11 matches found
CVE-2026-30914
SFTPGo is an open source, event-driven file transfer solution. In SFTPGo versions prior to 2.7.1, a path normalization discrepancy between the protocol handlers and the internal Virtual Filesystem routing can lead to an authorization bypass. An authenticated attacker can craft specific file paths...
SUSE CVE-2026-30914
SFTPGo is an open source, event-driven file transfer solution. In SFTPGo versions prior to 2.7.1, a path normalization discrepancy between the protocol handlers and the internal Virtual Filesystem routing can lead to an authorization bypass. An authenticated attacker can craft specific file paths...
CVE-2026-30914
SFTPGo is an open source, event-driven file transfer solution. In SFTPGo versions prior to 2.7.1, a path normalization discrepancy between the protocol handlers and the internal Virtual Filesystem routing can lead to an authorization bypass. An authenticated attacker can craft specific file paths...
CVE-2026-30914 SFTPGo has a Path Traversal and Permission Bypass via Path Normalization Discrepancy
SFTPGo is an open source, event-driven file transfer solution. In SFTPGo versions prior to 2.7.1, a path normalization discrepancy between the protocol handlers and the internal Virtual Filesystem routing can lead to an authorization bypass. An authenticated attacker can craft specific file paths...
CVE-2026-30914 SFTPGo has a Path Traversal and Permission Bypass via Path Normalization Discrepancy
SFTPGo is an open source, event-driven file transfer solution. In SFTPGo versions prior to 2.7.1, a path normalization discrepancy between the protocol handlers and the internal Virtual Filesystem routing can lead to an authorization bypass. An authenticated attacker can craft specific file paths...
CVE-2026-30914
CVE-2026-30914 — SFTPGo : A path normalization discrepancy between protocol handlers and the internal Virtual Filesystem routing in versions prior to 2.7.1 can allow an authenticated attacker to craft specific file paths to bypass folder-level permissions or escape Virtual Folders. This is mitiga...
CVE-2026-30914
SFTPGo is an open source, event-driven file transfer solution. In SFTPGo versions prior to 2.7.1, a path normalization discrepancy between the protocol handlers and the internal Virtual Filesystem routing can lead to an authorization bypass. An authenticated attacker can craft specific file paths...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal through a discrepancy in path normalization between protocol handlers and internal routing. An attacker can bypass folder-level permissions or escape the boundaries of a configured virtual folder by crafting specific...
GHSA-X8QH-7475-C5MP SFTPGo Vulnerable to Path Traversal and Permission Bypass via Path Normalization Discrepancy
Impact In SFTPGo versions prior to 2.7.1, a path normalization discrepancy between the protocol handlers and the internal Virtual Filesystem routing can lead to an authorization bypass. An authenticated attacker can craft specific file paths to bypass folder-level permissions or escape the...
PT-2026-25354
Name of the Vulnerable Software and Affected Versions SFTPGo versions prior to 2.7.1 Description SFTPGo is an open-source, event-driven file transfer solution. A path normalization discrepancy exists between the protocol handlers and the internal Virtual Filesystem routing in versions prior to...
Security Vulnerability with Microsoft Index Server 2.0(Sample fil e reveals file info, physical path etc)
Hi I noticed index server sample file is vulnerable which reveals file info and physical path. Vulnerable Microsoft Index Server 2.0 + IIS 4.0 + Windows NT Server 4.0 + Service Pack 6a Details The Index Server Sample file SQLQHit.asp shipped with Microsoft Index Server 2.0 and Option pack 4.0 , i...