CVE-2018-7204

inc/logger.php in the Giribaz File Manager plugin before 5.0.2 for WordPress logged activity related to the plugin in /wp-content/uploads/file-manager/log.txt. If a user edits the wp-config.php file using this plugin, the wp-config.php contents get added to log.txt, which is not protected and...

File Manager <= 5.0.0 - Information Disclosure

The Giribaz File Manager plugin logged activity related to the plugin in /wp-content/uploads/file-manager/log.txt. If user edits wp-config.php file using this plugin, the wp-config.php contents get added to the file which is not protected and contains database credentials, salts, etc. These files...

File Manager <= 5.0.0 - Information Disclosure

The Giribaz File Manager plugin logged activity related to the plugin in /wp-content/uploads/file-manager/log.txt. If user edits wp-config.php file using this plugin, the wp-config.php contents get added to the file which is not protected and contains database credentials, salts, etc. These files...

WordPress File Manager plugin <=5.0.0 - Information Disclosure vulnerability

Information Disclosure vulnerability found in WordPress File Manager plugin versions =5.0.0. Solution Update the WordPress File Manager plugin to the latest available version at least 5.0.2...

CentOS Update for nautilus CESA-2018:0223 centos7

Check the version of nautilus SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882839";...

Moderate: Red Hat Security Advisory: nautilus security update

An update for nautilus is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

Agora Project 3.3.5 Cross Site Scripting

============================================================================================================================ | Title : Agora project 3.3.5 XSS File upload Vulnerability | | Author : indoushka | | Telegram : @indoushka | | Tested on : windows 10 Fr V.Pro | | Vendor :...

WordPress WP File Manager 1.9 Server-Side Request Forgery

Exploit Title ; Wordpress wp File Manager plugin SSRF/XSPA Vulnerability + Date : 2017-01-12 + Author : 0P3N3R From IRANIAN ETHICAL HACKERS + Vendor Homepage : https://wordpress.org/plugins/wp-file-manager/ + Version : 1.9 + Dork : N/A + Tested On : windows 10 - kali linux 2.0 + Contact :...

Horde Gollem Module Unauthorized File Download Vulnerability - Linux

Horde Groupware is prone to an unauthorized file download vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Horde Gollem Module Unauthorized File Download Vulnerability - Windows

Horde Groupware is prone to an unauthorized file download vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

School CMS 1.0.0 File Uplaod

| | Exploit Title: school cms File Upload Vulnerability | Exploit Author: Ashiyane Digital security Team | Vendor Homepage : https://www.sourcecodester.com/php/5400/school-website-cms.html | Software Link: https://www.sourcecodester.com/sites/default/files/download/arukumar/schoolcms.zip | Versio...

CMS Made Simple Cross-Site Scripting Vulnerability (CNVD-2017-36501)

CMS Made Simple CMSMS is an open source content management system CMS developed by the CMSMS team. The system supports role-based rights management system , wizard-based installation and update mechanism , intelligent caching mechanism and so on. A security vulnerability exists in the...

CVE-2017-15646

Webmin before 1.860 has XSS with resultant remote code execution. Under the 'Others/File Manager' menu, there is a 'Download from remote URL' option to download a file from a remote server. After setting up a malicious server, one can wait for a file download request and then send an XSS payload...

Remote code execution

Webmin before 1.860 has XSS with resultant remote code execution. Under the 'Others/File Manager' menu, there is a 'Download from remote URL' option to download a file from a remote server. After setting up a malicious server, one can wait for a file download request and then send an XSS payload...

CVE-2017-15646

Webmin before 1.860 has XSS with resultant remote code execution. Under the 'Others/File Manager' menu, there is a 'Download from remote URL' option to download a file from a remote server. After setting up a malicious server, one can wait for a file download request and then send an XSS payload...

CVE-2017-15646

Webmin before 1.860 has XSS with resultant remote code execution. Under the 'Others/File Manager' menu, there is a 'Download from remote URL' option to download a file from a remote server. After setting up a malicious server, one can wait for a file download request and then send an XSS payload...

Horde Groupware Unauthorized File Download Vulnerability

Horde Groupware is an enterprise browser based on the Communication Suite from Horde USA. The browser supports sending and receiving e-mail, managing and sharing calendars, contacts and tasks, and more. A security vulnerability exists in the File Manager gollem module version 3.0.11 in Horde...

CVE-2017-15235

The File Manager gollem module 3.0.11 in Horde Groupware 5.2.21 allows remote attackers to bypass Horde authentication for file downloads via a crafted fn parameter that corresponds to the exact filename...

Authentication flaw

The File Manager gollem module 3.0.11 in Horde Groupware 5.2.21 allows remote attackers to bypass Horde authentication for file downloads via a crafted fn parameter that corresponds to the exact filename...

CVE-2017-15235

The File Manager gollem module 3.0.11 in Horde Groupware 5.2.21 allows remote attackers to bypass Horde authentication for file downloads via a crafted fn parameter that corresponds to the exact filename...