CVE-2021-41291

ECOA BAS controller suffers from a path traversal content disclosure vulnerability. Using the GET parameter in File Manager, unauthenticated attackers can remotely disclose directory content on the affected device...

Path traversal

ECOA BAS controller suffers from a path traversal content disclosure vulnerability. Using the GET parameter in File Manager, unauthenticated attackers can remotely disclose directory content on the affected device...

CVE-2021-41291 ECOA BAS controller - Path Traversal-1

ECOA BAS controller suffers from a path traversal content disclosure vulnerability. Using the GET parameter in File Manager, unauthenticated attackers can remotely disclose directory content on the affected device...

Ecoa Bas controller 路径遍历漏洞

Ecoa Bas controller is a building automation controller from Ecoa Technologies Corp. in China. A path traversal vulnerability exists in Ecoa Bas controller, which can be exploited by attackers to compromise the device directory content by using the GET parameter in the file manager...

The vulnerability of the Adobe Bridge file manager arises from insufficient validation of input data, allowing a malicious actor to redirect users to a malicious web page remotely.

The vulnerability of the Adobe Bridge file manager, related to insufficient validation of input data, allows a malicious actor to redirect users to a malicious web page remotely...

The vulnerability of the Adobe Bridge file manager, related to writing beyond the buffer boundaries in memory, allows a malicious actor to execute arbitrary code in the context of the current user.

The vulnerability of the Adobe Bridge file manager is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code in the context of the current user...

Concrete CMS: A bypass of adding remote files in concrete5 FIlemanager leads to remote code execution

Hi, I 'm currently testing the latest concretecms on my own pc and found some security problems of file manager. Concretecms allows user to upload remote files via file manager. With some techniques to bypass restriction of this function, a evil user will be able to download arbitary php file int...

The vulnerability of the Thunar file manager, related to improper access control, allows a perpetrator to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the Thunar file manager is related to the use of another program without user confirmation when the file is used as an acommand. Exploiting this vulnerability can allow an attacker who operates remotely to gain access to confidential data, compromise its integrity, and cause...

TinyFileManager path traversal vulnerability

TinyFileManager is a web-based file manager used to store, upload, edit and manage files and folders online via a web browser. A path traversal vulnerability exists in TinyFileManager 2.4.6 and all versions below, which stems from the software's lack of validation and escaping of the fullpath...

TinyFileManager Cross-Site Scripting Vulnerability

TinyFileManager is a web-based file manager used to store, upload, edit and manage files and folders online via a web browser. It is used to store, upload, edit and manage files and folders online via a Web browser. A cross-site scripting vulnerability exists in TinyFileManager 2.4.6 and all...

Improper access control

Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information and/or execute arbitrary code via the 'FileManager.rename' function in the component 'modules/filemanager/FileManagerController.java'...

PT-2021-23020

Name of the Vulnerable Software and Affected Versions TinyFileManager versions up to and including 2.4.6 Description A Cross-Site Request Forgery CSRF issue exists that allows attackers to upload files and run OS commands by inducing the Administrator user to browse a URL controlled by an attacke...

Jfinal CMS 路径遍历漏洞

Jfinal CMS is a powerful information consulting website developed in java that uses JFinal as the web framework, beetl for the template engine, mysql for the database, and bootstrap framework for the front-end. improper access control vulnerabilities exist in Jfinal CMS 4.7.1 and earlier versions...

The vulnerability of the Adobe Bridge file manager, related to reading beyond the buffer in memory, allows a malicious actor to gain unauthorized access to protected information.

The vulnerability of the Adobe Bridge file manager is related to reading data beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

The vulnerability of the Adobe Bridge file manager, related to writing beyond the buffer boundaries in memory, allows a malicious actor to gain unauthorized access to protected information.

The vulnerability of the Adobe Bridge file manager is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

Cross-Site Request Forgery (CSRF) in myvesta/vesta

✍️ Description Attacker is able to delete any file on the server if logged in user visits attacker website. 🕵️‍♂️ Proof of Concept Create a test.txt file under /home/user when you logged in open this POC.html in a browser you can check test.txt deletes. //PoC.html history.pushState'', '', '/'...

The vulnerability of the File Manager plugin (wp-file-manager) of the WordPress content management system allows a hacker to execute arbitrary PHP code on the target system.

The vulnerability of the File Manager plugin wp-file-manager in the WordPress content management system is related to the ability to download files of a dangerous type without limitation. Exploiting this vulnerability allows a malicious actor to execute any PHP code on the target system remotely...

Top 15 Vulnerabilities Attackers Exploited Millions of Times to Hack Linux Systems

Close to 14 million Linux-based systems are directly exposed to the Internet, making them a lucrative target for an array of real-world attacks that could result in the deployment of malicious web shells, coin miners, ransomware, and other trojans. That's according to an in-depth look at the Linu...

Arbitrary File Upload

Overview unisharp/laravel-filemanager is an A file upload/editor intended for use with Laravel 5 to 6 and CKEditor / TinyMCE. Affected versions of this package are vulnerable to Arbitrary File Upload. The upload function does not sufficiently validate the file type when uploading. An attacker may...

elFinder - A Case Study of Web File Manager Vulnerabilities

An application’s interaction with the file system is always highly security sensitive, since minor functional bugs can easily be the source of exploitable vulnerabilities. This observation is especially true in the case of web file managers, whose role is to replicate the features of a complete...