Lucene search
K

1609 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 3:4 p.m.4 views

CVE-2017-20224

Telesquare SKT LTE Router SDT-CS3B1 version 1.2.0 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious content by exploiting enabled WebDAV HTTP methods. Attackers can use PUT, DELETE, MKCOL, MOVE, COPY, and PROPPATCH methods to upload executab...

9.8CVSS6.6AI score0.01039EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:0 p.m.3 views

CVE-2026-33329

FileRise is a self-hosted web file manager / WebDAV server. From version 1.0.1 to before version 3.10.0, the resumableIdentifier parameter in the Resumable.js chunked upload handler UploadModel::handleUpload is concatenated directly into filesystem paths without any sanitization. An authenticated...

8.1CVSS5.9AI score0.00444EPSS
Exploits1References1
NVD
NVD
added 2026/03/20 9:16 a.m.8 views

CVE-2026-33072

FileRise is a self-hosted web file manager / WebDAV server. In versions prior to 3.9.0, a hardcoded default encryption key defaultpleasechangethiskey is used for all cryptographic operations — HMAC token generation, AES config encryption, and session tokens — allowing any unauthenticated attacker...

8.2CVSS0.00225EPSS
Exploits1References2
NVD
NVD
added 2026/03/20 9:16 a.m.6 views

CVE-2026-33070

FileRise is a self-hosted web file manager / WebDAV server. In versions prior to 3.8.0, a missing-authentication vulnerability in the deleteShareLink endpoint allows any unauthenticated user to delete arbitrary file share links by providing only the share token, causing denial of service to share...

4.8CVSS0.00371EPSS
Exploits1References2
NVD
NVD
added 2026/03/20 9:16 a.m.6 views

CVE-2026-33071

FileRise is a self-hosted web file manager / WebDAV server. In versions prior to 3.8.0, the WebDAV upload endpoint accepts any file extension including .phtml, .php5, .htaccess, and other server-side executable types, bypassing the filename validation enforced by the regular upload path. In...

8.8CVSS0.00621EPSS
Exploits1References2
CVE
CVE
added 2026/03/20 8:31 a.m.11 views

CVE-2026-33072

Summary. CVE-2026-33072 affects FileRise, a self-hosted web file manager/WebDAV server. In versions prior to 3.9.0, a hardcoded default encryption key (default_please_change_this_key) is used for all crypto operations (HMAC token generation, AES config encryption, and session tokens), enabling an...

8.2CVSS5.9AI score0.00225EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/20 8:31 a.m.7 views

CVE-2026-33072

FileRise is a self-hosted web file manager / WebDAV server. In versions prior to 3.9.0, a hardcoded default encryption key defaultpleasechangethiskey is used for all cryptographic operations — HMAC token generation, AES config encryption, and session tokens — allowing any unauthenticated attacker...

8.2CVSS5.9AI score0.00225EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/20 8:27 a.m.4 views

CVE-2026-33071

FileRise is a self-hosted web file manager / WebDAV server. In versions prior to 3.8.0, the WebDAV upload endpoint accepts any file extension including .phtml, .php5, .htaccess, and other server-side executable types, bypassing the filename validation enforced by the regular upload path. In...

4.3CVSS6.1AI score0.00621EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/03/20 8:27 a.m.25 views

CVE-2026-33071 FileRise: WebDAV upload path bypasses filename validation enforced by regular uploads

FileRise is a self-hosted web file manager / WebDAV server. In versions prior to 3.8.0, the WebDAV upload endpoint accepts any file extension including .phtml, .php5, .htaccess, and other server-side executable types, bypassing the filename validation enforced by the regular upload path. In...

4.3CVSS0.00621EPSS
Exploits1References2
CVE
CVE
added 2026/03/20 8:27 a.m.8 views

CVE-2026-33071

CVE-2026-33071 concerns FileRise, a self-hosted web file manager/WebDAV server. Affected versions prior to 3.8.0 allow WebDAV uploads to bypass the filename validation enforced by the regular upload path, since createFile() and put() accept filenames directly from the WebDAV client without valida...

