Lucene search
K

3146 matches found

Huntr
Huntr
added 2022/02/20 5:12 p.m.9 views

Improper Access Control in File Manager module

Description In Webmin 1.984, any authenticated low privilege user who did not have access to the File Manager module could interact with a variety of file manager capabilities such as modifying file ownership chown, viewing file properties, listing or deleting files and directories on the server...

0.8AI score
Exploits0References1
Veracode
Veracode
added 2022/02/20 5:51 a.m.32 views

Use-After-Free

chromium is vulnerable to use-after-free. The vulnerability is possible because of a flaw in the component File Manager, leading to a memory corruption issue resulting in a use-after-free vulnerability...

8.8CVSS2.5AI score0.00833EPSS
Exploits0References3Affected Software2
NVD
NVD
added 2022/02/17 9:15 p.m.15 views

CVE-2022-22914

An incorrect access control issue in the component FileManager of Ovidentia CMS 6.0 allows authenticated attackers to to view and download content in the upload directory via path traversal...

7.5CVSS0.01404EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/02/17 9:15 p.m.5 views

CVE-2022-22914

An incorrect access control issue in the component FileManager of Ovidentia CMS 6.0 allows authenticated attackers to to view and download content in the upload directory via path traversal...

7.5CVSS7.1AI score0.01404EPSS
Exploits1References3
Huntr
Huntr
added 2022/02/17 2:55 a.m.46 views

Improper Access Control to Remote Code Execution

Description In Webmin v1.984, affecting File Manager module, any authenticated low privilege user without access rights to the File Manager module could interact with file manager functionalities such as download file from remote URL and change file permission chmod. It is possible to achieve...

9CVSS0.9AI score0.96977EPSS
Exploits13
Positive Technologies
Positive Technologies
added 2022/02/17 12:0 a.m.4 views

PT-2022-1959 · Webmin +1 · Webmin +1

Name of the Vulnerable Software and Affected Versions: webmin versions prior to 1.990 Description: The issue is related to improper access control in the webmin repository, which can lead to remote code execution. This is due to weaknesses in the authorization mechanism of the File Manager module...

9CVSS7.4AI score0.96977EPSS
Exploits14References28
0day.today
0day.today
added 2022/02/17 12:0 a.m.3768 views

Tiny File Manager 2.4.3 Shell Upload Exploit

Tiny File Manager Example: ./exploit.sh http://files.ubuntu.local/index.php admin "email protected" https://github.com/febinrev/tinyfilemanager-2.4.3-exploit !/bin/bash check which curl if $? = 0 then printf "✔ Curl found! \n" else printf "❌ Curl not found! \n" exit fi which jq if $? = 0 then...

0.3AI score
Exploits0
Microsoft CVE
Microsoft CVE
added 2022/02/16 8:0 a.m.65 views

Chromium: CVE-2022-0603 Use after free in File Manager

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

8.8CVSS8.4AI score0.00833EPSS
Exploits0
CNVD
CNVD
added 2022/02/16 12:0 a.m.27 views

Google Chrome Resource Management Error Vulnerability (CNVD-2022-20558)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a resource management error vulnerability that stems from a release and reuse technique within the file manager component. A remote attacker could exploit this vulnerability to create a specially crafted w...

8.8CVSS8.6AI score0.00833EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2022/02/16 12:0 a.m.378 views

Tiny File Manager 2.4.3 Shell Upload

Tiny File Manager Example: ./exploit.sh http://files.ubuntu.local/index.php admin "admin@123" https://github.com/febinrev/tinyfilemanager-2.4.3-exploit !/bin/bash check which curl if $? = 0 then printf "✔ Curl found! \n" else printf "❌ Curl not found! \n" exit fi which jq if $? = 0 then printf "✔...

