Code injection

The Amaze File Manager application before 3.4.2 for Android does not properly restrict intents for controlling the FTP server aka services.ftpservice.FTPReceiver.ACTIONSTARTFTPSERVER and services.ftpservice.FTPReceiver.ACTIONSTOPFTPSERVER...

CVE-2020-35173

The Amaze File Manager application before 3.4.2 for Android does not properly restrict intents for controlling the FTP server aka services.ftpservice.FTPReceiver.ACTIONSTARTFTPSERVER and services.ftpservice.FTPReceiver.ACTIONSTOPFTPSERVER...

CVE-2020-35173

The Amaze File Manager Android app is affected by CVE-2020-35173 (before 3.4.2). The root cause is improper restriction of intents for controlling the FTP server (FTPReceiver.ACTION_START_FTPSERVER and ACTION_STOP_FTPSERVER). This could allow unauthorized control of the FTP service; CVSS scores i...

SUPREMO 4.1.3.2348 Privilege Escalation Vulnerability

Details ======= Subject: Local Privilege Escalation Product: SUPREMO by Nanosystems S.r.l. Vendor Homepage: https://www.supremocontrol.com/ Vendor Status: fixed version released Vulnerable Version: 4.1.3.2348 No other version was tested, but it is believed for the older versions to be also...

CVE-2020-25106

Nanosystems SupRemo 4.1.3.2348 allows attackers to obtain LocalSystem access because File Manager can be used to rename Supremo.exe and then upload a Trojan horse with the Supremo.exe filename...

CVE-2020-25106

Nanosystems SupRemo 4.1.3.2348 allows attackers to obtain LocalSystem access because File Manager can be used to rename Supremo.exe and then upload a Trojan horse with the Supremo.exe filename...

Design/Logic Flaw

Nanosystems SupRemo 4.1.3.2348 allows attackers to obtain LocalSystem access because File Manager can be used to rename Supremo.exe and then upload a Trojan horse with the Supremo.exe filename...

CVE-2020-25106

Nanosystems SupRemo 4.1.3.2348 allows attackers to obtain LocalSystem access because File Manager can be used to rename Supremo.exe and then upload a Trojan horse with the Supremo.exe filename...

The vulnerability of the Adobe Bridge file manager, related to writing beyond the buffer boundaries in memory, allows a hacker to execute arbitrary code.

The vulnerability of the Adobe Bridge file manager is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code in the context of the current user...

The vulnerability of the Adobe Bridge file manager, related to reading beyond the buffer in memory, allows an attacker to execute arbitrary code.

The vulnerability of the Adobe Bridge file manager is related to reading beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code in the context of the current user...

WordPress Plugin secure-file-manager Access Control Errorl Vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. An access control error vulnerability exists in the Wordpress secure-file-manager plugin through...

@concord-consortium/cloud-file-manager (>=2.0.0-pre.1 <=2.3.1), @hat-core/juggler (>=0.4.0-dev20200410 <=0.4.1-dev20210707) +45 more potentially affected by unknown CVE via jiff (>=0.6.0 <=0.7.3)

jiff NPM version =0.6.0, =2.0.0-pre.1, =0.4.0-dev20200410, =0.5.1-dev20210809, =0.1.0, =1.0.0, =1.0.1, =0.0.3, =2.0.0, =1.0.0, =0.0.1, =0.5.5, =1.0.0-3, =1.0.0-0, =1.0.0, =1.1.2 and more Source cves: unknown CVE Source advisory: SNYK:JS-JIFF-1017118...

CVE-2020-35235

vendor/elfinder/php/connector.minimal.php in the secure-file-manager plugin through 2.5 for WordPress loads elFinder code without proper access control. Thus, any authenticated user can run the elFinder upload command to achieve remote code execution. NOTE: This vulnerability only affects product...

Remote code execution

vendor/elfinder/php/connector.minimal.php in the secure-file-manager plugin through 2.5 for WordPress loads elFinder code without proper access control. Thus, any authenticated user can run the elFinder upload command to achieve remote code execution. NOTE: This vulnerability only affects product...

CVE-2020-35235

vendor/elfinder/php/connector.minimal.php in the secure-file-manager plugin through 2.5 for WordPress loads elFinder code without proper access control. Thus, any authenticated user can run the elFinder upload command to achieve remote code execution. NOTE: This vulnerability only affects product...

CVE-2020-35235

vendor/elfinder/php/connector.minimal.php in the secure-file-manager plugin through 2.5 for WordPress loads elFinder code without proper access control. Thus, any authenticated user can run the elFinder upload command to achieve remote code execution. NOTE: This vulnerability only affects product...

CVE-2020-35235

CVE-2020-35235 affects the WordPress Secure-File-Manager plugin (through version 2.5). The root cause is loading elFinder code via vendor/elfinder/php/connector.minimal.php without proper access control, enabling any authenticated user to issue the elFinder upload command and achieve remote code ...

PT-2020-17295 · WordPress · Secure-File-Manager

Name of the Vulnerable Software and Affected Versions: Secure-file-manager plugin versions through 2.5 for WordPress Description: The issue arises from the secure-file-manager plugin loading elFinder code without proper access control, allowing any authenticated user to run the elFinder upload...

Authentication Bypass

php-horde-gollem is vulnerable to authentication bypass. The File Manager gollem module allows remote attackers to bypass Horde authentication for file downloads via a malicious fn parameter that corresponds to the exact filename...

CMS Made Simple 2.2.15 Cross Site Scripting

Exploit Title: CMS Made Simple 2.2.15 - Stored Cross-Site Scripting via SVG File Upload Authenticated Date: 04/12/2020 Exploit Author: Eshan Singh Vendor Homepage: https://www.cmsmadesimple.org/ Software Link: https://www.cmsmadesimple.org/downloads Version: cmsms v2.2.15 Tested on: Windows/Kali...