CVE-2014-10066

Versions less than 0.1.4 of the static file server module fancy-server are vulnerable to directory traversal. An attacker can provide input such as ../ to read files outside of the served directory...

CVE-2014-10066

Versions less than 0.1.4 of the static file server module fancy-server are vulnerable to directory traversal. An attacker can provide input such as ../ to read files outside of the served directory...

crud-file-server node module path traversal vulnerability

The crud-file-server node module is a file server that supports create, read, update and delete functions. A path traversal vulnerability exists in the crud-file-server node module prior to version 0.9.0, which stems from the program's failure to properly verify the url, and can be exploited by a...

CVE-2018-3733

crud-file-server node module before 0.9.0 suffers from a Path Traversal vulnerability due to incorrect validation of url, which allows a malicious user to read content of any file with known path...

Path traversal

crud-file-server node module before 0.9.0 suffers from a Path Traversal vulnerability due to incorrect validation of url, which allows a malicious user to read content of any file with known path...

CVE-2018-3733

The vulnerability CVE-2018-3733 affects the NodeJS package crud-file-server (prior to version 0.9.0). It stems from incorrect validation/sanitation of URLs, enabling a path traversal that lets an attacker read files outside the served directory. Impact is read access to arbitrary files with known...

PT-2018-16157 · Unknown · Crud-File-Server

Name of the Vulnerable Software and Affected Versions: crud-file-server versions prior to 0.9.0 Description: The issue arises from incorrect validation of URLs, allowing a malicious user to read the content of any file with a known path due to a Path Traversal vulnerability. This is because the...

Path Traversal

Overview All versions of general-file-server are vulnerable to path traversal. Recommendation No fix is currently available for this vulnerability. It is our recommendation to not use this module until a fix has been provided. References - HackerOne Report - GitHub Advisory...

Cross-site Scripting (XSS) - Stored

Overview Versions of crud-file-server before 0.8.0 are vulnerable to stored cross-site scripting XSS. This is due to insufficient santiziation of filenames when directory index is served by crud-file-server. Recommendation Update to version 0.8.0 or later. References - GitHub Commit 4155bfe -...

Directory Traversal

crud-file-server is vulnerable to directory traversal attacks. The vulnerability exists due to the lack of ../ sanitization on the user input, allowing attackers to access files outside of the server's scope...

Path Traversal

general-file-server is vulnerable to path traversal attacks. Using a string including ../, attackers can traverse the server and any file with a known path...

vDisk Lost Properties in PVS Console

vDisk lost properties in PVS consoleafter move vDisk to individual file server with MS DFS enabled,vDisk is shown as No server and filesize can not be identified...

Node.js third-party modules: [crud-file-server] Stored XSS in filenames when directory index is served by crud-file-server

Hi Guys, crud-file-server allows to embed HTML in file names, which in certain conditions might lead to execute malicious JavaScript. Module crud-file-server This package exposes a directory and its children to create, read, update, and delete operations over http...

Node.js third-party modules: [general-file-server] Path Traversal vulnerability allows to read content on arbitrary file on the server

Hi Guys, There is Path Traversal in general-file-server module. It allows to read content of arbitrary files on the remote server. Module general-file-server This is a general file server made by nodejs. It will be easy for you to access the files on the server through the browser...

Node.js third-party modules: [crud-file-server] Path Traversal allows to read arbitrary file from the server

Hi Guys, There is Path Traversal vulnerability in crud-file-server module, which allows to read arbitrary file from the remote server. Module crud-file-server This package exposes a directory and its children to create, read, update, and delete operations over http...

Node.js third-party modules: [anywhere] An iframe element with url to malicious HTML file (with eg. JavaScript malware) can be used as filename and served via anywhere

Hi Guys, anywhere allows to embed HTML in file names, which in certain conditions might lead to execute malicious JavaScript. Module: Running static file server anywhere. https://www.npmjs.com/package/anywhere Description To embed malicious tag with JavaScript code to execute, / character is...

Directory Traversal

Overview Affected versions of augustine resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system...

Denial of Service in ecstatic

ecstatic, a simple static file server middleware, is vulnerable to denial of service. If a payload with a large number of null bytes %00 is provided by an attacker it can crash ecstatic by running it out of memory. Results from the original advisory A payload of 22kB caused a lag of 1 second, A...

ecstatic npm package denial of service vulnerability

ecstatic npm package is a static file server middleware. A denial of service vulnerability exists in the lib/ecstatic.js file in versions of ecstatic npm package prior to 2.0.0. A remote attacker can exploit this vulnerability to cause a denial of service overload and crash by passing a malicious...

The vulnerability of the reportId parameter in the getReportStatus method of the Kaspersky Anti-Virus for Linux File Server antivirus protection tool allows a hacker to access and read arbitrary files.

The vulnerability of the reportId parameter in the getReportStatus method of the Kaspersky Anti-Virus for Linux File Server antivirus tool is related to the lack of protection for service data. Exploiting this vulnerability allows a malicious actor, operating remotely, to read arbitrary files wit...