18 matches found
GHSA-3JMQ-QHG3-F58J mcpo-simple-server has a Path Traversal issue
A weakness has been identified in getsimpletool mcpo-simple-server up to 0.2.0. Affected is the function deletesharedprompt of the file src/mcposimpleserver/services/promptmanager/basemanager.py. This manipulation of the argument detail causes relative path traversal. It is possible to initiate t...
CVE-2026-7404
A weakness has been identified in getsimpletool mcpo-simple-server up to 0.2.0. Affected is the function deletesharedprompt of the file src/mcposimpleserver/services/promptmanager/basemanager.py. This manipulation of the argument detail causes relative path traversal. It is possible to initiate t...
CVE-2026-7404
The CVE affects getsimpletool mcpo-simple-server up to 0.2.0. The vulnerability is in delete_shared_prompt (src/mcpo_simple_server/services/prompt_manager/base_manager.py), where manipulation of the detail argument enables relative path traversal. It can be exploited remotely, and a public exploi...
CVE-2026-7404 getsimpletool mcpo-simple-server base_manager.py delete_shared_prompt path traversal
A weakness has been identified in getsimpletool mcpo-simple-server up to 0.2.0. Affected is the function deletesharedprompt of the file src/mcposimpleserver/services/promptmanager/basemanager.py. This manipulation of the argument detail causes relative path traversal. It is possible to initiate t...
EUVD-2026-26288
A weakness has been identified in getsimpletool mcpo-simple-server up to 0.2.0. Affected is the function deletesharedprompt of the file src/mcposimpleserver/services/promptmanager/basemanager.py. This manipulation of the argument detail causes relative path traversal. It is possible to initiate t...
CVE-2026-7404
A weakness has been identified in getsimpletool mcpo-simple-server up to 0.2.0. Affected is the function deletesharedprompt of the file src/mcposimpleserver/services/promptmanager/basemanager.py. This manipulation of the argument detail causes relative path traversal. It is possible to initiate t...
CVE-2026-7404 getsimpletool mcpo-simple-server base_manager.py delete_shared_prompt path traversal
A weakness has been identified in getsimpletool mcpo-simple-server up to 0.2.0. Affected is the function deletesharedprompt of the file src/mcposimpleserver/services/promptmanager/basemanager.py. This manipulation of the argument detail causes relative path traversal. It is possible to initiate t...
PT-2026-36006
Name of the Vulnerable Software and Affected Versions getsimpletool mcpo-simple-server versions prior to 0.2.1 Description A relative path traversal issue exists in the delete shared prompt function within the src/mcpo simple server/services/prompt manager/base manager.py file. This occurs due to...
EUVD-2026-19488
goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.3, PUT upload in httpserver/updown.go has no path sanitization. This vulnerability is fixed in 2.0.0-beta.3...
EUVD-2001-0297
Malware in sbrugna...
CVE-2023-46918
Phlox com.phlox.simpleserver.plus aka Simple HTTP Server PLUS 1.8.1-plus has an Android manifest file that contains an entry with the android:allowBackup attribute set to true. This could be leveraged by an attacker with physical access to the device...
CVE-2023-46919
Phlox com.phlox.simpleserver aka Simple HTTP Server 1.8 and com.phlox.simpleserver.plus aka Simple HTTP Server PLUS 1.8.1-plus have a hardcoded aKySWb2jjrr4dzkYXczKRt7K AES encryption key. An attacker with physical access to the application's source code or binary can extract this key & use it...
Cross-Site Scripting
Overview Versions of simple-server before 1.1.0 are vulnerable to stored cross-site scripting XSS. This is exploitable if an attacker can control a filename on the server. Recommendation Update to version 1.1.0 or later. References - HackerOne Report...
Node.js third-party modules: [simple-server] HTML with iframe element can be used as filename, which might lead to load and execute malicious JavaScript
Hi Guys, simple-server allows to embed HTML in file names, which in certain conditions might lead to execute malicious JavaScript. This is caused by outdated version of connect framework. Module: Simple Server allows you to easily get a node.js static file server up and running anywhere anytime...
CVE-2001-0297
Directory traversal vulnerability in Simple Server HTTPd 1.0 originally Free Java Server allows remote attackers to read arbitrary files via a .. dot dot in the URL...
CVE-2001-0297
Directory traversal vulnerability in Simple Server HTTPd 1.0 originally Free Java Server allows remote attackers to read arbitrary files via a .. dot dot in the URL...
The Simple Server HTTPd Directory Traversal
Introduction: The Simple Server is a User-Friendly Web Server that handles HTTP requests. It is Windows based and extremely convenient to configure and is coded in Java. It requires the Java Runtime Environment package in order for the program to be able to execute. Please note this program isn't...
Дырка в AnalogX Simple Server
Запрос к длинному имени файла в каталоге cgi-bin приводит к краху сервера...