75 matches found
CVE-2025-46094
LiquidFiles before 4.1.2 allows directory traversal by configuring the pathname of a local executable file as an Actionscript...
CVE-2025-46093
LiquidFiles before 4.1.2 supports FTP SITE CHMOD for mode 6777 setuid and setgid, which allows FTPDrop users to execute arbitrary code as root by leveraging the Actionscript feature and the sudoers configuration...
CVE-2025-46094
LiquidFiles before 4.1.2 allows directory traversal by configuring the pathname of a local executable file as an Actionscript...
CVE-2025-46093
LiquidFiles before 4.1.2 supports FTP SITE CHMOD for mode 6777 setuid and setgid, which allows FTPDrop users to execute arbitrary code as root by leveraging the Actionscript feature and the sudoers configuration...
CVE-2025-46094
LiquidFiles before 4.1.2 allows directory traversal by configuring the pathname of a local executable file as an Actionscript...
CVE-2025-46094
LiquidFiles before 4.1.2 allows directory traversal by configuring the pathname of a local executable file as an Actionscript...
CVE-2025-46093
LiquidFiles before 4.1.2 is affected. The vulnerability stems from FTP SITE CHMOD handling (mode 6777: setuid/setgid) which can allow FTPDrop users to execute arbitrary code as root by abusing the Actionscript feature and the sudoers configuration. Affected software: LiquidFiles prior to 4.1.2. I...
CVE-2025-46093
LiquidFiles before 4.1.2 supports FTP SITE CHMOD for mode 6777 setuid and setgid, which allows FTPDrop users to execute arbitrary code as root by leveraging the Actionscript feature and the sudoers configuration...
CVE-2025-46093
LiquidFiles before 4.1.2 supports FTP SITE CHMOD for mode 6777 setuid and setgid, which allows FTPDrop users to execute arbitrary code as root by leveraging the Actionscript feature and the sudoers configuration...
PT-2025-31875 · Unknown · Liquidfiles
Name of the Vulnerable Software and Affected Versions: LiquidFiles versions prior to 4.1.2 Description: LiquidFiles is susceptible to a directory traversal issue. This occurs when the pathname of a local executable file is configured as an Actionscript, potentially allowing unauthorized access to...
Liquidfiles 安全漏洞
Liquidfiles is a storage service for large-scale secure file transfer and sharing for companies and organizations from US-based Liquidfiles, Inc. A security vulnerability exists in Liquidfiles versions prior to 4.1.2, which originates from a vulnerability that could cause an FTPDrop user to execu...
Liquidfiles 安全漏洞
Liquidfiles is a storage service for large-scale secure file transfer and sharing for companies and organizations from US-based Liquidfiles, Inc. A security vulnerability exists in Liquidfiles versions prior to 4.1.2 that stems from directory traversal that can be achieved by configuring local...
CVE-2025-46094
LiquidFiles is affected prior to version 4.1.2 by a directory traversal vulnerability triggered when the pathname of a local executable file is configured as an Actionscript. The issue exposes risk to confidentiality (Low) and integrity (Low) with no availability impact in the CVE metrics. Concre...
PT-2025-31874 · Unknown · Liquidfiles
Name of the Vulnerable Software and Affected Versions: LiquidFiles versions prior to 4.1.2 Description: LiquidFiles versions prior to 4.1.2 support FTP SITE CHMOD for mode 6777 setuid and setgid. This allows FTPDrop users to execute arbitrary code as root by leveraging the Actionscript feature an...
CVE-2021-30140
LiquidFiles 3.4.15 has stored XSS through the "send email" functionality when sending a file via email to an administrator. When a file has no extension and contains malicious HTML / JavaScript content such as SVG with HTML content, the payload is executed upon a click. This is fixed in 3.5...
CVE-2020-29071
An XSS issue was found in the Shares feature of LiquidFiles before 3.3.19. The issue arises from the insecure rendering of HTML files uploaded to the platform as attachments, when the -htmlview URL is directly accessed. The impact ranges from executing commands as root on the server to retrieving...
CVE-2020-29072
A Cross-Site Script Inclusion vulnerability was found on LiquidFiles before 3.3.19. This client-side attack requires user interaction opening a link and successful exploitation could lead to encrypted e-mail content leakage via messages/sent?format=js and popup?format=js...
CVE-2023-4393
HTML and SMTP injections on the registration page of LiquidFiles versions 3.7.13 and below, allow an attacker to perform more advanced phishing attacks against an organization...
CVE-2023-4393
HTML and SMTP injections on the registration page of LiquidFiles versions 3.7.13 and below, allow an attacker to perform more advanced phishing attacks against an organization...
Design/Logic Flaw
HTML and SMTP injections on the registration page of LiquidFiles versions 3.7.13 and below, allow an attacker to perform more advanced phishing attacks against an organization...