8.8CVSS6.1AI score0.00621EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/03/20 8:25 a.m.5 views

CVE-2026-33070 FileRise has Unauthenticated Share Link Deletion

FileRise is a self-hosted web file manager / WebDAV server. In versions prior to 3.8.0, a missing-authentication vulnerability in the deleteShareLink endpoint allows any unauthenticated user to delete arbitrary file share links by providing only the share token, causing denial of service to share...

3.7CVSS6AI score0.00371EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/03/20 8:25 a.m.25 views

CVE-2026-33070 FileRise has Unauthenticated Share Link Deletion

FileRise is a self-hosted web file manager / WebDAV server. In versions prior to 3.8.0, a missing-authentication vulnerability in the deleteShareLink endpoint allows any unauthenticated user to delete arbitrary file share links by providing only the share token, causing denial of service to share...

3.7CVSS0.00371EPSS
Exploits1References2
EUVD
EUVD
added 2026/03/20 8:25 a.m.6 views

EUVD-2026-13640

FileRise is a self-hosted web file manager / WebDAV server. In versions prior to 3.8.0, a missing-authentication vulnerability in the deleteShareLink endpoint allows any unauthenticated user to delete arbitrary file share links by providing only the share token, causing denial of service to share...

3.7CVSS6AI score0.00371EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/20 8:25 a.m.4 views

CVE-2026-33070

FileRise is a self-hosted web file manager / WebDAV server. In versions prior to 3.8.0, a missing-authentication vulnerability in the deleteShareLink endpoint allows any unauthenticated user to delete arbitrary file share links by providing only the share token, causing denial of service to share...

3.7CVSS6AI score0.00371EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/20 12:0 a.m.4 views

PT-2026-26588

FileRise is a self-hosted web file manager / WebDAV server. In versions prior to 3.8.0, the WebDAV upload endpoint accepts any file extension including .phtml, .php5, .htaccess, and other server-side executable types, bypassing the filename validation enforced by the regular upload path. In...

4.3CVSS6.1AI score0.00621EPSS
Exploits1References5
EUVD
EUVD
added 2026/03/16 3:30 p.m.5 views

EUVD-2017-18941

Telesquare SKT LTE Router SDT-CS3B1 version 1.2.0 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious content by exploiting enabled WebDAV HTTP methods. Attackers can use PUT, DELETE, MKCOL, MOVE, COPY, and PROPPATCH methods to upload executab...

9.8CVSS6.5AI score0.01039EPSS
Exploits2References4
NVD
NVD
added 2026/03/16 2:17 p.m.12 views

CVE-2017-20224

Telesquare SKT LTE Router SDT-CS3B1 version 1.2.0 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious content by exploiting enabled WebDAV HTTP methods. Attackers can use PUT, DELETE, MKCOL, MOVE, COPY, and PROPPATCH methods to upload executab...

9.8CVSS0.01039EPSS
Exploits2References3
CVE
CVE
added 2026/03/16 1:28 a.m.13 views

CVE-2017-20224

CVE-2017-20224 affects Telesquare SKT LTE Router SDT-CS3B1 1.2.0. The issue is an arbitrary file upload vulnerability via enabled WebDAV HTTP methods (PUT, DELETE, MKCOL, MOVE, COPY, PROPPATCH) that allows unauthenticated attackers to upload executable code and manipulate server content, potentia...

9.8CVSS6.5AI score0.01039EPSS
Exploits2References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/16 1:28 a.m.7 views

CVE-2017-20224 Telesquare SKT LTE Router SDT-CS3B1 WebDAV Arbitrary File Upload

Telesquare SKT LTE Router SDT-CS3B1 version 1.2.0 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious content by exploiting enabled WebDAV HTTP methods. Attackers can use PUT, DELETE, MKCOL, MOVE, COPY, and PROPPATCH methods to upload executab...

9.8CVSS6.5AI score0.01039EPSS
Exploits2References3
ATTACKERKB
ATTACKERKB
added 2026/03/16 1:28 a.m.2 views

CVE-2017-20224

Telesquare SKT LTE Router SDT-CS3B1 version 1.2.0 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious content by exploiting enabled WebDAV HTTP methods. Attackers can use PUT, DELETE, MKCOL, MOVE, COPY, and PROPPATCH methods to upload executab...

6.5AI score0.01039EPSS
Exploits2References4Affected Software1
Rows per page
Query Builder