Job fails to create VSS snapshot for SMB share

Challenge A File Backup/file to tape job skips VSS snapshot creation on SMB share and ends with the following message in the log: Failed to create a VSS snapshot, failing over to direct backup from the file share A File Backup job for an SMB3 File Share configured to use Backup from a Microsoft V...

CVE-2019-19518

CA Automic Sysload 5.6.0 through 6.1.2 contains a vulnerability, related to a lack of authentication on the File Server port, that potentially allows remote attackers to execute arbitrary commands...

CVE-2019-19518

CA Automic Sysload 5.6.0 through 6.1.2 contains a vulnerability, related to a lack of authentication on the File Server port, that potentially allows remote attackers to execute arbitrary commands...

ecstatic denial of service vulnerability

ecstatic is a simple static file server middleware. A denial of service vulnerability exists in ecstatic. An attacker could exploit this vulnerability to cause the application to crash...

Denial of Service (DoS)

Overview ecstatic is a simple static file server middleware. Use it with a raw http server, express/connect or on the CLI. Affected versions of this package are vulnerable to Denial of Service DoS. It is possible to crash a server using the package due to the way URL params parsing is handled...

CVE-2019-19733

getallfileserverpaths.ajax.php aka getallfileserverpaths.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.3 does not sanitize or encode the output from the fileIds parameter on the page, which would allow an attacker to input HTML or execute scripts on the site, aka XSS...

CVE-2019-19829

A cross-site scripting XSS vulnerability exists in SolarWinds Serv-U FTP Server 15.1.7 in the email parameter, a different vulnerability than CVE-2018-19934 and CVE-2019-13182...

GHSA-85RF-XH54-WHP3 Malicious URL drafting attack against iodines static file server may allow path traversal

Impact A path traversal vulnerability was detected in iodine's static file service. This vulnerability effects any application running iodine's static file server on an effected iodine version. Malicious URL drafting may cause the static file server to attempt a response containing data from file...

Malicious URL drafting attack against iodines static file server may allow path traversal

Impact A path traversal vulnerability was detected in iodine's static file service. This vulnerability effects any application running iodine's static file server on an effected iodine version. Malicious URL drafting may cause the static file server to attempt a response containing data from file...

Malicious URL drafting attack against iodines static file server may allow path traversal

Impact A path traversal vulnerability was detected in iodine's static file service. This vulnerability effects any application running iodine's static file server on an effected iodine version. Malicious URL drafting may cause the static file server to attempt a response containing data from file...

Cross-Site Scripting

Overview All versions of http-file-server are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize filenames, allowing attackers to execute arbitrary JavaScript in the victim's browser through files with names containing malicious code. Recommendation No fix is currently availabl...

GHSA-7J93-2H6R-HM49 Cross-Site Scripting in http-file-server

All versions of http-file-server are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize filenames, allowing attackers to execute arbitrary JavaScript in the victim's browser through files with names containing malicious code. Recommendation No fix is currently available. Consid...

Cross-Site Scripting in http-file-server

All versions of http-file-server are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize filenames, allowing attackers to execute arbitrary JavaScript in the victim's browser through files with names containing malicious code. Recommendation No fix is currently available. Consid...

CVE-2019-5458

Cross-site scripting XSS vulnerability in http-file-server all versions allows an attacker with access to the server file system to execute arbitrary JavaScript code in victim's browser...

CVE-2019-5458

Cross-site scripting XSS vulnerability in http-file-server all versions allows an attacker with access to the server file system to execute arbitrary JavaScript code in victim's browser...

Cross site scripting

Cross-site scripting XSS vulnerability in http-file-server all versions allows an attacker with access to the server file system to execute arbitrary JavaScript code in victim's browser...

CVE-2019-5458

Cross-site scripting XSS vulnerability in http-file-server all versions allows an attacker with access to the server file system to execute arbitrary JavaScript code in victim's browser...

CVE-2019-5458

CVE-2019-5458 concerns the Node.js module http-file-server. All versions are vulnerable to a Cross-Site Scripting (XSS) flaw in directory listings: the server fails to sanitize filenames, allowing stored/reflective JavaScript in the victim’s browser when a user browses the listing. Evidence in co...

PT-2019-17687 · Unknown · Http File Server

Name of the Vulnerable Software and Affected Versions: http-file-server all versions Description: A cross-site scripting XSS issue allows an attacker with access to the server file system to execute arbitrary JavaScript code in a victim's browser. The package fails to sanitize filenames, enabling...

Path Traversal

Overview All versions of http-file-server are vulnerable to Path Traversal. The package fails to sanitize URLs, allowing attackers to access server files outside of the served folder using relative paths. Recommendation No fix is currently available. Consider using an alternative package until a...