CVSS: 5.0EPSS: 4%CPEs: 9EXPL: 0CVE-2014-1943 – file: unrestricted recursion in handling of indirect type rules
https://notcve.org/view.php?id=CVE-2014-1943
Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file. Fine Free File anterior a 5.17 permite a atacantes dependientes de contexto causar una denegación de servicio (recursión infinita, consumo de CPU y caída) a través de un valor manipulado de desplazamiento indirecto en el "magic" de un archivo. A denial of service flaw was found in the way the File Information (fileinfo) extension handled indirect rules. A remote attacker could use this flaw to cause a PHP application using fileinfo to crash or consume an excessive amount of CPU. • http://lists.opensuse.org/opensuse-updates/2014-03/msg00034.html http://lists.opensuse.org/opensuse-updates/2014-03/msg00037.html http://mx.gw.com/pipermail/file/2014/001327.html http://mx.gw.com/pipermail/file/2014/001330.html http://mx.gw.com/pipermail/file/2014/001334.html http://mx.gw.com/pipermail/file/2014/001337.html http://rhn.redhat.com/errata/RHSA-2014-1765.html http://support.apple.com/kb/HT6443 http://www.debian.org/security/2014/dsa-2861 http:& • CWE-755: Improper Handling of Exceptional Conditions CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 0CVE-2013-4139
https://notcve.org/view.php?id=CVE-2013-4139
The Stage File Proxy module 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to cause a denial of service (file operations performance degradation and failure) via a large number of requests. El módulo Stage File Proxy v7.x-1.x anterior a v7.x-1.4 para Drupal, lo que permite a atacantes remotos provocar una denegación de servicio (degradación del rendimiento de las operaciones de ficheros y fallos) a través de un gran número de solicitudes. • http://www.openwall.com/lists/oss-security/2013/07/17/1 https://drupal.org/node/2038799 https://drupal.org/node/2038801 •
CVSS: 5.0EPSS: 0%CPEs: 5EXPL: 0CVE-2013-4668
https://notcve.org/view.php?id=CVE-2013-4668
Directory traversal vulnerability in File Roller 3.6.x before 3.6.4, 3.8.x before 3.8.3, and 3.9.x before 3.9.3, when libarchive is used, allows remote attackers to create arbitrary files via a crafted archive that is not properly handled in a "Keep directory structure" action, related to fr-archive-libarchive.c and fr-window.c. Vulnerabilidad de salto de directorio en File Roller v3.6.x anterior a v3.6.4, v3.8.x anterior a v3.8.3, y v3.9.x anterior a v3.9.3, cuando libarchive es utilizado, permite a atacantes remotos crear archivos arbitrarios a través de un archivo especialmente diseñado que que no es se maneja adecuadamente en una acción "Keep directory structure", en relación a fr-archive-libarchive.c y fr-window.c. • http://archives.neohapsis.com/archives/bugtraq/2013-07/0039.html http://lists.opensuse.org/opensuse-updates/2013-07/msg00095.html http://secunia.com/advisories/54351 http://www.ocert.org/advisories/ocert-2013-001.html http://www.securityfocus.com/bid/61008 http://www.ubuntu.com/usn/USN-1906-1 https://git.gnome.org/browse/file-roller/commit/?id=b147281293a8307808475e102a14857055f81631 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 3CVE-2009-4809 – Easy File Sharing Web Server 4.8 - File Disclosure
https://notcve.org/view.php?id=CVE-2009-4809
Directory traversal vulnerability in thumbnail.ghp in Easy File Sharing (EFS) Web Server 4.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the vfolder parameter. Vulnerabilidad de salto de directorio en thumbnail.ghp en Easy File Sharing (EFS) Web Server v4.8 permite a atacantes remotos leer archivos de su elección a través del carácter .. (punto punto) en el parámetro vfolder. • https://www.exploit-db.com/exploits/8155 http://secunia.com/advisories/34121 http://www.exploit-db.com/exploits/8155 http://www.securityfocus.com/bid/33973 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 1%CPEs: 6EXPL: 2CVE-2008-7027 – Libra PHP File Manager 1.18 - Insecure Cookie Handling
https://notcve.org/view.php?id=CVE-2008-7027
Libra File Manager 1.18 and earlier allows remote attackers to bypass authentication and gain privileges by setting the user and pass cookies to 1. Libra File Manager 1.18 y versiones anteriores permite a atacantes remotos eludir la autenticación y obtener privilegios mediante el establecimiento de las cookies "user" y "pass" a 1. • https://www.exploit-db.com/exploits/6579 http://www.securityfocus.com/bid/31422 • CWE-287: Improper Authentication •