CVE-2022-2032

In Pandora FMS v7.0NG.761 and below, in the file manager section, the dirname parameter is vulnerable to a Stored Cross Site-Scripting. This vulnerability can be exploited by an attacker with administrator privileges logged in the system...

Afian Filerun SQL Injection Vulnerability (CNVD-2022-68943)

Afian FileRun is a full-featured web-based file manager. sql injection vulnerability exists in Afian Filerun version 20220202, which stems from a lack of cleanup of the POST parameter metadata in the /?module=fileman§ion=get&page=grid page. An attacker could exploit this vulnerability to cause SQ...

Afian FileRun SQL注入漏洞

Afian FileRun is a full-featured web-based file manager. sql injection vulnerability exists in Afian Filerun version 20220202, which stems from a lack of cleanup of the POST parameter metadata in the /?module=fileman§ion=get&page=grid page. An attacker could exploit this vulnerability to cause SQ...

Codiad Cross-site Scripting Vulnerability

A Cross Site Scripting XSS vulnerability was found in Codiad v1.7.8 and later. The vulnerability occurs because of improper sanitization of the folder's name $path variable in components/filemanager/class.filemanager.php. NOTE: the vendor states "Codiad is no longer under active maintenance by co...

Contao SQL injection in the file manager

David Wind, penetration tester with A1 Digital, has discovered that the SQL injection vulnerability originally published under CVE-2017-16558 can still be exploited in the file manager in Contao 4...

GHSA-VQ59-X6MQ-4WGW Contao SQL injection in the file manager

David Wind, penetration tester with A1 Digital, has discovered that the SQL injection vulnerability originally published under CVE-2017-16558 can still be exploited in the file manager in Contao 4...

CVE-2022-28997

CSZCMS v1.3.0 allows attackers to execute a Server-Side Request Forgery SSRF which can be leveraged to leak sensitive data via a local file inclusion at /admin/filemanager/connector/...

CVE-2022-28997

CSZCMS v1.3.0 allows attackers to execute a Server-Side Request Forgery SSRF which can be leveraged to leak sensitive data via a local file inclusion at /admin/filemanager/connector/...

Ajenti Cross-site Scripting Via Filename

Ajenti through v1.2.23.13 has a Cross-site Scripting XSS vulnerability via a filename that is mishandled in File Manager...

GHSA-5PCV-M8W2-62M9 Ajenti Cross-site Scripting Via Filename

Ajenti through v1.2.23.13 has a Cross-site Scripting XSS vulnerability via a filename that is mishandled in File Manager...

Croogo vulnerable to Cross-site Scripting in title field

A stored self-XSS exists in Croogo before v3.0.7, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/file-manager/attachments/edit/4...

GHSA-Q5FG-V5P7-R424 Croogo vulnerable to Cross-site Scripting in title field

A stored self-XSS exists in Croogo before v3.0.7, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/file-manager/attachments/edit/4...

CVE-2022-1648

Pandora FMS v7.0NG.760 and below allows a relative path traversal in File Manager where a privileged user could upload a .php file outside the intended images directory which is restricted to execute the .php file. The impact could lead to a Remote Code Execution with running application privileg...

Codiad Vulnerable to Shell Command Injection

components/filemanager/class.filemanager.php in Codiad before 2.8.3 is vulnerable to remote command execution because shell commands can be embedded in parameter values, as demonstrated by searchfiletype...

GHSA-X5G4-CRXQ-QXJX Contao Core directory traversal vulnerability

A logged in back end user can include arbitrary PHP files by manipulating an URL parameter. Since Contao does not allow to upload PHP files in the file manager, the attack is limited to the existing PHP files on the server...

The vulnerability of the File Manager in the Google Chrome browser, which allows a hacker to disclose protected information

The vulnerability of the File Manager in Google Chrome browser is related to the use of memory after it is released. Exploiting this vulnerability can allow an attacker to disclose sensitive information...

Use After Free

chromium is vulnerable to use after free. The vulnerability exists in File Manager which allows an attacker to cause a memory corruption which then leads to an application crash...

chromium -- multiple vulnerabilities

Chrome Releases reports: This release contains 30 security fixes, including: 1313905 High CVE-2022-1477: Use after free in Vulkan. Reported by SeongHwan Park SeHwa on 2022-04-06 1299261 High CVE-2022-1478: Use after free in SwiftShader. Reported by SeongHwan Park SeHwa on 2022-02-20 1305190 High...

The vulnerability of the Adobe Bridge file manager, related to reading beyond the buffer in memory, allows an attacker to exploit the protected information.

The vulnerability of the Adobe Bridge file manager is related to reading beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to disclose protected memory information in the context of the current user, using a specially crafted file...

CVE-2021-32161

A Cross-Site Scripting XSS vulnerability exists in Webmin 1.973 through the File Manager feature...