VYPR

Fileshare

by Ares

CVEs (2)

  • CVE-2025-55476Sep 2, 2025
    risk 0.00cvss epss 0.00

    FireShare FileShare 1.2.25 contains a time-based blind SQL injection vulnerability in the sort parameter of the endpoint: GET /api/videos/public?sort= This parameter is unsafely evaluated in a SQL ORDER BY clause without proper sanitization, allowing an attacker to inject…

  • CVE-2005-2425Aug 3, 2005
    risk 0.00cvss epss 0.05

    Stack-based buffer overflow in Ares FileShare 1.1 allows remote attackers or local users to execute arbitrary code via a (1) long history parameter in the configuration file (ares.conf) or (2) long search string.