547 matches found
CVE-2020-36973
PDW File Browser 1.3 is affected by a remote code execution vulnerability that lets authenticated users upload and rename webshell files to arbitrary web server locations. An attacker can upload a .txt webshell, rename it to .php, and move it into accessible directories using double-encoded path ...
CVE-2020-36988
PDW File Browser version 1.3 contains stored and reflected cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts through file rename and path parameters. Attackers can craft malicious URLs or rename files with XSS payloads to execute arbitrary...
CVE-2020-36988 PDW File Browser <= v1.3 - Cross-Site Scripting (XSS)
PDW File Browser version 1.3 contains stored and reflected cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts through file rename and path parameters. Attackers can craft malicious URLs or rename files with XSS payloads to execute arbitrary...
CVE-2020-36988
PDW File Browser version 1.3 contains stored and reflected cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts through file rename and path parameters. Attackers can craft malicious URLs or rename files with XSS payloads to execute arbitrary...
CVE-2020-36988 PDW File Browser <= v1.3 - Cross-Site Scripting (XSS)
PDW File Browser version 1.3 contains stored and reflected cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts through file rename and path parameters. Attackers can craft malicious URLs or rename files with XSS payloads to execute arbitrary...
CVE-2020-36988
PDW File Browser
PT-2026-5114
PDW File Browser version 1.3 contains stored and reflected cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts through file rename and path parameters. Attackers can craft malicious URLs or rename files with XSS payloads to execute arbitrary...
PDW-File-Browser security vulnerability
PDW-File-Browser is a file browser developed by Michal Charemza. Version 1.3 of PDW-File-Browser has a security vulnerability; this vulnerability stems from the ability to upload and rename webshell files, which may lead to remote code execution...
Exploit for Cross-site Scripting in Iptanus Wordpress_File_Upload
CVE-2024-6651 POC XSS - CVE-2024-6651 PoC funcional para l...
EUVD-2026-3287
File Browser Vulnerable to Username Enumeration via Timing Attack in /api/login...
CVE-2026-23849 File Browser vulnerable to Username Enumeration via Timing Attack in /api/login
File Browser provides a file managing interface within a specified directory and can be used to upload, delete, preview, rename, and edit files. Prior to version 2.55.0, the JSONAuth. Auth function contains a logic flaw that allows unauthenticated attackers to enumerate valid usernames by measuri...
CVE-2026-23849 File Browser vulnerable to Username Enumeration via Timing Attack in /api/login
File Browser provides a file managing interface within a specified directory and can be used to upload, delete, preview, rename, and edit files. Prior to version 2.55.0, the JSONAuth. Auth function contains a logic flaw that allows unauthenticated attackers to enumerate valid usernames by measuri...
CVE-2026-23849
File Browser provides a file managing interface within a specified directory and can be used to upload, delete, preview, rename, and edit files. Prior to version 2.55.0, the JSONAuth. Auth function contains a logic flaw that allows unauthenticated attackers to enumerate valid usernames by measuri...
CVE-2026-23849 File Browser vulnerable to Username Enumeration via Timing Attack in /api/login
File Browser provides a file managing interface within a specified directory and can be used to upload, delete, preview, rename, and edit files. Prior to version 2.55.0, the JSONAuth. Auth function contains a logic flaw that allows unauthenticated attackers to enumerate valid usernames by measuri...
CVE-2026-23849
CVE-2026-23849 – File Browser (github.com/filebrowser/filebrowser) shows a timing-based username enumeration flaw in the /api/login flow. The JSONAuth.Auth logic short-circuits when a user is not found, returning quickly, while a valid user triggers bcrypt password verification (users.CheckPwd) w...
PT-2026-3502
Name of the Vulnerable Software and Affected Versions File Browser versions prior to 2.55.0 Description File Browser provides a file managing interface for tasks like uploading, deleting, and editing files. A flaw in the JSONAuth.Auth function allows unauthenticated attackers to identify valid...
CVE-2008-6342
Unspecified vulnerability in the TYPO3 Simple File Browser simplefilebrowser extension 1.0.2 and earlier allows remote attackers to obtain sensitive information via unknown attack vectors...
CVEhunter-Tools
CVEhunter: Integrated AI-Assisted Code Auditing Toolkit Windo...
GO-2025-4118 File Browser has risk of HTTP Request/Response smuggling through vulnerable dependency in github.com/filebrowser/filebrowser
File Browser has risk of HTTP Request/Response smuggling through vulnerable dependency in github.com/filebrowser/filebrowser...
GO-2025-4117 File Browser is Vulnerable to Insecure Direct Object Reference (IDOR) in Share Deletion Function in github.com/filebrowser/filebrowser
File Browser is Vulnerable to Insecure Direct Object Reference IDOR in Share Deletion Function in github.com/filebrowser/filebrowser...