CVE-2019-19368

A Reflected Cross Site Scripting was discovered in the Login page of Rumpus FTP Web File Manager 8.2.9.1. An attacker can exploit it by sending a crafted link to end users and can execute arbitrary Javascripts...

CVE-2019-19368

A Reflected Cross Site Scripting was discovered in the Login page of Rumpus FTP Web File Manager 8.2.9.1. An attacker can exploit it by sending a crafted link to end users and can execute arbitrary Javascripts...

CVE-2019-19368

Rumpus FTP Web File Manager 8.2.9.1 is affected by a reflected Cross‑Site Scripting vulnerability on the Login page. An attacker can entice a user to click a crafted link, enabling execution of arbitrary JavaScript in the victim’s browser (potential session hijacking/defacement or data theft). Ro...

CVE-2019-19368

A Reflected Cross Site Scripting was discovered in the Login page of Rumpus FTP Web File Manager 8.2.9.1. An attacker can exploit it by sending a crafted link to end users and can execute arbitrary Javascripts...

nopCommerce Cross-Site Request Forgery Vulnerability

nopCommerce is an open source e-commerce shopping cart software. roxy Fileman is a free open source file browser for .NET and PHP , can be integrated into the CKEditor and TinyMCE WYSIWYG html editor . A cross-site request forgery vulnerability exists in Roxy Fileman used in nopCommerce 4.2.0,...

Responsive File Manager Directory Traversal (CVE-2018-20792)

A directory traversal vulnerability exists in the Responsive File Manager. This vulnerability is due to insufficient sanitization of directory traversal characters by the ajaxcalls.php. Successful exploitation of this vulnerability could allow an attacker to access arbitrary files on the affected...

Antispy - A Free But Powerful Anti Virus And Rootkits Toolkit

AntiSpy is a free but powerful anti virus and rootkits toolkit. It offers you the ability with the highest privileges that can detect,analyze and restore various kernel modifications and hooks. With its assistance,you can easily spot and neutralize malwares hidden from normal detectors. Developme...

CVE-2019-16295

Stored XSS in filemanager2.php in CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.885 exists via the cmdarg parameter. This can be exploited by a local attacker who supplies a crafted filename within a directory visited by the victim...

CWP 0.9.8.885 Cross Site Scripting

Exploit Title: CWP CentOS Control Web Panel Store Cross Site Scripting Date: 25 Oct 2019 Exploit Author: Pongtorn Angsuchotmetee, Nissana Sirijirakal, Narin Boonwasanarak Vendor Homepage: https://control-webpanel.com/ Version: 0.9.8.885 CVE : CVE-2019-16295 +++++++++++++++++++++++++++++++++...

CVE-2019-17629

CMS Made Simple CMSMS 2.2.11 allows stored XSS by an admin via a crafted image filename on the "file manager upload images" screen...

CVE-2019-17629

CMS Made Simple CMSMS 2.2.11 allows stored XSS by an admin via a crafted image filename on the "file manager upload images" screen...

Design/Logic Flaw

CMS Made Simple CMSMS 2.2.11 allows stored XSS by an admin via a crafted image filename on the "file manager upload images" screen...

CVE-2019-17629

CMS Made Simple (CMSMS) 2.2.11 is affected by a stored cross‑site scripting (XSS) flaw. An admin can inject malicious content via a crafted image filename in the file manager > upload images screen, which is stored and later rendered in the application. The root cause is not explicitly detaile...

The vulnerability of the fly-start-panel component in the FLY operating system environment of the Astra Linux system allows a intruder to gain unauthorized access to protected information.

The vulnerability of the fly-start-panel component in the FLY operating system environment of the Astra Linux system is related to the ability to switch to a higher level in the file system through the “Start Menu” and file manager programs. Exploiting this vulnerability can allow an intruder to...

CVE-2019-11380

The CVE-2019-11380 issue affects the Android app ES File Explorer File Manager (version 4.2.0.1.3). The master-password protection can be bypassed via the com.estrongs.android.pop.ftp.ESFtpShortcut intent, which leads to remote FTP access to the user’s entire local storage. This vulnerability is ...

Cross-site Scripting (XSS)

Bolt is vulnerable to cross-site scripting XSS. The vulnerability exists due to lack of proper handling of Create file for system log in file manager, allowing a remote attacker to inject arbitrary Javascript into a victim's browser through the affected parameters...

CVE-2019-15091

filemgr.php in Artica Integria IMS 5.0.86 allows index.php?sec=wiki&sec2=operation/wiki/wiki&action=upload arbitrary file upload...

CVE-2019-13385

CVE-2019-13385 affects CentOS Web Panel 0.9.8.840 (CWP). The vulnerability is an Information Disclosure in the filemanager component, allowing an attacker to enumerate users and identify active users by reading the /tmp/login.log. The exploitation context observed in external sources confirms use...

PT-2019-13306 · Centos · Centos Web Panel

Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version 0.9.8.846 Description: The issue allows attackers to steal a cookie or session, or redirect to a phishing website through Reflected XSS in the filemanager2.php file, specifically targeting the fm current dir parameter...

The vulnerability of the fly-mineapps file manager’s type association utility function allows a hacker to cause a service failure.

The vulnerability of the fly-mineapps file manager’s type association utility is caused by buffer overflow during the processing of command-line parameters. Exploiting this vulnerability can allow an attacker to cause a service failure by entering a specially crafted sequence of data in the comma...