CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2018-18912
https://notcve.org/view.php?id=CVE-2018-18912
An issue was discovered in Easy File Sharing (EFS) Web Server 7.2. A stack-based buffer overflow vulnerability occurs when a malicious POST request has been made to forum.ghp upon creating a new topic in the forums, which allows remote attackers to execute arbitrary code. Se descubrió un problema en Easy File Sharing (EFS) Web Server 7.2. Una vulnerabilidad de desbordamiento de búfer basado en pila se produce cuando se ha realizado una petición POST maliciosa a forum.ghp al crear un nuevo tema en los foros, lo que permite a los atacantes remotos ejecutar código arbitrario. • https://github.com/notkisi/CVE-s/blob/master/CVE-2018-18912.py • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 34%CPEs: 1EXPL: 3CVE-2018-9059 – Easy File Sharing Web Server 7.2 - 'UserID' Remote Buffer Overflow (DEP Bypass)
https://notcve.org/view.php?id=CVE-2018-9059
Stack-based buffer overflow in Easy File Sharing (EFS) Web Server 7.2 allows remote attackers to execute arbitrary code via a malicious login request to forum.ghp. NOTE: this may overlap CVE-2014-3791. Desbordamiento de búfer basado en pila en Easy File Sharing (EFS) Web Server 7.2 permite que atacantes remotos ejecuten código arbitrario mediante un inicio de sesión malicioso en forum.ghp. NOTA: podría solaparse con CVE-2014-3791. Easy File Sharing Web Server version 7.2 suffers from a buffer overflow vulnerability. • https://www.exploit-db.com/exploits/44522 https://www.exploit-db.com/exploits/44485 https://github.com/manojcode/easy-file-share-7.2-exploit-CVE-2018-9059 http://packetstormsecurity.com/files/147246/Easy-File-Sharing-Web-Server-7.2-Buffer-Overflow.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 3CVE-2009-4809 – Easy File Sharing Web Server 4.8 - File Disclosure
https://notcve.org/view.php?id=CVE-2009-4809
Directory traversal vulnerability in thumbnail.ghp in Easy File Sharing (EFS) Web Server 4.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the vfolder parameter. Vulnerabilidad de salto de directorio en thumbnail.ghp en Easy File Sharing (EFS) Web Server v4.8 permite a atacantes remotos leer archivos de su elección a través del carácter .. (punto punto) en el parámetro vfolder. • https://www.exploit-db.com/exploits/8155 http://secunia.com/advisories/34121 http://www.exploit-db.com/exploits/8155 http://www.securityfocus.com/bid/33973 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •