The vulnerability of the Adobe Bridge file manager relates to the use of an uninitialized pointer, which allows an attacker to bypass the ASLR protection mechanism.

The vulnerability of the Adobe Bridge file manager is related to the use of an uninitialized pointer. Exploiting this vulnerability could allow an attacker to bypass the ASLR protection mechanism...

CVE-2023-6302

A vulnerability was found in CSZCMS 1.3.0 and classified as critical. Affected by this issue is some unknown functionality of the file \views\templates of the component File Manager Page. The manipulation leads to permission issues. The attack may be launched remotely. The exploit has been...

CVE-2023-6302

A vulnerability was found in CSZCMS 1.3.0 and classified as critical. Affected by this issue is some unknown functionality of the file \views\templates of the component File Manager Page. The manipulation leads to permission issues. The attack may be launched remotely. The exploit has been...

Design/Logic Flaw

A vulnerability was found in CSZCMS 1.3.0 and classified as critical. Affected by this issue is some unknown functionality of the file \views\templates of the component File Manager Page. The manipulation leads to permission issues. The attack may be launched remotely. The exploit has been...

CVE-2023-6302 CSZCMS File Manager Page templates permission

A vulnerability was found in CSZCMS 1.3.0 and classified as critical. Affected by this issue is some unknown functionality of the file \views\templates of the component File Manager Page. The manipulation leads to permission issues. The attack may be launched remotely. The exploit has been...

CVE-2023-6302 CSZCMS File Manager Page templates permission

A vulnerability was found in CSZCMS 1.3.0 and classified as critical. Affected by this issue is some unknown functionality of the file \views\templates of the component File Manager Page. The manipulation leads to permission issues. The attack may be launched remotely. The exploit has been...

CVE-2023-6302

CSZCMS 1.3.0 has a vulnerability in the File Manager Page templates (viewstemplates) that allows permission issues. The root cause is tied to unknown functionality in the affected templates, enabling remote exploitation with publicly disclosed exploit details. Multiple sources (NVD, CVE records a...

PT-2023-14046 · Oro · Oroplatform

Name of the Vulnerable Software and Affected Versions: OroPlatform versions prior to 5.0.9 Description: Path Traversal is possible in OroBundleGaufretteBundleFileManager::getTemporaryFileName. With this method, an attacker can pass the path to a non-existent file, which will allow writing the...

PT-2023-32602 · Csz Cms · Csz Cms

Name of the Vulnerable Software and Affected Versions: CSZCMS version 1.3.0 Description: A critical issue was found in the File Manager Page component, specifically in the viewstemplates file, leading to permission issues. The attack can be launched remotely. The issue has been publicly disclosed...

CSZCMS License Issue Vulnerability

CSZCMS is an open source web application that allows managing all content and settings on a website. An authorization issue vulnerability exists in CSZCMS version 1.3.0, which stems from an unknown function in the file view template in the component File Manager Page, resulting in a permissions...

Artica Pandora FMS Security Vulnerability

Artica Pandora FMS is a monitoring system from the Spanish company Artica. The system monitors networks, servers, virtual infrastructures, applications, etc. in a visual way. A security vulnerability exists in Artica Pandora FMS versions 700 through 773, which stems from an improperly restricted...

PT-2023-28109 · Unknown · Pandora Fms

Name of the Vulnerable Software and Affected Versions: Pandora FMS versions 700 through 773 Description: The issue allows unrestricted upload of files with dangerous types, specifically PHP executable files, through the file manager. This is due to accessing functionality not properly constrained...

The Continued Evolution of the DarkGate Malware-as-a-Service

The Continued Evolution of the DarkGate Malware-as-a-Service By Ernesto Fernández Provecho, Pham Duy Phuc, Ciana Driscoll and Vinoo Thomas · November 21, 2023 On September 2023, the Trellix Security Operations Center SOC successfully detected and stopped an attack against Musarubra, the holding...

File Manager < 6.3 - Admin+ Arbitrary OS File/Folder Access + Path Traversal

Description The plugin does not restrict the file managers root directory, allowing an administrator to set a root outside of the WordPress root directory, giving access to system files and directories even in a multisite setup, where site administrators should not be allowed to modify the sites...

File Manager < 6.3 - Admin+ Arbitrary OS File/Folder Access + Path Traversal

Description The plugin does not restrict the file managers root directory, allowing an administrator to set a root outside of the WordPress root directory, giving access to system files and directories even in a multisite setup, where site administrators should not be allowed to modify the sites...

kodbox security breach

kodbox is a network file manager. A security vulnerability exists in kodbox version 1.46.01. An attacker could exploit the vulnerability to identify valid users based on different response messages...

WordPress Frontend File Manager Plugin < 22.6 is vulnerable to Arbitrary File Download

Software Frontend File Manager Type Plugin Vulnerable versions 22.6 Fixed in 22.6 OWASP Top 10 A5: Broken Access Control Classification Arbitrary File Download CVE CVE-2023-5105 Patch priority Medium CVSS severity Medium 9.1 Developer Claim ownership PSID 66e0e4c68ed0 Credits Dmitrii Ignatyev...

Frontend File Manager < 22.7 - Editor+ Arbitrary File Download

Description The plugin has a vulnerability that allows an Editor+ user to bypass the file download logic and download files such as wp-config.php 1 Create new post with this shortcode - ffmwp 2 Go to new post and upload any file 3 After that go to main page of plugin for users...

Frontend File Manager < 22.7 - Editor+ Arbitrary File Download

Description The plugin has a vulnerability that allows an Editor+ user to bypass the file download logic and download files such as wp-config.php PoC 1 Create new post with this shortcode - ffmwp 2 Go to new post and upload any file 3 After that go to main page of plugin for users...

libreoffice: Empty entry in Java class path

A flaw was found in LibreOffice. When an empty Java class path entry is configured, LibreOffice will search for Java classes in the current working directory, allowing malicious Java classes to load when opening a document using the file manager, resulting in arbitrary code execution...