA-QRP7-CVWR-J2C6 Caddy: Windows `file_server` path authorization bypass via encoded backslash
Summary On Windows, Caddy path matchers treat /private\secret.txt as outside /private/, but fileserver later resolves the same request path as private\secret.txt on disk. An unauthenticated remote client can request /private%5csecret.txt and bypass Caddy path-scoped auth/deny routes protecting...
GHSA-WQP7-X3PW-XC5R Starlette: SSRF and NTLM credential theft via UNC paths in StaticFiles on Windows
Summary When serving static files on Windows, StaticFiles resolves the requested path with os.path.realpath. If a UNC path such as \attacker.com\share reaches the resolver, realpath causes the process to open a connection to the remote host over SMB port 445. This is a server-side request forgery...
PT-2026-48615
Name of the Vulnerable Software and Affected Versions Spring Integration versions 7.0.0 through 7.0.4 Spring Integration versions 6.5.0 through 6.5.8 Spring Integration versions 6.4.0 through 6.4.11 Spring Integration versions 6.3.0 through 6.3.14 Spring Integration versions 5.5.0 through 5.5.20...
CVE-2025-67223
The Aranda File Server AFS component in Aranda Software Aranda Service Desk before 8.3.12 stores daily activity logs with predictable names in a publicly accessible directory, which allows unauthenticated remote attackers to obtain direct virtual paths of uploaded files and bypass access controls...
CVE-2026-6593
A vulnerability was found in ComfyUI up to 0.13.0. Affected by this issue is some unknown functionality of the file server.py of the component View Endpoint. Performing a manipulation results in cross site scripting. The attack is possible to be carried out remotely. The exploit has been made...
CVE-2026-10216
A vulnerability was detected in unitedbyai droidclaw up to 0.5.3. The affected element is an unknown function of the file server/src/routes/pairing.ts of the component claim Endpoint. The manipulation results in improper restriction of excessive authentication attempts. The attack may be launched...
[SECURITY] Fedora 43 Update: netatalk-4.4.3-1.fc43
Netatalk is a freely-available Open Source AFP file server. A NIX/BSD system running Netatalk is capable of serving many Macintosh clients simultaneously as an AppleShare file server AFP. In addition to the AFP file server daemon, the following utility programs are also included: ad - AppleDouble...