Vulnerabilites related to upredsun - file_sharing_wizard
Vulnerability from fkie_nvd
Published
2024-01-11 18:15
Modified
2024-11-21 08:46
Summary
A vulnerability has been found in iSharer and upRedSun File Sharing Wizard up to 1.5.0 and classified as problematic. This vulnerability affects unknown code of the component GET Request Handler. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250438 is the identifier assigned to this vulnerability.
References
cna@vuldb.comhttps://cxsecurity.com/issue/WLB-2024010023Exploit, Third Party Advisory
cna@vuldb.comhttps://vuldb.com/?ctiid.250438Permissions Required, Third Party Advisory, VDB Entry
cna@vuldb.comhttps://vuldb.com/?id.250438Permissions Required, Third Party Advisory, VDB Entry
cna@vuldb.comhttps://www.youtube.com/watch?v=WK7xK9KHiMUExploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://cxsecurity.com/issue/WLB-2024010023Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://vuldb.com/?ctiid.250438Permissions Required, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://vuldb.com/?id.250438Permissions Required, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://www.youtube.com/watch?v=WK7xK9KHiMUExploit, Third Party Advisory
Impacted products
Vendor Product Version
upredsun file_sharing_wizard *



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:upredsun:file_sharing_wizard:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3356706-BA28-4ED0-9383-73C77D5A5D4D",
              "versionEndIncluding": "1.5.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability has been found in iSharer and upRedSun File Sharing Wizard up to 1.5.0 and classified as problematic. This vulnerability affects unknown code of the component GET Request Handler. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250438 is the identifier assigned to this vulnerability."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad fue encontrada en iSharer y upRedSun File Sharing Wizard hasta 1.5.0 y clasificada como problem\u00e1tica. C\u00f3digo desconocido del componente GET Request Handler es afectado por esta vulnerabilidad. La manipulaci\u00f3n conduce a la denegaci\u00f3n del servicio. El ataque se puede iniciar de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. VDB-250438 es el identificador asignado a esta vulnerabilidad."
    }
  ],
  "id": "CVE-2024-0418",
  "lastModified": "2024-11-21T08:46:32.677",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "cna@vuldb.com",
        "type": "Secondary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "cna@vuldb.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-01-11T18:15:44.913",
  "references": [
    {
      "source": "cna@vuldb.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://cxsecurity.com/issue/WLB-2024010023"
    },
    {
      "source": "cna@vuldb.com",
      "tags": [
        "Permissions Required",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://vuldb.com/?ctiid.250438"
    },
    {
      "source": "cna@vuldb.com",
      "tags": [
        "Permissions Required",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://vuldb.com/?id.250438"
    },
    {
      "source": "cna@vuldb.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.youtube.com/watch?v=WK7xK9KHiMU"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://cxsecurity.com/issue/WLB-2024010023"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://vuldb.com/?ctiid.250438"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://vuldb.com/?id.250438"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.youtube.com/watch?v=WK7xK9KHiMU"
    }
  ],
  "sourceIdentifier": "cna@vuldb.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-404"
        }
      ],
      "source": "cna@vuldb.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-10-09 22:15
Modified
2024-11-21 04:32
Severity ?
Summary
A Structured Exception Handler (SEH) based buffer overflow in File Sharing Wizard 1.5.0 26-8-2008 allows remote unauthenticated attackers to execute arbitrary code via the HTTP DELETE method, a similar issue to CVE-2019-16724 and CVE-2010-2331.
Impacted products
Vendor Product Version
upredsun file_sharing_wizard 1.5.0



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:upredsun:file_sharing_wizard:1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "69F3361C-2C36-41C3-A063-27E9699EB4BF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A Structured Exception Handler (SEH) based buffer overflow in File Sharing Wizard 1.5.0 26-8-2008 allows remote unauthenticated attackers to execute arbitrary code via the HTTP DELETE method, a similar issue to CVE-2019-16724 and CVE-2010-2331."
    },
    {
      "lang": "es",
      "value": "Un desbordamiento de b\u00fafer basado en Structured Exception Handler (SEH) en File Sharing Wizard versi\u00f3n 1.5.0 26-8-2008, permite a atacantes remotos no autenticados ejecutar c\u00f3digo arbitrario por medio del m\u00e9todo HTTP DELETE, un problema similar a CVE-2019-16724 y CVE-2010- 2331."
