Zeitnah aktualisieren
Derived automatically from release, repo and CVE data — no judgment by a language model.
File Browser, a file management application, fails to properly invalidate authentication tokens when users log out, allowing stolen tokens to continue providing unauthorized access until they naturally expire.
File Browser doesn't check maximum password length during login, allowing attackers to send extremely long passwords that consume excessive CPU and memory during hashing, potentially crashing the service.
A security vulnerability in the File Browser application allows authenticated users to delete other users' shared links without authorization due to missing ownership validation checks.
A critical vulnerability in the Go standard library used by File Browser allows HTTP request smuggling attacks through improper handling of line terminators in HTTP chunk data.
A security vulnerability in File Browser software allows attackers to discover valid usernames by measuring login response times, as authentication takes longer for existing users than for non-existing ones.
A vulnerability in File Browser allows authenticated users to bypass access restrictions by using multiple slashes in URLs, enabling them to access forbidden files.
A vulnerability in File Browser software allows authenticated users to change passwords without providing the current password by using capitalization in API requests. This can lead to account takeover if attackers obtain valid authentication tokens.
A vulnerability in File Browser allows attackers to access all sibling directories and their files through public share links for directories, instead of only the intended shared directory.
A vulnerability in File Browser allows users without download permissions to still download files through public share links, bypassing access restrictions and enabling unauthorized data access.
A security vulnerability in File Browser software allows authenticated users to delete arbitrary files and directories despite being explicitly denied delete permissions, by using an alternative TUS endpoint that incorrectly checks only create permissions instead of delete permissions.
File Browser with proxy authentication blindly trusts HTTP headers from any attacker, allowing them to impersonate any user including admin without requiring passwords or other credentials.
A vulnerability in File Browser allows authenticated users to bypass administrator access restrictions by using path traversal sequences to copy or move files into directories that should be blocked by configured deny rules.
File Browser allows unauthorized visitors to create administrator accounts when self-registration is enabled and default user permissions include admin rights, enabling complete control over the server and files.
A vulnerability in File Browser allows authenticated users to trigger upload hooks unlimited times by using negative values in the Upload-Length header, causing hooks to execute with empty files and arbitrary filenames.
A security vulnerability in File Browser allows unauthenticated users to self-register and inherit shell execution permissions, enabling them to run arbitrary commands on the server.
File Browser contains a Stored Cross-Site Scripting vulnerability in the EPUB preview feature that allows attackers to execute malicious JavaScript code through crafted EPUB files and access user data.
File Browser contains a Stored Cross-Site Scripting vulnerability where administrators can inject malicious JavaScript code into branding fields that then executes for all website visitors.
File Browser fails to re-validate the current permissions of share creators when accessing public share links, allowing previously created links to remain accessible to unauthenticated users even after administrators revoke the creator's Share and Download permissions.
A vulnerability in File Browser software allows authenticated users to access directories they shouldn't by exploiting how path checking only compares prefixes without considering directory boundaries.
A vulnerability in File Browser allows users without download permission to read text files through an alternative API endpoint, even though downloading is explicitly prohibited for them.
A security flaw in File Browser allows automatically created users through proxy authentication to unintentionally receive execution permissions and system commands, even though these rights should be explicitly granted by administrators.
A critical security vulnerability in File Browser allows attackers to execute arbitrary system commands by injecting special characters into username or password fields during login, without requiring authentication.
A security vulnerability in File Browser allows attackers to execute arbitrary system commands by creating malicious filenames with shell metacharacters that get injected into hook commands without sanitization.
A security vulnerability in File Browser allows attackers to access files and directories through public share URLs that the owner explicitly blocked with rules, as long as those blocked paths are located underneath the shared directory.
A vulnerability in File Browser allows low-privileged users to delete share links belonging to other users (including administrators) by removing files in their own directory whose path serves as a prefix in other users' link paths.
A security vulnerability in File Browser allows users with command execution permissions to bypass the command whitelist and execute arbitrary system commands by using shell metacharacters like semicolons or pipes.
File Browser does not invalidate existing JWT tokens when an administrator resets a user's password, allowing attackers with old tokens to continue accessing resources until natural token expiration.
File Browser allows users to access files outside their assigned scope through symbolic links, even though they should be restricted to their designated area. Attackers can read, overwrite, or publicly share unauthorized files through this vulnerability.
A vulnerability in File Browser allows authenticated users to create public shares for non-existent file paths that automatically become valid later when a file is created at that path.
A security vulnerability in File Browser allows attackers to create malicious archives that, when extracted on Windows systems, can write files outside the intended directory, leading to arbitrary file write operations.