Cross-Site Scripting (XSS)

file-browser is vulnerable to cross-site scripting XSS. A remote attacker is able to inject and execute arbitrary Javascript in a user's browser via the filenames...

Path traversal

Path Traversal in the file browser of DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to browse the server filesystem...

CVE-2019-14766

CVE-2019-14766 affects DIMO YellowBox CRM prior to version 6.3.4. The issue is a path traversal vulnerability in the file browser that allows a standard authenticated user to browse the server filesystem. Based on the connected Red Hat/NVD entries, the vulnerability is triggered via the file brow...

Dokeos 1.8.6.1 / 1.8.6.3 Arbitrary File Upload

Exploit Title: Dokeos 1.8.6.3 and 1.8.6.1- Arbitrary File Upload Google Dork: "Plateforme Dokeos 1.8.6.3 " or 1.8.6.1 Date: 17/09/2019 Exploit Author: Sohel Yousef Jellyfish security team Vendor Homepage: https://www.dokeos.com/ Software Link: https://www.dokeos.com/ Version: 1.8.6.3 - 1.8.6.1...

WordPress ckeditor-for-wordpress plugin cross-site scripting vulnerability

WordPress is a set of blogging platform developed by WordPress Foundation using PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. ckeditor-for-wordpress is an editor plugin used in it. A cross-site scripting vulnerability exists in the 'built-in old...

CVE-2015-9349

The ckeditor-for-wordpress plugin before 4.5.3.1 for WordPress has reflected XSS in the "built-in old" file browser...

Cross site scripting

The ckeditor-for-wordpress plugin before 4.5.3.1 for WordPress has reflected XSS in the "built-in old" file browser...

CVE-2015-9349

The ckeditor-for-wordpress plugin before 4.5.3.1 for WordPress has reflected XSS in the "built-in old" file browser...

CVE-2019-14986

eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn before 2.3.0 installed allow administrative operations by unauthenticated attackers with access to the web interface, because features such as File-Browser and Shell Command as well as "Set root password" are exposed...

CVE-2019-14986

eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn before 2.3.0 installed allow administrative operations by unauthenticated attackers with access to the web interface, because features such as File-Browser and Shell Command as well as "Set root password" are exposed...

Design/Logic Flaw

eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn before 2.3.0 installed allow administrative operations by unauthenticated attackers with access to the web interface, because features such as File-Browser and Shell Command as well as "Set root password" are exposed...

CVE-2019-14986

eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn before 2.3.0 installed allow administrative operations by unauthenticated attackers with access to the web interface, because features such as File-Browser and Shell Command as well as "Set root password" are exposed...

CVE-2018-12299

Cross-site scripting in filebrowser in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via uploaded file names...

GodOfWar - Malicious Java WAR Builder With Built-In Payloads

A command-line tool to generate war payloads for penetration testing / red teaming purposes, written in ruby. Features Preexisting payloads. try -l/--list cmdget filebrowser bindshell reverseshell reverseshellui Configurable backdoor. try --host/-port Control over payload name. To avoid malicious...

CVE-2019-10632

A directory traversal vulnerability in the file browser component on the Zyxel NAS 326 version 5.21 and below allows a lower privileged user to change the location of any other user's files...

Directory traversal

A directory traversal vulnerability in the file browser component on the Zyxel NAS 326 version 5.21 and below allows a lower privileged user to change the location of any other user's files...

CVE-2019-10632

A directory traversal vulnerability in the file browser component on the Zyxel NAS 326 version 5.21 and below allows a lower privileged user to change the location of any other user's files...

CVE-2019-10632

CVE-2019-10632 affects the Zyxel NAS 326 File Browser component (versions 5.21 and earlier). The vulnerability is a directory traversal that lets a lower-privileged user change the location of another user’s files. There are no exploit details provided in the connected documents, and remediation ...

Zyxel NAS 326 Directory Traversal Vulnerability

The Zyxel NAS 326 is a two-drive personal cloud storage device from Zyxel. A directory traversal vulnerability exists in the File Browser component of the Zyxel NAS 326 5.21 and earlier versions. A low-privileged user can exploit this vulnerability to change the location of any other user's files...

Node.js third-party modules: [file-browser] Inadequate Output Encoding and Escaping

I would like to report stored xss in file-browser module It allows an attacker to embed malicious js code as filenames,which get executed once browsed to the file over the web browser Module module name: file-browser version: 0.0.5 npm page: https://www.npmjs.com/package/file-browser Module...