    }
  ],
  "id": "CVE-2019-17415",
  "lastModified": "2024-11-21T04:32:17.383",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-10-09T22:15:10.887",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://packetstormsecurity.com/files/154738/File-Sharing-Wizard-1.5.0-DELETE-SEH-Buffer-Overflow.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://packetstormsecurity.com/files/154738/File-Sharing-Wizard-1.5.0-DELETE-SEH-Buffer-Overflow.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-120"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-09-24 21:15
Modified
2024-11-21 04:31
Severity ?
Summary
File Sharing Wizard 1.5.0 allows a remote attacker to obtain arbitrary code execution by exploiting a Structured Exception Handler (SEH) based buffer overflow in an HTTP POST parameter, a similar issue to CVE-2010-2330 and CVE-2010-2331.
Impacted products
Vendor Product Version
upredsun file_sharing_wizard 1.5.0



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:upredsun:file_sharing_wizard:1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "69F3361C-2C36-41C3-A063-27E9699EB4BF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "File Sharing Wizard 1.5.0 allows a remote attacker to obtain arbitrary code execution by exploiting a Structured Exception Handler (SEH) based buffer overflow in an HTTP POST parameter, a similar issue to CVE-2010-2330 and CVE-2010-2331."
    },
    {
      "lang": "es",
      "value": "File Sharing Wizard versi\u00f3n 1.5.0, permite a un atacante remoto obtener la ejecuci\u00f3n de c\u00f3digo arbitrario mediante la explotaci\u00f3n de un desbordamiento de b\u00fafer basado en Structured Exception Handler (SEH) en un par\u00e1metro POST de HTTP, un problema similar a CVE-2010-2330 y CVE-2010-2331."
    }
  ],
  "id": "CVE-2019-16724",
  "lastModified": "2024-11-21T04:31:03.980",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-09-24T21:15:10.317",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/154586/File-Sharing-Wizard-1.5.0-SEH-Buffer-Overflow.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://packetstormsecurity.com/files/154777/File-Sharing-Wizard-1.5.0-POST-SEH-Overflow.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.exploit-db.com/exploits/47412"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/154586/File-Sharing-Wizard-1.5.0-SEH-Buffer-Overflow.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://packetstormsecurity.com/files/154777/File-Sharing-Wizard-1.5.0-POST-SEH-Overflow.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/47412"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-120"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-11-12 17:15
Modified
2024-11-21 04:33
Severity ?
Summary
File Sharing Wizard version 1.5.0 build 2008 is affected by a Structured Exception Handler based buffer overflow vulnerability. An unauthenticated attacker is able to perform remote command execution and obtain a command shell by sending a HTTP GET request including the malicious payload in the URL. A similar issue to CVE-2019-17415, CVE-2019-16724, and CVE-2010-2331.
Impacted products
Vendor Product Version
upredsun file_sharing_wizard 1.5.0



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:upredsun:file_sharing_wizard:1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "69F3361C-2C36-41C3-A063-27E9699EB4BF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "File Sharing Wizard version 1.5.0 build 2008 is affected by a Structured Exception Handler based buffer overflow vulnerability. An unauthenticated attacker is able to perform remote command execution and obtain a command shell by sending a HTTP GET request including the malicious payload in the URL. A similar issue to CVE-2019-17415, CVE-2019-16724, and CVE-2010-2331."
    },
    {
      "lang": "es",
      "value": "File Sharing Wizard versi\u00f3n 1.5.0 build 2008, est\u00e1 afectado por una vulnerabilidad de desbordamiento de b\u00fafer basada en el Manejador de Excepciones Estructuradas. Un atacante no autenticado es capaz de realizar una ejecuci\u00f3n de comandos remota y obtener un comando shell mediante el env\u00edo de una petici\u00f3n GET de HTTP incluyendo la carga maliciosa en la URL. Un problema similar a CVE-2019-17415, CVE-2019-16724 y CVE-2010-2331."
    }
  ],
  "id": "CVE-2019-18655",
  "lastModified": "2024-11-21T04:33:27.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-11-12T17:15:10.610",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "http://0xhuesca.com/cve-2019-18655.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://github.com/0xhuesca/CVE-2019-18655/blob/main/filesharing_wizard_get_bof.rb"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.0xhuesca.com/2019/11/cve-2019-18655.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "http://0xhuesca.com/cve-2019-18655.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.0xhuesca.com/2019/11/cve-2019-18655.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2019-16724
Vulnerability from cvelistv5
Published
2019-09-24 20:21
Modified
2024-08-05 01:24
Severity ?
