12 matches found
CVE-2019-18952
SibSoft Xfilesharing through 2.5.1 allows cgi-bin/up.cgi arbitrary file upload. This can be combined with CVE-2019-18951 to achieve remote code execution via a .html file, containing short codes, that is served over HTTP...
CVE-2019-18951
SibSoft Xfilesharing through 2.5.1 allows op=page=../ directory traversal to read arbitrary files...
VulnCheck KEV: CVE-2019-18952
SibSoft Xfilesharing through 2.5.1 allows cgi-bin/up.cgi arbitrary file upload. This can be combined with CVE-2019-18951 to achieve remote code execution via a .html file, containing short codes, that is served over HTTP...
SibSoft Xfilesharing File Upload Vulnerability
SibSoft Xfilesharing is a file sharing solution from the Russian company SibSoft. A file upload vulnerability exists in SibSoft Xfilesharing. An attacker can exploit this vulnerability to achieve remote code execution...
CVE-2019-18951
SibSoft Xfilesharing through 2.5.1 allows op=page&tmpl=../ directory traversal to read arbitrary files...
CVE-2019-18952
SibSoft Xfilesharing through 2.5.1 allows cgi-bin/up.cgi arbitrary file upload. This can be combined with CVE-2019-18951 to achieve remote code execution via a .html file, containing short codes, that is served over HTTP...
CVE-2019-18952
SibSoft Xfilesharing through 2.5.1 allows cgi-bin/up.cgi arbitrary file upload. This can be combined with CVE-2019-18951 to achieve remote code execution via a .html file, containing short codes, that is served over HTTP...
Design/Logic Flaw
SibSoft Xfilesharing through 2.5.1 allows cgi-bin/up.cgi arbitrary file upload. This can be combined with CVE-2019-18951 to achieve remote code execution via a .html file, containing short codes, that is served over HTTP...
CVE-2019-18952
SibSoft Xfilesharing through 2.5.1 allows cgi-bin/up.cgi arbitrary file upload. This can be combined with CVE-2019-18951 to achieve remote code execution via a .html file, containing short codes, that is served over HTTP...
CVE-2019-18952
CVE-2019-18952 affects SibSoft Xfilesharing up to version 2.5.1, enabling an arbitrary file upload through cgi-bin/up.cgi. The accompanying data shows this can be chained with CVE-2019-18951 (directory traversal via op=page&tmpl=…) to achieve remote code execution, using a crafted HTML file serve...
CVE-2019-18951
CVE-2019-18951 affects SibSoft Xfilesharing up to version 2.5.1. The vulnerability is a directory traversal via op=page&tmpl=../, allowing reading arbitrary files. Public sources in the connected documents corroborate a path traversal/LFI-style exposure, with exploit context and mention of a comb...
CVE-2019-18952
SibSoft Xfilesharing through 2.5.1 allows cgi-bin/up.cgi arbitrary file upload. This can be combined with CVE-2019-18951 to achieve remote code execution via a .html file, containing short codes, that is served over HTTP. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value:...