3143 matches found
CVE-2020-12102
In Tiny File Manager 2.4.1, there is a Path Traversal vulnerability in the ajax recursive directory listing functionality. This allows authenticated users to enumerate directories and files on the filesystem outside of the application scope...
CVE-2020-12102
In Tiny File Manager 2.4.1, there is a Path Traversal vulnerability in the ajax recursive directory listing functionality. This allows authenticated users to enumerate directories and files on the filesystem outside of the application scope...
Path traversal
In Tiny File Manager 2.4.1, there is a Path Traversal vulnerability in the ajax recursive directory listing functionality. This allows authenticated users to enumerate directories and files on the filesystem outside of the application scope...
CVE-2020-12103
In Tiny File Manager 2.4.1 there is a vulnerability in the ajax file backup copy functionality which allows authenticated users to create backup copies of files with .bak extension outside the scope in the same directory in which they are stored...
CVE-2020-12103
Tiny File Manager 2.4.1 contains a vulnerability in the ajax file backup copy functionality that allows authenticated users to create backup copies (.bak) outside the intended scope in the same directory. The issue is due to a flaw in the backup copy feature. Remediation suggested in the connecte...
CVE-2020-12102
In Tiny File Manager 2.4.1, there is a Path Traversal vulnerability in the ajax recursive directory listing functionality. This allows authenticated users to enumerate directories and files on the filesystem outside of the application scope...
CVE-2020-12102
CVE-2020-12102 concerns Tiny File Manager 2.4.1 where a Path Traversal vulnerability exists in the ajax recursive directory listing. This enables authenticated users to enumerate directories and files on the filesystem outside the application scope. Connected sources describe the same impact and ...
PT-2020-13035
Name of the Vulnerable Software and Affected Versions Tiny File Manager version 2.4.1 Description The issue allows authenticated users to create backup copies of files with a .bak extension outside the intended scope in the same directory where they are stored. This is due to a vulnerability in t...
PT-2020-13034
Name of the Vulnerable Software and Affected Versions Tiny File Manager version 2.4.1 Description The issue allows authenticated users to enumerate directories and files on the filesystem outside of the application scope due to a Path Traversal vulnerability in the ajax recursive directory listin...
Transfer Master v3.3 iOS - Denial of Service Vulnerability
Document Title: =============== Transfer Master v3.3 iOS - Denial of Service Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2224 Release Date: ============= 2020-04-27 Vulnerability Laboratory ID VL-ID: ===================================...
Prestashop 1.7.6.4 XSS / CSRF / Remote Code Execution Vulnerabilities
Exploit for php platform in category web applications Prestashop | stazot.com Last Modified: 2020-04-11 Vendor : https://www.prestashop.com/ Version : = 1.7.6.4 Tested on : 1.7.6.4 -- Table of Contents 00 - Introduction 01 - Exploit 02 - Cross-Site Request Forgery CSRF 02.1 - Exploitation 03 -...
Prestashop 1.7.6.4 XSS / CSRF / Remote Code Execution
Prestashop | stazot.com Last Modified: 2020-04-11 Vendor : https://www.prestashop.com/ Version : = 1.7.6.4 Tested on : 1.7.6.4 -- Table of Contents 00 - Introduction 01 - Exploit 02 - Cross-Site Request Forgery CSRF 02.1 - Exploitation 03 - Stored Cross-Site Scripting 03.1 - Exploitation 04 -...
2345 Haozhu is vulnerable to dll hijacking.
2345 GoodPress is a compressed file manager. 2345 Haozui has a dll hijacking vulnerability, which can be exploited by an attacker to load a malicious dll and execute arbitrary code...
Project Worlds Official Car Rental System Code Issue Vulnerability
Project Worlds Official Car Rental System is a PHP and MySQL based car rental system. A code issue exists in the upload section of the file manager page in Project Worlds Official Car Rental System version 1. The vulnerability can be exploited to run commands on the server via the addcars.php fil...
DNN Information Disclosure Vulnerability
DNN also known as DotNetNuke is a set of U.S. DNN by Microsoft support , based on the ASP.NET platform for open source content management system CMS. The system is easy to install , scalable , feature-rich and so on. DNN formerly DotNetNuke 9.5 version of the embedded...
Information disclosure
There is an information disclosure issue in DNN formerly DotNetNuke 9.5 within the built-in Activity-Feed/Messaging/Userid/ Message Center module. A registered user is able to enumerate any file in the Admin File Manager other than ones contained in a secure folder by sending themselves a message...
CVE-2020-11544
An issue was discovered in Project Worlds Official Car Rental System 1. It allows the admin user to run commands on the server with their account because the upload section on the file-manager page contains an arbitrary file upload vulnerability via addcars.php. There are no upload restrictions f...
LimeSurvey 4.1.11 - 'File Manager' Path Traversal
Exploit Title: LimeSurvey 4.1.11 - 'File Manager' Path Traversal Date: 2020-04-02 Exploit Author: Matthew Aberegg, Michael Burkey Vendor Homepage: https://www.limesurvey.org Version: LimeSurvey 4.1.11+200316 Tested on: Ubuntu 18.04.4 CVE : CVE-2020-11455 Vulnerability Details Description : A path...
LimeSurvey 4.1.11 Path Traversal
Exploit Title: LimeSurvey 4.1.11 - 'File Manager' Path Traversal Date: 2020-04-02 Exploit Author: Matthew Aberegg, Michael Burkey Vendor Homepage: https://www.limesurvey.org Version: LimeSurvey 4.1.11+200316 Tested on: Ubuntu 18.04.4 CVE : CVE-2020-11455 Vulnerability Details Description : A path...
LimeSurvey path traversal vulnerability (CNVD-2020-23188)
LimeSurvey formerly known as PHPSurveyor is a set of open source online questionnaire survey program from the LimeSurvey team, which supports survey program development, questionnaire distribution, and data collection. A path traversal vulnerability exists in the...