CVE-2017-16106

CVE-2017-16106 : The static file server tmock is vulnerable to a directory traversal via URLs containing ".. /", allowing access to the filesystem (e.g., reading /etc/passwd). Several connected advisories confirm this issue and indicate there is no patch available ; the guidance is to restrict tm...

CVE-2017-16190

dcdcdcdcdc is a static file server. dcdcdcdcdc is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url...

CVE-2017-16139

CVE-2017-16139 affects the jikes file server. The vulnerability is a directory traversal flaw in path resolution that allows an attacker to access the filesystem by placing sequences like "../" in the URL. The initial description notes that accessible files are restricted to those with .htm and ....

CVE-2017-16221

CVE-2017-16221 concerns the simple file server yzt , where a directory traversal vulnerability allows an attacker to access the filesystem by placing "../" in the URL. The issue stems from how relative file paths are resolved, enabling access to files outside the intended directory root. This vul...

CVE-2017-16176

The CVE concerns jansenstuffpleasework, a file server, with a directory traversal vulnerability exploitable by placing sequences like ../ in the URL to access the filesystem. Multiple connected sources confirm the issue and demonstrate that affected versions resolve relative file paths, permittin...

CVE-2017-16178

Summary: CVE-2017-16178 affects the intsol-package file server and is a directory traversal vulnerability that allows an attacker to access the filesystem by including "../" in the URL. The issue is documented across multiple sources (NVD entry and advisories) with concrete description and exampl...

CVE-2017-16181

CVE-2017-16181 affects the static file server wintiwebdev. The vulnerability is a directory traversal flaw that lets an attacker access the filesystem by requesting URLs containing ../ sequences. This is confirmed across multiple sources (NVD entry for CVE-2017-16181 and related advisories). Impa...

CVE-2017-16212

Summary: CVE-2017-16212 affects the static file server named ltt , with a directory traversal vulnerability that can be triggered by including relative paths (e.g., "../../"). Public details in connected advisories (GHSA-5JG5-W395-9684, Veracode, CNVD, etc.) describe that affected versions of ltt...

CVE-2017-16219

CVE-2017-16219 concerns the static file server yttivy , where a directory traversal flaw allows an attacker to access files outside the intended directory by using relative paths (e.g., ../../). The issue is triggered by how yttivy resolves relative file paths in requests, enabling potential disc...

CVE-2017-16193

CVE-2017-16193 affects the static file server mfrs . The vulnerability is a directory traversal flaw where a URL containing "../" (and variants) allows access to files outside the intended root. Public documents confirm the root cause is improper resolution of relative file paths, enabling potent...

CVE-2017-16177

CVE-2017-16177 affects chatbyvista (a file server). The vulnerability is a directory traversal flaw triggered by crafted URLs that include path segments like ../, allowing access to the filesystem outside the intended directory. The CVE entry documents this vulnerability with a medium to high imp...

CVE-2017-16175

CVE-2017-16175 concerns a vulnerability in the file server ewgaddis.lab6 where a directory traversal flaw allows an attacker to access the filesystem by placing ".." in the URL (e.g., ../../). Connected sources repeatedly state that the vulnerability stems from improper path resolution, enabling ...

CVE-2017-16197

qinserve is a static file server. qinserve is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url...

CVE-2017-16183

iter-server is a static file server. iter-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url...

CVE-2017-16148

The CVE-2017-16148 entry concerns the static file server serve46 . The connected advisories document a directory traversal vulnerability where a URL containing relative path segments (for example, ../../) can cause the server to disclose files outside the intended directory. The vulnerability aff...

fancy-server path traversal vulnerability

fancy-server is a static file server. A path traversal vulnerability exists in versions of fancy-server prior to 0.1.4. An attacker can exploit this vulnerability by submitting input e.g. '. /' to read files from other directories...

yttivy directory traversal vulnerability

yttivy is a static file server. A directory traversal vulnerability exists in yttivy. An attacker can exploit this vulnerability by placing a '... /' sequence in a URL to gain access to the file system...

dgard8.lab6 Directory Traversal Vulnerability

dgard8.lab6 is a static file server. A directory traversal vulnerability exists in dgard8.lab6. An attacker can exploit this vulnerability by placing "... /" in a URL to access the file system...

PT-2018-16150 · Unknown · Crud-File-Server

Name of the Vulnerable Software and Affected Versions: crud-file-server versions prior to 0.8.0 Description: The issue is related to a lack of validation of file names, leading to a Cross-Site Scripting vulnerability. This is due to insufficient sanitization of filenames when the directory index ...

Directory traversal

Versions less than 0.1.4 of the static file server module fancy-server are vulnerable to directory traversal. An attacker can provide input such as ../ to read files outside of the served directory...