Summary
File Sharing Wizard 1.5.0 allows a remote attacker to obtain arbitrary code execution by exploiting a Structured Exception Handler (SEH) based buffer overflow in an HTTP POST parameter, a similar issue to CVE-2010-2330 and CVE-2010-2331.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T01:24:47.091Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/154586/File-Sharing-Wizard-1.5.0-SEH-Buffer-Overflow.html"
          },
          {
            "name": "Exploit Database",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/47412"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/154777/File-Sharing-Wizard-1.5.0-POST-SEH-Overflow.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "File Sharing Wizard 1.5.0 allows a remote attacker to obtain arbitrary code execution by exploiting a Structured Exception Handler (SEH) based buffer overflow in an HTTP POST parameter, a similar issue to CVE-2010-2330 and CVE-2010-2331."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-10-08T21:06:03",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/154586/File-Sharing-Wizard-1.5.0-SEH-Buffer-Overflow.html"
        },
        {
          "name": "Exploit Database",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/47412"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/154777/File-Sharing-Wizard-1.5.0-POST-SEH-Overflow.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-16724",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "File Sharing Wizard 1.5.0 allows a remote attacker to obtain arbitrary code execution by exploiting a Structured Exception Handler (SEH) based buffer overflow in an HTTP POST parameter, a similar issue to CVE-2010-2330 and CVE-2010-2331."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://packetstormsecurity.com/files/154586/File-Sharing-Wizard-1.5.0-SEH-Buffer-Overflow.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/154586/File-Sharing-Wizard-1.5.0-SEH-Buffer-Overflow.html"
            },
            {
              "name": "Exploit Database",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/47412"
            },
            {
              "name": "http://packetstormsecurity.com/files/154777/File-Sharing-Wizard-1.5.0-POST-SEH-Overflow.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/154777/File-Sharing-Wizard-1.5.0-POST-SEH-Overflow.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-16724",
    "datePublished": "2019-09-24T20:21:32",
    "dateReserved": "2019-09-23T00:00:00",
    "dateUpdated": "2024-08-05T01:24:47.091Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-0418
Vulnerability from cvelistv5
Published
2024-01-11 18:00
Modified
2024-08-01 18:04
Summary
A vulnerability has been found in iSharer and upRedSun File Sharing Wizard up to 1.5.0 and classified as problematic. This vulnerability affects unknown code of the component GET Request Handler. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250438 is the identifier assigned to this vulnerability.
References
Impacted products
Vendor Product Version
iSharer and upRedSun File Sharing Wizard Version: 1.0
Version: 1.1
Version: 1.2
Version: 1.3
Version: 1.4
Version: 1.5
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T18:04:49.651Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?id.250438"
          },
          {
            "tags": [
              "signature",
              "permissions-required",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?ctiid.250438"
          },
          {
            "tags": [
              "media-coverage",
              "x_transferred"
            ],
            "url": "https://www.youtube.com/watch?v=WK7xK9KHiMU"
          },
          {
            "tags": [
              "exploit",
              "issue-tracking",
              "x_transferred"
            ],
            "url": "https://cxsecurity.com/issue/WLB-2024010023"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "GET Request Handler"
          ],
          "product": "File Sharing Wizard",
          "vendor": "iSharer and upRedSun",
          "versions": [
            {
              "status": "affected",
              "version": "1.0"
            },
            {
              "status": "affected",
              "version": "1.1"
            },
            {
              "status": "affected",
              "version": "1.2"
            },
            {
              "status": "affected",
              "version": "1.3"
            },
            {
              "status": "affected",
              "version": "1.4"
            },
            {
              "status": "affected",
              "version": "1.5"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "analyst",
          "value": "fernando.mengali (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been found in iSharer and upRedSun File Sharing Wizard up to 1.5.0 and classified as problematic. This vulnerability affects unknown code of the component GET Request Handler. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250438 is the identifier assigned to this vulnerability."