7.4AI score
Exploits0
ThreatPost
ThreatPost
added 2022/02/15 6:33 p.m.225 views

Chrome Zero-Day Under Active Attack: Patch ASAP

Google on Monday issued 11 security fixes for its Chrome browser, including a high-severity zero-day bug that’s actively being jumped on by attackers in the wild. In a brief update, Google described the weakness, tracked as CVE-2022-0609, as a use-after-free vulnerability in Chrome’s Animation...

9.6CVSS9.8AI score0.70435EPSS
Exploits16References23
Huntr
Huntr
added 2022/02/15 10:8 a.m.41 views

Path Traversal in prasathmani/tinyfilemanager

Description A Path Traversal vulnerability exists in Tiny File Manager, which allows the upload of files to an arbitrary location in the server. This flaw derives from the way that the file upload/creation is handled when a file with the same name already exists in the target directory. Affected...

7.5CVSS0.3AI score0.01864EPSS
Exploits1
The Hacker News
The Hacker News
added 2022/02/15 5:6 a.m.138 views

New Chrome 0-Day Bug Under Active Attack – Update Your Browser ASAP!

Google on Monday rolled out fixes for eight security issues in the Chrome web browser, including a high-severity vulnerability that's being actively exploited in real-world attacks, marking the first zero-day patched by the internet giant in 2022. The shortcoming, tracked CVE-2022-0609, is...

8.8CVSS1AI score0.23546EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2022/02/15 12:0 a.m.49 views

FreeBSD : chromium -- multiple vulnerabilities (e12432af-8e73-11ec-8bc4-3065ec8fd3ec)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the e12432af-8e73-11ec-8bc4-3065ec8fd3ec advisory. - Inappropriate implementation in Gamepad API in Google Chrome prior to 98.0.4758.102 allowed ...

8.8CVSS8.9AI score0.23546EPSS
Exploits0References10
CNNVD
CNNVD
added 2022/02/14 12:0 a.m.4 views

Google Chrome和Chrome OS 资源管理错误漏洞

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a resource management error vulnerability that stems from a release and reuse technique within the file manager component. A remote attacker could exploit this vulnerability to create a specially crafted w...

8.8CVSS8.8AI score0.00833EPSS
Exploits0References13
Kaspersky
Kaspersky
added 2022/02/14 12:0 a.m.490 views

KLA12462 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, bypass security restrictions. Below is a complete list of vulnerabilities: 1. Use after free vulnerability in File Manager can be exploited t...

8.8CVSS10AI score0.23546EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2022/02/14 12:0 a.m.70 views

Google Chrome < 98.0.4758.102 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 98.0.4758.102. It is, therefore, affected by multiple vulnerabilities as referenced in the 202202stable-channel-update-for-desktop14 advisory. - Inappropriate implementation in Gamepad API in Google Chrome prior to...

8.8CVSS9AI score0.23546EPSS
Exploits0References17
Tenable Nessus
Tenable Nessus
added 2022/02/14 12:0 a.m.128 views

Google Chrome < 98.0.4758.102 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 98.0.4758.102. It is, therefore, affected by multiple vulnerabilities as referenced in the 202202stable-channel-update-for-desktop14 advisory. - Inappropriate implementation in Gamepad API in Google Chrome prior to...

8.8CVSS9AI score0.23546EPSS
Exploits0References17
FreeBSD
FreeBSD
added 2022/02/14 12:0 a.m.43 views

chromium -- multiple vulnerabilities

Chrome Releases reports: This release contains 11 security fixes, including: 1290008 High CVE-2022-0603: Use after free in File Manager. Reported by Chaoyuan Peng @ret2happy on 2022-01-22 1273397 High CVE-2022-0604: Heap buffer overflow in Tab Groups. Reported by Krace on 2021-11-24 1286940 High...

8.8CVSS0.23546EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/02/12 12:15 a.m.6 views

CVE-2022-0107

Use after free in File Manager API in Google Chrome on Chrome OS prior to 97.0.4692.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS7.8AI score0.00927EPSS
Exploits1References9
Rows per page
Query Builder