Path traversal

A Path Traversal in simplehttpserver versions =0.2.1 allows to list any file in another folder of web root...

CVE-2018-16478

A Path Traversal in simplehttpserver versions =0.2.1 allows to list any file in another folder of web root...

CVE-2018-16478

A Path Traversal in simplehttpserver versions =0.2.1 allows to list any file in another folder of web root...

CVE-2018-16478

A Path Traversal in simplehttpserver versions =0.2.1 allows to list any file in another folder of web root...

CVE-2018-16478

CVE-2018-16478 affects the Python-like HTTP server module simplehttpserver , version ≤ 0.2.1. The root cause is a path traversal vulnerability that allows a URL to navigate via symlinks, enabling an attacker to list files outside the web root (information disclosure). Documented impact: informati...

Information Disclosure

simplehttpserver is vulnerable to information disclosure attacks. The vulnerability exists due to the ability to traverse documents out of the webroot through symlink...

GHSA-GPVJ-Q7FP-JCCH simplehttpserver allows directory traversal and file listing

Path traversal in simplehttpserver v0.2.1 allows listing any file on the server...

simplehttpserver allows directory traversal and file listing

Path traversal in simplehttpserver v0.2.1 allows listing any file on the server...

h-include (=1.0.0), hinclude (>=1.0.1 <=1.1.0) +3 more potentially affected by CVE-2018-3787 via simplehttpserver (>=0.0.6 <=0.1.1)

simplehttpserver NPM version =0.0.6, =1.0.1, =0.0.1, =0.0.2 Source cves: CVE-2018-3787 Source advisory: OSV:GHSA-GPVJ-Q7FP-JCCH...

simplehttpserver Path Traversal Vulnerability

simplehttpserver is a Python based HTTP server for testing, development and debugging of projects. A path traversal vulnerability exists in versions of simplehttpserver prior to 0.2.1, which can be exploited by an attacker to list arbitrary files on the server...

Node.js third-party modules: List any file in the folder by using path traversal

I would like to report Path Traversal in simplehttpserver. It allows to list any file in another folder of web root. Module module name: simplehttpserver version: v0.2.1 npm page: https://www.npmjs.com/package/simplehttpserver Module Description 'simpehttpserver' is an simple imitation of python'...

CVE-2018-3787

Path traversal in simplehttpserver v0.2.1 allows listing any file on the server...

Path traversal

Path traversal in simplehttpserver v0.2.1 allows listing any file on the server...

CVE-2018-3787

Path traversal in simplehttpserver v0.2.1 allows listing any file on the server...

CVE-2018-3787

The CVE-2018-3787 vulnerability affects the Python-based simplehttpserver project. Affected versions are prior to 0.2.1, where the server concatenates the requested URL path to the web root, enabling path traversal and the listing of arbitrary server files. Impact described across multiple source...

CVE-2018-3787

Path traversal in simplehttpserver v0.2.1 allows listing any file on the server...

PT-2018-16204 · Unknown · Simplehttpserver

Name of the Vulnerable Software and Affected Versions: simplehttpserver versions prior to 0.2.1 Description: The issue allows for path traversal, enabling the listing of any file on the server. Recommendations: For versions prior to 0.2.1, update to version 0.2.1 or later to resolve the issue...

Directory Traversal

simplehttpserver is vulnerable to directory traversal. An attacker is able to exploit the vulnerability to retrieve and view system files by using the characters ../ in the directory path of the URL...

h-include (=1.0.0), hinclude (>=1.0.1 <=1.1.0) +2 more potentially affected by CVE-2018-3716 via simplehttpserver (=0.0.6)

simplehttpserver NPM version =0.0.6 is affected by a known vulnerability. The following packages have a transitive dependency on simplehttpserver and may be impacted: - h-include =1.0.0 - hinclude =1.0.1, =0.0.1, =0.0.2 Source cves: CVE-2018-3716 Source advisory: OSV:GHSA-JRHJ-2J3Q-XF3V...

GHSA-JRHJ-2J3Q-XF3V Stored Cross-Site Scripting in simplehttpserver

Simplehttpserver prior to version 0.1.0 are vulnerable to stored cross-site scripting XSS. To be exploited an attacker needs to control the filename of a file that is used in the directory listing output. This version is patched in 0.1.0...