CVE-2021-32682

elFinder 2.1.58 is affected by multiple remote code execution vulnerabilities that could allow an attacker to execute arbitrary code and commands on the server hosting the PHP connector, even with minimal configuration. The issues were patched in 2.1.59; a mitigation is to ensure the connector is...

The vulnerability of the Adobe Bridge file manager, related to reading beyond the buffer in memory, allows a malicious actor to gain unauthorized access to protected information.

The vulnerability of the Adobe Bridge file manager is related to reading data beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

in tagspaces/tagspaces

Vulnerability Code Execution using Reflected Cross Site Scripting ✍️ Description Tagspaces is a file organizer that also works as a file manager. When you open a file, it tries to provide a preview of common files like images, code and text files. But if the extension is not known to tagspaces, it...

CVE-2021-21399

Ampache (web-based audio/video streaming app and file manager) is affected by CVE-2021-21399. Versions prior to 4.4.1 allow unauthenticated access to the Ampache backend via the Subsonic API if an attacker uses a username not associated with the site to bypass authentication. This is described in...

CVE-2021-24177

In the default configuration of the File Manager WordPress plugin before 7.1, a Reflected XSS can occur on the endpoint /wp-admin/admin.php?page=wpfilemanagerproperties when a payload is submitted on the User-Agent parameter. The payload is then reflected back on the web application response...

CVE-2021-24177

In the default configuration of the File Manager WordPress plugin before 7.1, a Reflected XSS can occur on the endpoint /wp-admin/admin.php?page=wpfilemanagerproperties when a payload is submitted on the User-Agent parameter. The payload is then reflected back on the web application response...

Default configuration

In the default configuration of the File Manager WordPress plugin before 7.1, a Reflected XSS can occur on the endpoint /wp-admin/admin.php?page=wpfilemanagerproperties when a payload is submitted on the User-Agent parameter. The payload is then reflected back on the web application response...

CVE-2021-24177

CVE-2021-24177: Reflected XSS in the WordPress File Manager plugin (pre-7.1) on /wp-admin/admin.php?page=wp_file_manager_properties where a payload submitted in the User-Agent header is reflected in the response. Affected product: WordPress File Manager plugin (default configuration). CVSS eviden...

WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the File Manager WordPress plugin before 7.1, which...

[SECURITY] Fedora 34 Update: nautilus-40~rc-1.fc34

Nautilus is the file manager and graphical shell for the GNOME desktop that makes it easy to manage your files and the rest of your system. It allows to browse directories on local and remote filesystems, preview files and launch applications associated with them. It is also responsible for...

WordPress File Manager < 6.9 File Upload

File upload vulnerability in WordPress File Manager plugin Vulnerability Type: File Upload For the exploit source code contact DSquare Security sales team...

WP File Manager < 7.1 - Reflected Cross-Site Scripting (XSS)

During a quick security auditing of the plugin, in the default configuration a Reflected XSS can occur on the endpoint /wp-admin/admin.php?page=wpfilemanagerproperties when a payload is submitted on the User-Agent parameter. The payload is then reflected back on the web application response...

CVE-2020-36246

Amaze File Manager before 3.5.1 allows attackers to obtain root privileges via shell metacharacters in a symbolic link...

CVE-2020-36246

Amaze File Manager before 3.5.1 allows attackers to obtain root privileges via shell metacharacters in a symbolic link...

Design/Logic Flaw

Amaze File Manager before 3.5.1 allows attackers to obtain root privileges via shell metacharacters in a symbolic link...

CVE-2020-36246

Amaze File Manager before 3.5.1 allows attackers to obtain root privileges via shell metacharacters in a symbolic link...

CVE-2020-36246

CVE-2020-36246 affects Amaze File Manager prior to 3.5.1. A local user can escalate privileges to root via shell metacharacters in a symbolic link. The issue is documented in NVD and Red Hat advisories, with a fixed release at v3.5.1 (see references to the v3.5.1 release). The connected records c...

Cross-site Scripting (XSS) - Generic in prasathmani/tinyfilemanager

:book: Description TinyFileManager is web based file manager and it is a simple, fast and small file manager with a single file, multi-language ready web application for storing, uploading, editing and managing files and folders online via web browser. The Application runs on PHP 5.5+, It allows...

Teamamaze Amazefilemanager Command Injection Vulnerability

Teamamaze Amazefilemanager is a file manager app for Android devices by Teamamaze team. A command injection vulnerability exists in Amazefilemanager. The vulnerability can be exploited to gain root privileges by injecting shell meta commands into symbolic links. The following products and version...

Path Traversal in mucommander/mucommander

:book: Description mucommander A lightweight, cross-platform file manager with a dual-pane interface. This package is vulnerable for zip-slip. https://github.com/mucommander/mucommander https://www.mucommander.com/ :recycle: Steps To Reproduce-: 0 download and run latest release from...