PCMan FTP Server 安全漏洞

PCMan FTP Server is PCMan open source set of FTP software. A buffer overflow vulnerability exists in PCMan FTP Server that stems from a failure to properly validate input when processing a specific request. No detailed vulnerability details are provided at this time...

Rejetto HTTP File Server 2.3m - Remote Code Execution (RCE)

Exploit Title: Rejetto HTTP File Server 2.3m - Remote Code Execution RCE Fofa Dork: "HttpFileServer" && server=="HFS 2.3m" Date: 2024-09-22 Exploit Author: VeryLazyTech GitHub: https://github.com/verylazytech/CVE-2024-23692 Vendor Homepage: http://rejetto.com/hfs/ Software Link:...

CVE-2025-27610

Rack::Static in Rack (Ruby) is vulnerable to Local File Inclusion due to improper sanitization of user-supplied paths, allowing access to files under the configured root. The affected versions are prior to 2.2.13, 3.0.14, and 3.1.12, which contain the patch. The vulnerability enables traversal vi...

Local File Inclusion in Rack::Static

Summary Rack::Static can serve files under the specified root: even if urls: are provided, which may expose other files under the specified root: unexpectedly. Details The vulnerability occurs because Rack::Static does not properly sanitize user-supplied paths before serving files. Specifically,...

Exploit for Code Injection in Rejetto Http_File_Server

This is a PoC exploit for CVE-2024-23692, a remote code executio...

CVE-2025-27098

GraphQL Mesh is a GraphQL Federation framework and gateway for both GraphQL Federation and non-GraphQL Federation subgraphs, non-GraphQL services, such as REST and gRPC, and also databases such as MongoDB, MySQL, and PostgreSQL. Missing check vulnerability in the static file handler allows any...

CVE-2021-35223

The Serv-U File Server allows for events such as user login failures to be audited by executing a command. This command can be supplied with parameters that can take the form of user string variables, allowing remote code execution...

CVE-2022-36974

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Web File...

CVE-2024-0352

A vulnerability classified as critical was found in Likeshop up to 2.5.7.20210311. This vulnerability affects the function FileServer::userFormImage of the file server/application/api/controller/File.php of the component HTTP POST Request Handler. The manipulation of the argument file leads to...

Updated openafs packages fix security vulnerabilities

A local user can bypass the OpenAFS PAG Process Authentication Group throttling mechanism in Unix client. CVE-2024-10394 An authenticated user can provide a malformed ACL to the fileserver's StoreACL RPC, causing the fileserver to crash. CVE-2024-10396 A malicious server can crash the OpenAFS cac...

PT-2024-33487 · Misskey · Misskey

Name of the Vulnerable Software and Affected Versions: Misskey versions 2024.10.1 or earlier Description: Misskey is an open source, federated social media platform. In affected versions, the FileServerService media proxy did not detect proxy loops, allowing remote actors to execute a...

Exploit for Code Injection in Rejetto Http_File_Server

CVE-2024-23692-poc CVE-2024-23692 is a template injection vu...

CVE-2024-52793

The CVE affects the Deno Standard Library, specifically http/file-server.serveDir with showDirListing: true on POSIX systems, where file names controlled by an attacker can trigger cross-site scripting. Versions prior to 1.0.11 are affected; 1.0.11 fixes the issue. Exploitation is documented as p...

CVE-2024-52793 XSS vulnerability in serveDir API of @std/http/file-server on POSIX systems

The Deno Standard Library provides APIs for Deno and the Web. Prior to version 1.0.11, http/file-server's serveDir with showDirListing: true option is vulnerable to cross-site scripting when the attacker is a user who can control file names in the source directory on systems with POSIX file names...

PT-2024-35445 · Deno · Deno Standard Library

Name of the Vulnerable Software and Affected Versions: Deno Standard Library versions prior to 1.0.11 Description: The issue affects the Deno Standard Library, specifically the http/file-server module's serveDir function when used with the showDirListing: true option. This setup is vulnerable to...

Arbitrary File Read

Gradio is vulnerable to Arbitrary File Read. The vulnerability is due to improper handling of File or UploadButton components, allowing attackers to read arbitrary files from the application server...

Rejetto HTTP File Server 2.x <= 2.3m RCE (CVE-2024-23692) (direct check)

Binary data rejettohfsrceCVE-2024-23692.nbin...

OpenAFS 安全漏洞

OpenAFS is an OpenAFS open source set of distributed file systems. It allows files and resources to be shared between systems over LANs and WANs. A security vulnerability exists in OpenAFS, which stems from the fact that an authenticated user can provide an incorrectly formatted ACL to a file...

The vulnerability of the Xlight file server exists due to a mistake caused by integer overflow, allowing attackers to execute arbitrary code by sending specially crafted SFTP packets.

The vulnerability of the Xlight file server exists due to a mistake caused by integer overflow. Exploiting this vulnerability allows an attacker to execute arbitrary code by sending specially crafted SFTP packets...

Rejetto HTTP File Server 2.x <= 2.3m RCE (CVE-2024-23692)

The version of Rejetto HTTP File Server installed on the remote host is 2.x up to 2.3m. It is, therefore, affected by a vulnerability: - Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote,...