CVE-2025-67487 Static Web Server is vulnerable to symbolic link Path Traversal

Static Web Server SWS is a production-ready web server suitable for static web files or assets. Versions 2.40.0 and below contain symbolic links symlinks which can be used to access files or directories outside the intended web root folder. SWS generally does not prevent symlinks from escaping th...

CVE-2025-67487

The CVE refers to Static Web Server (SWS) where versions 2.40.0 and earlier fail to properly constrain symbolic links, allowing path traversal to files/directories outside the web root via URL or directory listings. Root cause: symlinks escaping the server’s root due to inadequate checks. Impact:...

CVE-2025-67487 Static Web Server is vulnerable to symbolic link Path Traversal

Static Web Server SWS is a production-ready web server suitable for static web files or assets. Versions 2.40.0 and below contain symbolic links symlinks which can be used to access files or directories outside the intended web root folder. SWS generally does not prevent symlinks from escaping th...

PT-2025-49798

Name of the Vulnerable Software and Affected Versions Static Web Server versions 2.40.0 and below Description Static Web Server SWS is a web server designed for static web files. Versions 2.40.0 and below do not adequately prevent symbolic links symlinks from being used to access files and...

EUVD-2020-3794

Malware in sbrugna...

CVE-2012-10061

Sockso Music Host Server versions = 1.5 are vulnerable to a path traversal flaw that allows unauthenticated remote attackers to read arbitrary files from the server’s filesystem. The vulnerability exists in the HTTP interface on port 4444, where the endpoint /file/ fails to properly sanitize...

go-fastdfs 代码问题漏洞

go-fastdfs is a simple distributed file system private cloud storage, with no center, high performance, high reliability, maintenance-free and other advantages, support for intermittent uploads, chunked uploads, small file merging, auto-synchronization, auto-repair. sjqzhang go-fastdfs version...

CVE-2021-39369

In Philips formerly Carestream Vue MyVue PACS through 12.2.x.x, the VideoStream function allows Path Traversal by authenticated users to access files stored outside of the web root...

CVE-2020-11440

httpRpmFs in WebCLI in Wind River VxWorks 5.5 through 7 SR0640 has no check for an escape from the web root...

CVE-2020-11440

CVE-2020-11440 describes a vulnerability in Wind River VxWorks (WebCLI) where httpRpmFs fails to validate escaping attempts from the web root, potentially exposing sensitive data. The NVD entry notes a network-based attack surface with a CVSS v3.1 base score of 7.5 (High) and a CVSS v2 base score...

clearswift mimesweeper for web 4.0/5.0 - Directory Traversal vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10918/info Clearswift MIMEsweeper For Web is reported prone to a directory traversal vulnerability due to insufficient sanitization of user-supplied data. To carry out an attack an attacker may specify a relative path to ...