This Android File Manager App Infected Thousands of Devices with SharkBot Malware

The Android banking fraud malware known as SharkBot has reared its head once again on the official Google Play Store, posing as file managers to bypass the app marketplace's restrictions. A majority of the users who downloaded the rogue apps are located in the U.K. and Italy, Romanian cybersecuri...

Exploit for Improper Access Control in Webmin

WebminRCE-exploit CVE-2022-0824, CVE-2022-0829 - File Manger p...

3DPrint < 3.5.6.9 - Arbitrary File and Directory Deletion via CSRF

Description The plugin does not protect against CSRF attacks in the modified version of Tiny File Manager included with the plugin, allowing an attacker to craft a malicious request that will delete any number of files or directories on the target server by tricking a logged in admin into...

Webmin 1.984 File Manager Remote Code Execution Exploit

In Webmin version 1.984, any authenticated low privilege user without access rights to the File Manager module could interact with file manager functionalities such as downloading files from remote URLs and changing file permissions. It is possible to achieve remote code execution via a crafted...

Webmin 1.984 File Manager Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Webmin File Manager RCE', 'Description' = %q In Webmin version 1.984, any authenticated low privilege user without access rights to the File...

Webmin File Manager RCE

In Webmin version 1.984, any authenticated low privilege user without access rights to the File Manager module could interact with file manager functionalities such as downloading files from remote URLs and changing file permissions. It is possible to achieve Remote Code Execution via a crafted...

The vulnerability of the Adobe Bridge file manager, related to writing beyond the buffer boundaries in memory, allows a hacker to execute arbitrary code.

The vulnerability of the Adobe Bridge file manager is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

CVE-2022-3126

The Frontend File Manager Plugin WordPress plugin before 21.4 does not have CSRF check when uploading files, which could allow attackers to make logged in users upload files on their behalf...

Cross site request forgery (csrf)

The Frontend File Manager Plugin WordPress plugin before 21.4 does not have CSRF check when uploading files, which could allow attackers to make logged in users upload files on their behalf...

WordPress Plugin Frontend File Manager 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site request forgery vulnerability exists in...

CVE-2022-3126

CVE-2022-3126 concerns the WordPress plugin Frontend File Manager (prior to version 21.4). The issue is a missing CSRF check during file uploads, enabling an attacker to cause a logged-in user to upload files on the attacker’s behalf. Documented impact is limited to file upload behavior with no b...

CVE-2022-3126 Frontend File Manager < 21.4 - File Upload via CSRF

The Frontend File Manager Plugin WordPress plugin before 21.4 does not have CSRF check when uploading files, which could allow attackers to make logged in users upload files on their behalf...

PT-2022-20647 · WordPress · Frontend File Manager Plugin

Name of the Vulnerable Software and Affected Versions: Frontend File Manager Plugin WordPress plugin versions prior to 21.4 Description: The issue concerns a lack of CSRF check when uploading files, which could allow attackers to make logged-in users upload files on their behalf. Recommendations:...

mojoPortal directory traversal vulnerability

mojoPortal is an open source, object-oriented web architecture WSF and content management system CMS from Joe Audette, an individual developer in the United States. The system provides event calendars, photo albums, file managers, etc. mojoPortal v2.7 version of the path traversal vulnerability,...

WordPress Frontend File Manager Arbitrary File Upload Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plug-in. WordPress Frontend File Manager versions prior to 21.3 are vulnerable to arbitrary file uploads, whi...

CVE-2022-3125

The Frontend File Manager Plugin WordPress plugin before 21.3 allows any authenticated users, such as subscriber, to rename a file to an arbitrary extension, like PHP, which could allow them to basically be able to upload arbitrary files on the server and achieve RCE...

CVE-2022-3125

The Frontend File Manager Plugin WordPress plugin before 21.3 allows any authenticated users, such as subscriber, to rename a file to an arbitrary extension, like PHP, which could allow them to basically be able to upload arbitrary files on the server and achieve RCE...

CVE-2022-3125

The Frontend File Manager Plugin WordPress plugin before 21.3 allows any authenticated users, such as subscriber, to rename a file to an arbitrary extension, like PHP, which could allow them to basically be able to upload arbitrary files on the server and achieve RCE...

CVE-2022-3124

The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server...

CVE-2022-3124

The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server...