ES File Explorer Open Port

This module connects to ES File Explorer's HTTP server to run certain commands. The HTTP server is started on app launch, and is available as long as the app is open. Version 4.1.9.7.4 and below are reported vulnerable This module has been tested against 4.1.9.5.1. This module requires Metasploit...

CVE-2019-8345

The Help feature in the ES File Explorer File Manager application 4.1.9.7.4 for Android allows session hijacking by a Man-in-the-middle attacker on the local network because HTTPS is not used, and an attacker's web site is displayed in a WebView with no information about the URL...

Design/Logic Flaw

The Help feature in the ES File Explorer File Manager application 4.1.9.7.4 for Android allows session hijacking by a Man-in-the-middle attacker on the local network because HTTPS is not used, and an attacker's web site is displayed in a WebView with no information about the URL...

CVE-2019-8345

CVE-2019-8345 affects ES File Explorer File Manager for Android (version 4.1.9.7.4). The Help feature loads content over HTTP, enabling session hijacking by a local-network MITM attacker, who could display an attacker-controlled site in a WebView without URL information. No exploit details or pat...

CVE-2019-8345

The Help feature in the ES File Explorer File Manager application 4.1.9.7.4 for Android allows session hijacking by a Man-in-the-middle attacker on the local network because HTTPS is not used, and an attacker's web site is displayed in a WebView with no information about the URL...

CVE-2019-6447

The ES File Explorer File Manager application through 4.1.9.7.4 for Android allows remote attackers to read arbitrary files or execute applications via TCP port 59777 requests on the local Wi-Fi network. This TCP port remains open after the ES application has been launched once, and responds to...

Code injection

The ES File Explorer File Manager application through 4.1.9.7.4 for Android allows remote attackers to read arbitrary files or execute applications via TCP port 59777 requests on the local Wi-Fi network. This TCP port remains open after the ES application has been launched once, and responds to...

CVE-2019-6447

The ES File Explorer File Manager application through 4.1.9.7.4 for Android allows remote attackers to read arbitrary files or execute applications via TCP port 59777 requests on the local Wi-Fi network. This TCP port remains open after the ES application has been launched once, and responds to...

CVE-2019-6447

The ES File Explorer File Manager application through 4.1.9.7.4 for Android allows remote attackers to read arbitrary files or execute applications via TCP port 59777 requests on the local Wi-Fi network. This TCP port remains open after the ES application has been launched once, and responds to...

CVE-2019-6447

The CVE-2019-6447 vulnerability affects ES File Explorer File Manager on Android (versions up to 4.1.9.7.4). The issue arises from an HTTP server listening on port 59777 that remains open after app launch; it can be reached over a local Wi‑Fi network and responds to unauthenticated application/js...

CVE-2019-6447

The ES File Explorer File Manager application through 4.1.9.7.4 for Android allows remote attackers to read arbitrary files or execute applications via TCP port 59777 requests on the local Wi-Fi network. This TCP port remains open after the ES application has been launched once, and responds to...

PT-2019-18094 · Es · Es File Explorer File Manager

Name of the Vulnerable Software and Affected Versions: ES File Explorer File Manager versions through 4.1.9.7.4 Description: The issue allows remote attackers to read arbitrary files or execute applications via TCP port 59777 requests on the local Wi-Fi network. This TCP port remains open after t...

ASUSTOR ADM cross-site scripting vulnerability (CNVD-2018-26928)

ASUSTOR ADM is a set of operating systems from ASUSTOR dedicated to ASUSTOR NAS storage devices.File Explorer is one of the file browsers. A cross-site scripting vulnerability exists in File Explorer in ASUSTOR ADM version 3.1.1, which can be exploited by remote attackers to execute JavaScript co...

ASUSTOR ADM File Explorer Cross-Site Scripting Vulnerability

ASUSTOR ADM is a set of operating systems from ASUSTOR dedicated to ASUSTOR NAS storage devices.File Explorer is one of the file browsers. A cross-site scripting vulnerability exists in File Explorer in ASUSTOR ADM version 3.1.1. A remote attacker can exploit this vulnerability to execute arbitra...

ASUSTOR ADM File Explorer Path Traversal Vulnerability

ASUSTOR ADM is a set of operating systems from ASUSTOR dedicated to ASUSTOR NAS storage devices.File Explorer is one of the file browsers. A directory traversal vulnerability exists in File Explorer in ASUSTOR ADM version 3.1.1. An attacker can exploit this vulnerability by modifying the 'file1'...

Cross site scripting

Cross-site scripting vulnerability in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to execute arbitrary JavaScript when a file is moved via a malicious filename...

CVE-2018-12306

Directory Traversal in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to view arbitrary files by modifying the "file1" URL parameter, a similar issue to CVE-2018-11344...

CVE-2018-12305

Cross-site scripting in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to execute JavaScript by uploading SVG images with embedded JavaScript...

CVE-2018-12306

Directory Traversal in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to view arbitrary files by modifying the "file1" URL parameter, a similar issue to CVE-2018-11344...

Cross site scripting

Cross-site scripting in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to execute JavaScript by uploading SVG images with embedded JavaScript...