http-file-server path traversal vulnerability

http-file-server is an HTTP file server. A path traversal vulnerability exists in http-file-server. The vulnerability stems from a failure of a network system or product to properly filter special elements in the path of a resource or file. An attacker could use this vulnerability to access...

GHSA-2MP5-M968-GWR2 Path Traversal in http-file-server

All versions of http-file-server are vulnerable to Path Traversal. The package fails to sanitize URLs, allowing attackers to access server files outside of the served folder using relative paths. Recommendation No fix is currently available. Consider using an alternative package until a fix is ma...

Path Traversal in http-file-server

All versions of http-file-server are vulnerable to Path Traversal. The package fails to sanitize URLs, allowing attackers to access server files outside of the served folder using relative paths. Recommendation No fix is currently available. Consider using an alternative package until a fix is ma...

CVE-2019-5447

A path traversal vulnerability in = v0.2.6 of http-file-server npm module allows attackers to list files in arbitrary folders...

Path traversal

A path traversal vulnerability in = v0.2.6 of http-file-server npm module allows attackers to list files in arbitrary folders...

CVE-2019-5447

A path traversal vulnerability in = v0.2.6 of http-file-server npm module allows attackers to list files in arbitrary folders...

CVE-2019-5447

CVE-2019-5447 affects the http-file-server npm module (versions

PT-2019-17676 · Unknown · Http File Server

Name of the Vulnerable Software and Affected Versions: http-file-server versions = 0.2.6 Description: A path traversal issue allows attackers to list files in arbitrary folders. The package fails to sanitize URLs, allowing attackers to access server files outside of the served folder using relati...

Serve-here.js path traversal vulnerability

serve-here.js is an HTTP static file server. A path traversal vulnerability in serve-here.js v1.1.3 and prior versions, which arises from a failure of a networked system or product to properly filter for special elements in the path of a resource or file, can be exploited by an attacker to access...

Directory Traversal

http-file-server is vulnerable to directory traversal. It does not prevent the use of ../ in the path name of URL, allowing an attacker to list any files or folder in another folder of web root...

Rejetto HTTP File Server Remote Code Execution (CVE-2014-6287)

A remote code execution vulnerability exists in Rejetto HTTP File Server. This vulnerability is due to a regular expression that fails to handle null bytes. A remote unauthenticated attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to a target server...

Servicing stack update for Windows 10, Version 1903: May 14, 2019

Servicing stack update for Windows 10, Version 1903: May 14, 2019 Summary This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Key changes include: Addresses an issue that may prevent updates from installing when using an...

CVE-2018-20014

In UrBackup 2.2.6, an attacker can send a malformed request to the client over the network, and trigger a fileservplugin/CClientThread.cpp CClientThread::GetFileHashAndMetadata NULL pointer dereference, leading to shutting down the client application...

GHSA-886V-MM6P-4M66 High severity vulnerability that affects gun

Urgent Upgrade The static file server module included with GUN had a serious vulnerability: - Using curl --path-as-is allowed reads on any parent directory or files. This did not work via the browser or via curl without as-is option. Fixed This has been fixed since version 0.2019.416 and higher...

High severity vulnerability that affects gun

Urgent Upgrade The static file server module included with GUN had a serious vulnerability: - Using curl --path-as-is allowed reads on any parent directory or files. This did not work via the browser or via curl without as-is option. Fixed This has been fixed since version 0.2019.416 and higher...

VulnCheck KEV: CVE-2014-6287

The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server HFS or HttpFileServer allows remote attackers to execute arbitrary programs...

50k Servers Infected with Cryptomining Malware in Nansh0u Campaign

Up to 50,000 servers were infected over the past four months as part of a high-profile cryptojacking campaign, believed to orchestrated by Chinese-language adversaries. Researchers with Guardicore Labs, who disclosed the campaign Wednesday, said that the Nansh0u​ campaign named due to a text file...

What’s Behind the Wolters Kluwer Tax Outage?

Early in the afternoon on Friday, May, 3, I asked a friend to relay a message to his security contact at CCH, the cloud-based tax division of the global information services firm Wolters Kluwer in the Netherlands. The message was that the same file directories containing new versions of CCH's...

Node.js third-party modules: [http-file-server] Stored XSS in the filename when directories listing

I would like to report Stored XSS in module "http-file-server". It allows to inject malicious scripts in the file name, store them on the server, then execute these scripts in the browser via the XSS vulnerability. Module module name: http-file-server version: 0.2.6 npm page:...

Node.js third-party modules: [http-file-server] List any files and sub folders in the folder by using path traversal.

I would like to report Path Traversal in http-file-server. It allows to list any files and sub folders in another folder of web root. Module module name: http-file-server version: 0.2.6 npm page: https://www.npmjs.com/package/http-file-server Vulnerability Vulnerability Description http-file-serv...