Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

87 matches found

CVE
CVEadded 2024/03/13 2:10 p.m.60 views

CVE-2024-25153

CVE-2024-25153 affects the FileCatalyst Workflow Web Portal’s ftpservlet, enabling a directory traversal that allows uploading files outside the intended uploadtemp directory. If a file lands in the web portal’s DocumentRoot, specially crafted JSPs could execute code, including web shells, leadin...

9.8CVSS9.5AI score0.82216EPSS
Exploits4References3Affected Software1
Vulnrichment
Vulnrichmentadded 2024/03/13 2:10 p.m.21 views

CVE-2024-25153 Remote Code Execution in FileCatalyst Workflow 5.x prior to 5.1.6 Build 114

A directory traversal within the ‘ftpservlet’ of the FileCatalyst Workflow Web Portal allows files to be uploaded outside of the intended ‘uploadtemp’ directory with a specially crafted POST request. In situations where a file is successfully uploaded to web portal’s DocumentRoot, specially craft...

9.8CVSS7.3AI score0.82216EPSS
Exploits4References2
Positive Technologies
Positive Technologiesadded 2024/03/13 12:0 a.m.3 views

PT-2024-20788 · Unknown · Filecatalyst Direct

Name of the Vulnerable Software and Affected Versions: FileCatalyst Direct versions 3.8.6 through 3.8.8 Description: The web server in FileCatalyst Direct does not properly sanitize illegal characters in a URL, which can be displayed on a subsequent error page. This allows a malicious actor to...

7.2CVSS7.8AI score0.01044EPSS
Exploits0References8
CNNVD
CNNVDadded 2024/03/13 12:0 a.m.3 views

FileCatalyst Direct Security Vulnerability

FileCatalyst Direct is a pure software solution that uses a server-client architecture to manage and accelerate file transfers. A security vulnerability exists in FileCatalyst Direct versions 3.8.6 through 3.8.8 that stems from a reflective cross-site scripting XSS vulnerability in which the web...

7.2CVSS5.8AI score0.01044EPSS
Exploits0References3
CNNVD
CNNVDadded 2024/03/13 12:0 a.m.4 views

FileCatalyst Workflow Web Portal Security Vulnerability

FileCatalyst Workflow Web Portal is a Web-based application from FileCatalyst, Inc. A security vulnerability exists in FileCatalyst Workflow Web Portal prior to 5.1.6 Build 114 that stems from the presence of a path traversal vulnerability. An attacker could use this vulnerability to upload files...

9.8CVSS6.8AI score0.82216EPSS
Exploits4References3
Positive Technologies
Positive Technologiesadded 2024/03/13 12:0 a.m.3 views

PT-2024-20787 · Unknown · Filecatalyst Direct

Name of the Vulnerable Software and Affected Versions: FileCatalyst Direct versions 3.8.8 and earlier Description: The issue is caused by improper URL validation, leading to path traversal. This allows an encoded payload to cause the web server to return files located outside of the web root, whi...

5.3CVSS6.8AI score0.00293EPSS
Exploits0References8
GithubExploit
GithubExploitadded 2024/03/12 5:26 p.m.420 views

Exploit for External Control of Assumed-Immutable Web Parameter in Fortra Filecatalyst_Workflow

CVE-2024-25153 This is a proof of concept for CVE-2024-25153,...

9.8CVSS9.8AI score0.82216EPSS
Exploits4
Rows per page
Query Builder