143 matches found
CVE-2026-54414
FileRise before 3.16.0 is vulnerable to path traversal in the shared-folder upload endpoint /api/folder/uploadToSharedFolder.php, leading to arbitrary file write and administrator account takeover. The upload filename is validated by FolderController with basename and REGEXFILENAME, which permit...
CVE-2026-54414
FileRise before 3.16.0 is vulnerable to path traversal in the shared-folder upload endpoint /api/folder/uploadToSharedFolder.php, leading to arbitrary file write and administrator account takeover. The upload filename is validated by FolderController with basename and REGEXFILENAME, which permit...
EUVD-2026-37993
FileRise before 3.16.0 is vulnerable to path traversal in the shared-folder upload endpoint /api/folder/uploadToSharedFolder.php, leading to arbitrary file write and administrator account takeover. The upload filename is validated by FolderController with basename and REGEXFILENAME, which permit...
CVE-2026-54414 FileRise shared-folder upload path traversal allows arbitrary file write and admin takeover
FileRise before 3.16.0 is vulnerable to path traversal in the shared-folder upload endpoint /api/folder/uploadToSharedFolder.php, leading to arbitrary file write and administrator account takeover. The upload filename is validated by FolderController with basename and REGEXFILENAME, which permit...
CVE-2026-54414
CVE-2026-54414 affects FileRise prior to 3.16.0. The vulnerability is a path traversal in the shared-folder upload endpoint (/api/folder/uploadToSharedFolder.php) that enables arbitrary file write and, under certain conditions, administrator account takeover. Root cause: uploaded filenames are va...
PT-2026-50842
Name of the Vulnerable Software and Affected Versions FileRise versions prior to 3.16.0 Description A path traversal issue exists in the shared-folder upload endpoint '/api/folder/uploadToSharedFolder.php'. The FolderController validates the upload filename using basename and REGEX FILE NAME, but...
PT-2026-34838
Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.25.0 Description An off-by-one error exists in the path traversal filter within channels/drive/client/drive file.c. The contains dotdot function fails to detect .. when it is the final component of a path without a...
CVE-2023-31403
SAP Business One installation - version 10.0, does not perform proper authentication and authorization checks for SMB shared folder. As a result, any malicious user can read and write to the SMB shared folder. Additionally, the files in the folder can be executed or be used by the installation...
CVE-2025-53939
Kiteworks is a private data network PDN. Prior to version 9.1.0, improper input validation when managing roles of a shared folder could lead to unexpectedly elevate another user's permissions on the share. This issue has been patched in version 9.1.0...
CVE-2025-53939 Kiteworks Core is vulnerable to Improper Input Validation
Kiteworks is a private data network PDN. Prior to version 9.1.0, improper input validation when managing roles of a shared folder could lead to unexpectedly elevate another user's permissions on the share. This issue has been patched in version 9.1.0...
CVE-2025-53939 Kiteworks Core is vulnerable to Improper Input Validation
Kiteworks is a private data network PDN. Prior to version 9.1.0, improper input validation when managing roles of a shared folder could lead to unexpectedly elevate another user's permissions on the share. This issue has been patched in version 9.1.0...
CVE-2025-53939 Kiteworks Core is vulnerable to Improper Input Validation
Kiteworks is a private data network PDN. Prior to version 9.1.0, improper input validation when managing roles of a shared folder could lead to unexpectedly elevate another user's permissions on the share. This issue has been patched in version 9.1.0...
CVE-2025-53939
Kiteworks Core (PDN) prior to version 9.1.0 contains an input validation flaw when managing roles on a shared folder, which could allow elevation of another user’s permissions on that share. The issue is fixed in version 9.1.0. Exploitation details are not provided in the available documents.
PT-2025-48362
Kiteworks is a private data network PDN. Prior to version 9.1.0, improper input validation when managing roles of a shared folder could lead to unexpectedly elevate another user's permissions on the share. This issue has been patched in version 9.1.0...
Missing Authorization
Copyparty is vulnerable to Missing Authorization. The vulnerability is due to a missing permission check in the shares feature shr global option, which allows an attacker to access sibling files within a shared folder by guessing their filenames, leading to unauthorized data exposure...
EUVD-2017-18275
Malware in sbrugna...
EUVD-2017-12411
Malware in sbrugna...
EUVD-2015-5899
Malware in sbrugna...
EUVD-2021-13414
Malware in sbrugna...
EUVD-2016-7727
Malware in sbrugna...