SUSE CVE-2026-30934

FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-beta and 1.2.2-stable, Stored XSS is possible via share metadata fields e.g., title, description that are rendered into HTML for /public/share/ without context-aware escaping. The server uses text/template instead ...

CVE-2026-30933

FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-beta and 1.2.2-stable, the remediation for CVE-2026-27611 is incomplete. Password protected shares still disclose tokenized downloadURL via /public/api/share/info. This vulnerability is fixed in 1.3.1-beta and...

CVE-2026-30934 FileBrowser Quantum: Stored XSS in public share page via unsanitized share metadata (text/template misuse)

FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-beta and 1.2.2-stable, Stored XSS is possible via share metadata fields e.g., title, description that are rendered into HTML for /public/share/ without context-aware escaping. The server uses text/template instead ...

CVE-2026-30934 FileBrowser Quantum: Stored XSS in public share page via unsanitized share metadata (text/template misuse)

FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-beta and 1.2.2-stable, Stored XSS is possible via share metadata fields e.g., title, description that are rendered into HTML for /public/share/ without context-aware escaping. The server uses text/template instead ...

FileBrowser Quantum 安全漏洞

FileBrowser Quantum is a file manager developed by Graham Steffaniak. Versions of FileBrowser Quantum prior to 1.3.1-beta and 1.2.2-stable contained security vulnerabilities. These vulnerabilities stemmed from the fact that tokenized download URLs were still exposed through /public/api/share/info...

CVE-2008-6907

CVE-2008-6907 affects 2532designs/2532|Gigs 1.2.2 Stable. Vulnerable component: checkuser.php; issue arises when magic_quotes_gpc is disabled. Attackers can manipulate the (1) username and (2) password parameters via the login form (index.php) to cause SQL injection. OpenVAS entries describe thes...

CVE-2008-6907

Multiple SQL injection vulnerabilities in checkuser.php in 2532designs 2532|Gigs 1.2.2 Stable, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via the 1 username and 2 password parameters, as accessible from a form generated by index.php...

CVE-2008-6902

Unrestricted file upload vulnerability in uploadflyer.php in 2532designs 2532|Gigs 1.2.2 Stable allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in flyers/...

2532|Gigs 1.2.2 Stable Login Bypass

/ ------------------------------------------------------------------------------------------------ 2532|Gigs 1.2.2 Stable Remote Login Bypass Vulnerability ------------------------------------------------------------------------------------------------ by athos - stakerathotmaildotit...

2532|Gigs 1.2.2 Stable Multiple Remote Vulnerabilities

Exploit for unknown platform in category web applications ====================================================== 2532|Gigs 1.2.2 Stable Multiple Remote Vulnerabilities ====================================================== START 0x01 Informations: Script : 2532|Gigs v1.2 Stable Download :...