35 matches found
CVE-2024-32966
Static Web Server SWS is a tiny and fast production-ready web server suitable to serve static web files or assets. In affected versions if directory listings are enabled for a directory that an untrusted user has upload privileges for, a malicious file name like .txt will allow JavaScript code...
CVE-2024-32966
The CVE-2024-32966 issue affects Static Web Server (SWS) when directory listings are enabled and a user with upload rights can name files. The directory listing code embeds file/directory names directly into HTML without escaping, enabling stored XSS via malicious file names (e.g., .txt). This ca...
CVE-2024-32966 Stored Cross-site Scripting in directory listings via file names in static-web-server
Static Web Server SWS is a tiny and fast production-ready web server suitable to serve static web files or assets. In affected versions if directory listings are enabled for a directory that an untrusted user has upload privileges for, a malicious file name like .txt will allow JavaScript code...
Static Web Server 安全漏洞
Static Web Server is a static web server from the German company Static Web Server. A security vulnerability exists in Static Web Server SWS versions 2.28.0 and earlier that originates from a vulnerability that allows an attacker to upload a malicious filename to execute JavaScript code in the we...
CVE-2024-32966
creationtimestamp| type| source ---|---|--- 2024-04-30 09:02:01+00:00| published-proof-of-concept| https://github.com/static-web-server/static-web-server/security/advisories/GHSA-rwfq-v4hq-h7fg...
PT-2024-25013 · Unknown · Static Web Server
Name of the Vulnerable Software and Affected Versions: Static Web Server SWS affected versions not specified Description: The issue allows JavaScript code execution in the context of the web server's domain when directory listings are enabled for a directory that an untrusted user has upload...
Static HTTP Server Buffer Overflow Vulnerability
Static HTTP Server is a static HTTP server. A buffer overflow vulnerability exists in Static HTTP Server version 1.0. The vulnerability stems from a network system or product performing operations in memory without properly validating data boundaries, resulting in incorrect read and write...
Directory Traversal in lactate
A crafted GET request can be leveraged to traverse the directory structure of a host using the lactate web server package, and request arbitrary files outside of the specified web root. This allows for a remote attacker to gain access to arbitrary files on the filesystem that the process has acce...
GHSA-VX85-MJ8C-4QM6 Apache Thrift Node.js static web server sandbox escape
The Apache Thrift Node.js static web server in versions 0.9.2 through 0.11.0 have been determined to contain a security vulnerability in which a remote user has the ability to access files outside the set webservers docroot path...
Apache Thrift Node.js static web server sandbox escape
The Apache Thrift Node.js static web server in versions 0.9.2 through 0.11.0 have been determined to contain a security vulnerability in which a remote user has the ability to access files outside the set webservers docroot path...
GHSA-9J5M-873F-XH76 Directory Traversal in static-html-server
Affected versions of static-html-server resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system...
ritp directory traversal vulnerability
ritp is a static web server. A directory traversal vulnerability exists in ritp. An attacker can exploit this vulnerability by placing a '... /' sequence in a URL to gain access to the file system restricted access to files such as /etc/passwd...
CVE-2017-16198
ritp is a static web server. ritp is vulnerable to a directory traversal issue whereby an attacker can gain access to the file system by placing ../ in the URL. Access is restricted to files with a file extension, so files such as /etc/passwd are not accessible...
CVE-2017-16198
ritp is a static web server. ritp is vulnerable to a directory traversal issue whereby an attacker can gain access to the file system by placing ../ in the URL. Access is restricted to files with a file extension, so files such as /etc/passwd are not accessible...
CVE-2017-16198
CVE-2017-16198 affects ritp, a static web server. Documents in multiple sources describe a directory traversal vulnerability caused by crafting URLs with relative path sequences (e.g., ../../..). This can lead to disclosure of files outside the intended directory root (e.g., private files), with ...