CVE-2024-3178 Concrete CMS versions 9 below 9.2.8 and versions below 8.5.16 are vulnerable to Cross-site Scripting (XSS) in the Advanced File Search Filter

Concrete CMS versions 9 below 9.2.8 and versions below 8.5.16 are vulnerable to Cross-site Scripting XSS in the Advanced File Search Filter. Prior to the fix, a rogue administrator could add malicious code in the file manager because of insufficient validation of administrator provided data. All...

CVE-2024-3178

Concrete CMS is affected by a Cross-site Scripting (XSS) vulnerability in the Advanced File Search Filter. Versions below 9.2.8 and below 8.5.16 fail to validate administrator-provided data, allowing a rogue administrator with file-manager access to inject malicious code via a search filter. Impa...

PT-2024-24203 · Unknown · Concrete Cms

Name of the Vulnerable Software and Affected Versions: Concrete CMS versions 9 below 9.2.8 and versions below 8.5.16 Description: The issue concerns Cross-site Scripting XSS in the Advanced File Search Filter. A rogue administrator could add malicious code in the file manager due to insufficient...

CVE-2024-29024 JumpServer Direct Object Reference (IDOR) Vulnerability in File Manager Bulk Transfer Functionality

JumpServer is an open source bastion host and an operation and maintenance security audit system. An authenticated user can exploit the Insecure Direct Object Reference IDOR vulnerability in the file manager's bulk transfer by manipulating job IDs to upload malicious files, potentially compromisi...

CVE-2024-29024 JumpServer Direct Object Reference (IDOR) Vulnerability in File Manager Bulk Transfer Functionality

JumpServer is an open source bastion host and an operation and maintenance security audit system. An authenticated user can exploit the Insecure Direct Object Reference IDOR vulnerability in the file manager's bulk transfer by manipulating job IDs to upload malicious files, potentially compromisi...

CVE-2024-29024

CVE-2024-29024 affects JumpServer; an authenticated user can abuse an Insecure Direct Object Reference (IDOR) in the file manager’s bulk transfer to manipulate job IDs and upload malicious files. Impact noted as compromising integrity/security of the system. Remediation: upgrade to version 3.10.6...

CVE-2024-29024 JumpServer Direct Object Reference (IDOR) Vulnerability in File Manager Bulk Transfer Functionality

JumpServer is an open source bastion host and an operation and maintenance security audit system. An authenticated user can exploit the Insecure Direct Object Reference IDOR vulnerability in the file manager's bulk transfer by manipulating job IDs to upload malicious files, potentially compromisi...

Soholaunch 4.9.4 r44 Shell Upload

Exploit Title: Soholaunch Version : v4.9.4 r44 Remote Code Execution Date: 2024-3-29 Exploit Author: tmrswrr Category: Webapps Vendor Homepage: https://livesite.com/ Version : v4.9.4 r44 1 Login with admin cred click Main Menu File Manager Upload New Files Uploading test.php file Payload : 2 Afte...

PT-2024-22678 · Unknown · Jumpserver

Name of the Vulnerable Software and Affected Versions: JumpServer versions prior to 3.10.6 Description: The issue allows an authenticated user to exploit the Insecure Direct Object Reference IDOR vulnerability in the file manager's bulk transfer by manipulating job IDs to upload malicious files,...

Ampache Storage Cross-Site Scripting Vulnerability

Ampache is a web-based audio/video application and file manager. A cross-site scripting vulnerability exists in Ampache 6.2.1 and earlier versions, which stems from the lack of effective filtering and escaping of user-supplied data in /preferences.php?action=adminupdatepreferences, which can be...

CVE-2024-28852

Ampache (web-based audio/video streaming and file manager) has multiple reflective XSS vulnerabilities affecting forms that use the rule variable. Exploitation could involve injecting payloads in queries (e.g., song, podcast) via the $rule parameter. The issue is fixed in version 6.3.1; upgrading...

CVE-2024-2849

A vulnerability classified as critical was found in SourceCodester Simple File Manager 1.0. This vulnerability affects unknown code. The manipulation of the argument photo leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be...

CVE-2024-2849 SourceCodester Simple File Manager unrestricted upload

A vulnerability classified as critical was found in SourceCodester Simple File Manager 1.0. This vulnerability affects unknown code. The manipulation of the argument photo leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be...

CVE-2024-2849

The CVE-2024-2849 entry concerns SourceCodester Simple File Manager 1.0. The vulnerability arises from incorrect handling of the photo argument, enabling unrestricted file uploads. This is described as a remote, critical issue with publicly disclosed exploit information. Affected component: Simpl...

CVE-2024-2849 SourceCodester Simple File Manager unrestricted upload

A vulnerability classified as critical was found in SourceCodester Simple File Manager 1.0. This vulnerability affects unknown code. The manipulation of the argument photo leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be...

PT-2024-22448 · Sourcecodester · Sourcecodester Simple File Manager

Name of the Vulnerable Software and Affected Versions: SourceCodester Simple File Manager version 1.0 Description: A critical vulnerability was found in the software, affecting unknown code. The manipulation of the photo argument leads to unrestricted upload. The attack can be initiated remotely...

Simple File Manager 代码问题漏洞

SourceCodester File Manager is a file manager. A code issue vulnerability exists in Simple File Manager version 1.0, which stems from an incorrect manipulation of photo resulting in unrestricted uploads...

The vulnerability of the Adobe Bridge file manager, related to writing beyond the buffer boundaries in memory, allows a hacker to execute arbitrary code.

The vulnerability of the Adobe Bridge file manager is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

CVE-2024-1538

The File Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.2.4. This is due to missing or incorrect nonce validation on the wpfilemanager page that includes files through the 'lang' parameter. This makes it possible for unauthenticate...

CVE-2024-1538

The File Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.2.4. This is due to missing or incorrect nonce validation on the wpfilemanager page that includes files through the 'lang' parameter. This makes it possible for unauthenticate...