3138 matches found
CVE-2024-25903
CVE-2024-25903 affects the WordPress Frontend File Manager plugin (Frontend File Manager). Public documentation indicates an information-disclosure vulnerability where unauthenticated actors can access user-uploaded files, with affected versions up to 22.7. The issue stems from exposure of sensit...
WordPress Plugin Frontend File Manager Plugin Information Disclosure Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
PT-2024-21194 · Unknown · N-Media Frontend File Manager
Name of the Vulnerable Software and Affected Versions: N-Media Frontend File Manager versions through 22.7 Description: The issue is related to the exposure of sensitive information to an unauthorized actor. This is a problem where sensitive data is made available to individuals who should not ha...
CVE-2023-7015
The File Manager Pro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tb' parameter in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2023-7015
The File Manager Pro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tb' parameter in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2023-7015
The File Manager Pro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tb' parameter in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2023-6825
The File Manager and File Manager Pro plugins for WordPress are vulnerable to Directory Traversal in versions up to, and including version 7.2.1 free version and 8.3.4 Pro version via the target parameter in the mkfilefoldermanageractioncallbackshortcode function. This makes it possible for...
CVE-2023-6825
The File Manager and File Manager Pro plugins for WordPress are vulnerable to Directory Traversal in versions up to, and including version 7.2.1 free version and 8.3.4 Pro version via the target parameter in the mkfilefoldermanageractioncallbackshortcode function. This makes it possible for...
Cross site scripting
The File Manager Pro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tb' parameter in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
Directory traversal
The File Manager and File Manager Pro plugins for WordPress are vulnerable to Directory Traversal in versions up to, and including version 7.2.1 free version and 8.3.4 Pro version via the target parameter in the mkfilefoldermanageractioncallbackshortcode function. This makes it possible for...
CVE-2023-7015
CVE-2023-7015 concerns the WordPress plugin File Manager Pro. A reflected XSS via the tb parameter exists in all versions up to 8.3.4 due to insufficient input sanitization and output escaping, enabling unauthenticated attackers to inject scripts in pages executed after user actions (e.g., clicki...
CVE-2023-7015 File Manager Pro <= 8.3.4 - Reflected Cross-Site Scripting
The File Manager Pro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tb' parameter in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2023-6825 File Manager And File Manager Pro (Multiple Versions) - Directory Traversal
The File Manager and File Manager Pro plugins for WordPress are vulnerable to Directory Traversal in versions up to, and including version 7.2.1 free version and 8.3.4 Pro version via the target parameter in the mkfilefoldermanageractioncallbackshortcode function. This makes it possible for...
CVE-2023-6825 File Manager And File Manager Pro (Multiple Versions) - Directory Traversal
The File Manager and File Manager Pro plugins for WordPress are vulnerable to Directory Traversal in versions up to, and including version 7.2.1 free version and 8.3.4 Pro version via the target parameter in the mkfilefoldermanageractioncallbackshortcode function. This makes it possible for...
CVE-2023-6825
CVE-2023-6825 affects the WordPress File Manager and File Manager Pro plugins. It enables Directory Traversal via the mk_file_folder_manager_action_callback_shortcode target parameter, allowing reading of arbitrary server files and upload to unintended directories. Affected versions: File Manager...
WordPress Plugin File Manager And File Manager Pro Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2024-2181 · Adobe · Bridge
Name of the Vulnerable Software and Affected Versions: Adobe Bridge versions 13.0.5, 14.0.1 and earlier Description: The issue is related to an out-of-bounds read vulnerability in the file manager, which could allow an attacker to disclose sensitive memory information. This vulnerability can be...
elFinder Web file manager Version - 2.1.53 Remote Command Execution Vulnerability
Exploit Title: elFinder Web file manager Version: 2.1.53 Remote Command Execution Exploit Author: tmrswrr Google Dork: intitle:"elFinder 2.1.53" Vendor Homepage: https://studio-42.github.io/elFinder/ Software Link: https://github.com/Studio-42/elFinder/archive/refs/tags/2.1.53.zip Version: 2.1.53...
Artica Proxy 4.40 / 4.50 Authentication Bypass / Privilege Escalation Vulnerability
The Rich Filemanager feature of Artica Proxy versions 4.40 and 4.50 provides a web-based interface for file management capabilities. When the feature is enabled, it does not require authentication by default, and runs as the root user. This provides an unauthenticated attacker complete access to...
Artica Proxy 4.40 / 4.50 Authentication Bypass / Privilege Escalation
KL-001-2024-003: Artica Proxy Unauthenticated File Manager Vulnerability Title: Artica Proxy Unauthenticated File Manager Vulnerability Advisory ID: KL-001-2024-003 Publication Date: 2024.03.05 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-003.txt 1. Vulnerability Detail...