        },
        {
          "lang": "de",
          "value": "In iSharer and upRedSun File Sharing Wizard bis 1.5.0 wurde eine problematische Schwachstelle gefunden. Dabei geht es um eine nicht genauer bekannte Funktion der Komponente GET Request Handler. Dank Manipulation mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 5,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-404",
              "description": "CWE-404 Denial of Service",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-11T18:00:06.864Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://vuldb.com/?id.250438"
        },
        {
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.250438"
        },
        {
          "tags": [
            "media-coverage"
          ],
          "url": "https://www.youtube.com/watch?v=WK7xK9KHiMU"
        },
        {
          "tags": [
            "exploit",
            "issue-tracking"
          ],
          "url": "https://cxsecurity.com/issue/WLB-2024010023"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-01-11T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2024-01-11T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2024-01-11T11:33:58.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "iSharer and upRedSun File Sharing Wizard GET Request denial of service"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2024-0418",
    "datePublished": "2024-01-11T18:00:06.864Z",
    "dateReserved": "2024-01-11T10:26:32.138Z",
    "dateUpdated": "2024-08-01T18:04:49.651Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-17415
Vulnerability from cvelistv5
Published
2019-10-09 21:52
Modified
2024-08-05 01:40
Severity ?
Summary
A Structured Exception Handler (SEH) based buffer overflow in File Sharing Wizard 1.5.0 26-8-2008 allows remote unauthenticated attackers to execute arbitrary code via the HTTP DELETE method, a similar issue to CVE-2019-16724 and CVE-2010-2331.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T01:40:15.694Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://packetstormsecurity.com/files/154738/File-Sharing-Wizard-1.5.0-DELETE-SEH-Buffer-Overflow.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A Structured Exception Handler (SEH) based buffer overflow in File Sharing Wizard 1.5.0 26-8-2008 allows remote unauthenticated attackers to execute arbitrary code via the HTTP DELETE method, a similar issue to CVE-2019-16724 and CVE-2010-2331."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-10-09T21:52:40",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://packetstormsecurity.com/files/154738/File-Sharing-Wizard-1.5.0-DELETE-SEH-Buffer-Overflow.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-17415",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A Structured Exception Handler (SEH) based buffer overflow in File Sharing Wizard 1.5.0 26-8-2008 allows remote unauthenticated attackers to execute arbitrary code via the HTTP DELETE method, a similar issue to CVE-2019-16724 and CVE-2010-2331."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://packetstormsecurity.com/files/154738/File-Sharing-Wizard-1.5.0-DELETE-SEH-Buffer-Overflow.html",
              "refsource": "MISC",
              "url": "https://packetstormsecurity.com/files/154738/File-Sharing-Wizard-1.5.0-DELETE-SEH-Buffer-Overflow.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-17415",
    "datePublished": "2019-10-09T21:52:40",
    "dateReserved": "2019-10-09T00:00:00",
    "dateUpdated": "2024-08-05T01:40:15.694Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-18655
Vulnerability from cvelistv5
Published
2019-11-12 16:11
Modified
2024-10-08 15:38
Severity ?
Summary
File Sharing Wizard version 1.5.0 build 2008 is affected by a Structured Exception Handler based buffer overflow vulnerability. An unauthenticated attacker is able to perform remote command execution and obtain a command shell by sending a HTTP GET request including the malicious payload in the URL. A similar issue to CVE-2019-17415, CVE-2019-16724, and CVE-2010-2331.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T01:54:14.599Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://0xhuesca.com/cve-2019-18655.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.0xhuesca.com/2019/11/cve-2019-18655.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "File Sharing Wizard version 1.5.0 build 2008 is affected by a Structured Exception Handler based buffer overflow vulnerability. An unauthenticated attacker is able to perform remote command execution and obtain a command shell by sending a HTTP GET request including the malicious payload in the URL. A similar issue to CVE-2019-17415, CVE-2019-16724, and CVE-2010-2331."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-08T15:38:34.116616",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "http://0xhuesca.com/cve-2019-18655.html"
        },
        {
          "url": "https://www.0xhuesca.com/2019/11/cve-2019-18655.html"
        },
        {
          "url": "https://github.com/0xhuesca/CVE-2019-18655/blob/main/filesharing_wizard_get_bof.rb"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-18655",
    "datePublished": "2019-11-12T16:11:07",
    "dateReserved": "2019-10-31T00:00:00",
    "dateUpdated": "2024-10-08T15:38:34.116616",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}