Directory traversal

LINAGORA hublin latest commit 72ead897082403126bf8df9264e70f0a9de247ff is affected by: Directory Traversal. The impact is: The vulnerability allows an attacker to access any file with a fixed extension on the server. The component is: A web-view renderer; details here:...

CVE-2019-1010205

LINAGORA hublin latest commit 72ead897082403126bf8df9264e70f0a9de247ff is affected by: Directory Traversal. The impact is: The vulnerability allows an attacker to access any file with a fixed extension on the server. The component is: A web-view renderer; details here:...

GHSA-2MP5-M968-GWR2 Path Traversal in http-file-server

All versions of http-file-server are vulnerable to Path Traversal. The package fails to sanitize URLs, allowing attackers to access server files outside of the served folder using relative paths. Recommendation No fix is currently available. Consider using an alternative package until a fix is ma...

PT-2019-17676 · Unknown · Http File Server

Name of the Vulnerable Software and Affected Versions: http-file-server versions = 0.2.6 Description: A path traversal issue allows attackers to list files in arbitrary folders. The package fails to sanitize URLs, allowing attackers to access server files outside of the served folder using relati...

Path Traversal in serve-here.js

Versions of serve-here.js prior to 1.2.0 are vulnerable to Path Traversal. The package fails to sanitize URLs, allowing attackers to access server files outside of the served folder using relative paths. Recommendation Upgrade to version 1.2.0 or later...

CVE-2019-4260

IBM Daeja ViewONE Professional, Standard & Virtual 5.0 through 5.0.5 could allow an unauthorized user to download server files resulting in sensitive information disclosure. IBM X-Force ID: 160012...

Information disclosure

IBM Daeja ViewONE Professional, Standard & Virtual 5.0 through 5.0.5 could allow an unauthorized user to download server files resulting in sensitive information disclosure. IBM X-Force ID: 160012...

CVE-2019-4260

IBM Daeja ViewONE Virtual 5.0–5.0.5 has an information disclosure vulnerability (CVE-2019-4260) that could let an unauthenticated user download server files. Impacted product: Daeja ViewONE Professional/Standard/Virtual 5.0–5.0.5. Root cause: improper handling allowing unauthorized file access. R...

Path Traversal

Overview Versions of zero prior to 1.0.6 are vulnerable to Path Traversal. Due to insufficient input sanitization in URLs, attackers can access server files by using relative paths when fetching files. Recommendation Upgrade to version 1.0.6 or later. References GitHub Advisory...

Path Traversal

Overview Versions of serve-here.js prior to 1.2.0 are vulnerable to Path Traversal. The package fails to sanitize URLs, allowing attackers to access server files outside of the served folder using relative paths. Recommendation Upgrade to version 1.2.0 or later. References - HackerOne Report...

Path Traversal

Overview All versions of file-static-server are vulnerable to Path Traversal. Due to insufficient input sanitization in URLs, attackers can access server files by using relative paths when fetching files. Recommendation No fix is currently available. Consider using an alternative module until a f...

Path Traversal

Overview All versions of localhost-now are vulnerable to Path Traversal. The package fails to sanitize URLs, allowing attackers to access server files outside of the served folder using relative paths. Recommendation No fix is currently available. Consider using an alternative package until a fix...

Path Traversal

Overview Versions of crud-file-server prior to 0.9.0 are vulnerable to Path Traversal. The package fails to sanitize URLs, allowing attackers to access server files outside of the served folder using relative paths. Recommendation Upgrade to version 0.9.0 or later. References - HackerOne Report -...

Path Traversal

Overview Versions of ponse prior to 2.0.2 are vulnerable to Path Traversal. The package fails to sanitize URLs, allowing attackers to access server files outside of the served folder using relative paths. Recommendation Upgrade to version 2.0.2 or later. References - HackerOne Report - GitHub...

Path Traversal

Overview Versions of bruteser prior to 0.1.0 are vulnerable to Path Traversal. The package fails to sanitize URLs, allowing attackers to access server files outside of the served folder using relative paths. Recommendation Upgrade to version 0.1.0 or later. References - HackerOne Report - GitHub...

Path Traversal

Overview All versions of buttle are vulnerable to Path Traversal. Due to insufficient input sanitization, attackers can access server files by using relative paths when fetching files. Recommendation No fix is currently available. Consider using an alternative module until a fix is made available...

Path Traversal

Overview All versions of static-resource-server are vulnerable to Path Traversal. Due to insufficient input sanitization, attackers can access server files by using relative paths. Recommendation No fix is currently available. Consider using an alternative module until a fix is made available...

CVE-2019-3722

Dell EMC OpenManage Server Administrator OMSA versions prior to 9.1.0.3 and prior to 9.2.0.4 contain an XML external entity XXE injection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to read arbitrary server system files by supplying specially...

GHSA-RV49-54QP-FW42 Path Traversal in servey

Versions of servey prior to 3.x are vulnerable to Path Traversal. Due to insufficient input sanitization, attackers can access server files by using relative paths. Recommendation Upgrade to the latest version...

GHSA-74CP-QW7F-7HPW Path Traversal in statics-server

All versions of statics-server are vulnerable to Path Traversal. Due to insufficient input sanitization, attackers can access server files by using relative paths. Recommendation No fix is currently available. Consider using an alternative module until a fix is made available...