1374 matches found
CVE-2023-53956
Flatnux 2021-03.25 is affected by an authenticated file upload vulnerability in the file manager that allows an admin with credentials to upload arbitrary PHP files to the web root, enabling remote code execution on the server. Public reference shows an exploit exists (exploits/51295). Root cause...
PT-2025-52526
Name of the Vulnerable Software and Affected Versions Flatnux version 2021-03.25 Description The software contains an authenticated file upload issue that permits administrative users to upload arbitrary PHP files via the file manager. An attacker with administrative access can upload malicious P...
CVE-2025-67487
Static Web Server SWS is a production-ready web server suitable for static web files or assets. Versions 2.40.0 and below contain symbolic links symlinks which can be used to access files or directories outside the intended web root folder. SWS generally does not prevent symlinks from escaping th...
CVE-2025-67487
Static Web Server SWS is a production-ready web server suitable for static web files or assets. Versions 2.40.0 and below contain symbolic links symlinks which can be used to access files or directories outside the intended web root folder. SWS generally does not prevent symlinks from escaping th...
CVE-2025-67487 Static Web Server is vulnerable to symbolic link Path Traversal
Static Web Server SWS is a production-ready web server suitable for static web files or assets. Versions 2.40.0 and below contain symbolic links symlinks which can be used to access files or directories outside the intended web root folder. SWS generally does not prevent symlinks from escaping th...
CVE-2025-67487 Static Web Server is vulnerable to symbolic link Path Traversal
Static Web Server SWS is a production-ready web server suitable for static web files or assets. Versions 2.40.0 and below contain symbolic links symlinks which can be used to access files or directories outside the intended web root folder. SWS generally does not prevent symlinks from escaping th...
CVE-2025-67487 Static Web Server is vulnerable to symbolic link Path Traversal
Static Web Server SWS is a production-ready web server suitable for static web files or assets. Versions 2.40.0 and below contain symbolic links symlinks which can be used to access files or directories outside the intended web root folder. SWS generally does not prevent symlinks from escaping th...
CVE-2025-67487
The CVE refers to Static Web Server (SWS) where versions 2.40.0 and earlier fail to properly constrain symbolic links, allowing path traversal to files/directories outside the web root via URL or directory listings. Root cause: symlinks escaping the server’s root due to inadequate checks. Impact:...
PT-2025-49798
Name of the Vulnerable Software and Affected Versions Static Web Server versions 2.40.0 and below Description Static Web Server SWS is a web server designed for static web files. Versions 2.40.0 and below do not adequately prevent symbolic links symlinks from being used to access files and...
Static Web Server vulnerable to a symbolic link path traversal
Summary Symbolic links symlinks could be used to access files or directories outside the intended web root folder. Details SWS generally does not prevent symlinks from escaping the web server’s root directory. Therefore, if a malicious actor gains access to the web server’s root directory, they...
GHSA-459F-X8VQ-XJJM Static Web Server vulnerable to a symbolic link path traversal
Summary Symbolic links symlinks could be used to access files or directories outside the intended web root folder. Details SWS generally does not prevent symlinks from escaping the web server’s root directory. Therefore, if a malicious actor gains access to the web server’s root directory, they...
EUVD-2025-198992
Ruijie NBR series routers contain an unauthenticated arbitrary file upload vulnerability via /ddi/server/fileupload.php. The endpoint accepts attacker-supplied values in the name and uploadDir parameters and saves the provided multipart file content without adequate validation or sanitization of...
PT-2025-47958
Name of the Vulnerable Software and Affected Versions Ruijie NBR series routers affected versions not specified Description Ruijie NBR series routers contain an unauthenticated arbitrary file upload issue via the /ddi/server/fileupload.php endpoint. The endpoint accepts attacker-controlled values...
CVE-2016-15056
Ubee EVW3226 cable modem/routers firmware versions up to and including 1.0.20 store configuration backup files in the web root after they are generated for download. These backup files remain accessible without authentication until the next reboot. A remote attacker on the local network can reque...
CVE-2016-15056
Ubee EVW3226 cable modem/routers firmware versions up to and including 1.0.20 store configuration backup files in the web root after they are generated for download. These backup files remain accessible without authentication until the next reboot. A remote attacker on the local network can reque...
EUVD-2016-10800
Ubee EVW3226 cable modem/routers firmware versions up to and including 1.0.20 store configuration backup files in the web root after they are generated for download. These backup files remain accessible without authentication until the next reboot. A remote attacker on the local network can reque...
CVE-2016-15056 Ubee EVW3226 Unauthenticated Backup File Disclosure
Ubee EVW3226 cable modem/routers firmware versions up to and including 1.0.20 store configuration backup files in the web root after they are generated for download. These backup files remain accessible without authentication until the next reboot. A remote attacker on the local network can reque...
CVE-2016-15056 Ubee EVW3226 Unauthenticated Backup File Disclosure
Ubee EVW3226 cable modem/routers firmware versions up to and including 1.0.20 store configuration backup files in the web root after they are generated for download. These backup files remain accessible without authentication until the next reboot. A remote attacker on the local network can reque...
CVE-2016-15056
The CVE affects Ubee EVW3226 cable modem/router firmware up to 1.0.20. A configuration backup file (Configuration_file.cfg) is stored in the web root after generation and remains accessible without authentication until the next reboot, enabling a local-network attacker to retrieve the backup arch...
PT-2025-47014
Name of the Vulnerable Software and Affected Versions Ubee EVW3226 versions up to and including 1.0.20 Description The Ubee EVW3226 cable modem/router firmware stores configuration backup files in the web root after they are generated for download. These files remain accessible without...