Lucene search
K

25 matches found

CNNVD
CNNVD
added 2024/04/09 12:0 a.m.4 views

PsiTransfer 安全漏洞

PsiTransfer is a simple open source hosted file sharing solution from the individual developer Christoph Wiechert. A security vulnerability exists in PsiTransfer versions prior to 2.2.0, which stems from an unrestricted endpoint that allows an attacker who receives a file distribution ID to alter...

6.5CVSS6.4AI score0.00524EPSS
Exploits0References3
Veracode
Veracode
added 2024/04/08 6:29 a.m.13 views

File Integrity Manipulation

psitransfer is vulnerable to File integrity Manipulation. The vulnerability is due to the lack of proper access controls or restrictions on the endpoint designed for uploading files, allowing an attacker with the file distribution ID to alter the files within that distribution...

7.1AI score
Exploits0
Github Security Blog
Github Security Blog
added 2024/04/05 5:15 p.m.40 views

PsiTransfer: Violation of the integrity of file distribution

Summary The absence of restrictions on the endpoint, which allows you to create a path for uploading a file in a file distribution, allows an attacker to add arbitrary files to the distribution. Details Vulnerable endpoint: POST /files PoC 1. Create a file distribution. 2. Go to the link address ...

6.5CVSS7.2AI score0.00524EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2024/04/05 12:0 a.m.6 views

PT-2024-24088 · Unknown · Psitransfer

Name of the Vulnerable Software and Affected Versions: PsiTransfer versions prior to 2.2.0 Description: The issue arises from the absence of restrictions on the PATCH /files/id endpoint, which is designed for uploading files. This allows an attacker who has received the id of a file distribution ...

6.5CVSS7.2AI score0.00524EPSS
Exploits0References9
Huntr
Huntr
added 2021/05/26 9:52 p.m.13 views

in psi-4ward/psitransfer

✍️ Description Hi, with PsiTransfer we can upload files and protect them with a password. However, there is an IDOR that let an attacker retrieve arbitrary files and get the AES encrypted data of these files. All is left is to perform an offline bruteforce to crack the password of this file and ge...

0.9AI score
Exploits0
Rows per page
Query Builder