CVE-2017-15235

The File Manager gollem module 3.0.11 in Horde Groupware 5.2.21 allows remote attackers to bypass Horde authentication for file downloads via a crafted fn parameter that corresponds to the exact filename...

DEBIAN-CVE-2017-15235

The File Manager gollem module 3.0.11 in Horde Groupware 5.2.21 allows remote attackers to bypass Horde authentication for file downloads via a crafted fn parameter that corresponds to the exact filename...

CVE-2017-15235

The File Manager gollem module 3.0.11 in Horde Groupware 5.2.21 allows remote attackers to bypass Horde authentication for file downloads via a crafted fn parameter that corresponds to the exact filename...

CVE-2017-15235

The CVE-2017-15235 issue affects the Horde Groupware File Manager (gollem) module: version 3.0.11 in Horde Groupware 5.2.21 allows remote unauthenticated file downloads via a crafted fn parameter that maps to the exact filename. The vulnerability enables remote attackers to bypass Horde authentic...

CVE-2017-15235

The File Manager gollem module 3.0.11 in Horde Groupware 5.2.21 allows remote attackers to bypass Horde authentication for file downloads via a crafted fn parameter that corresponds to the exact filename...

Horde Groupware Unauthorized File Download

Vulnerability Summary The following advisory describes an unauthorized file download vulnerability found in Horde Groupware version 5.2.21. Horde Groupware Webmail Edition is “a free, enterprise ready, browser based communication suite. Users can read, send and organize email messages and manage...

Debian DSA-3994-1 : nautilus - security update

Christian Boxdorfer discovered a vulnerability in the handling of FreeDesktop.org .desktop files in Nautilus, a file manager for the GNOME desktop environment. An attacker can craft a .desktop file intended to run malicious commands but displayed as a innocuous document file in Nautilus. An user...

The vulnerability of the Vesta Control Panel server’s control panel lies in the lack of checking for the presence of a user session. This allows attackers to perform various manipulations on files and directories located on the server.

The vulnerability of the Vesta Control Panel’s control panel lies in the lack of checking for the presence of a user session in the files.php file web/file-manager/, which is responsible for the operation of the control panel’s file manager. Exploiting this vulnerability allows an attacker to...

FileRun Remote SQL Injection Vulnerability

FileRun File Manager gives you access to your files anytime, anywhere with self-hosted secure cloud storage, file backups and sharing of photos, videos, documents and more. FileRun suffers from a remote SQL injection vulnerability that originates from the program's failure to validate the metafie...

Netsweeper Arbitrary File Upload Vulnerability

Netsweeper is a Web content filtering solution from Netsweeper Canada. An arbitrary file upload vulnerability exists in the webadmin/ajaxfilemanager/ajaxfilemanager.php file in Netsweeper versions prior to 3.1.10, 4.0.x versions prior to 4.0.9, and 4.1.x versions prior to 4.1.2. A remote attacker...

CVE-2017-11611

Wolf CMS 0.8.3.1 allows Cross-Site Scripting XSS attacks. The vulnerability exists due to insufficient sanitization of the file name in a "create-file-popup" action, and the directory name in a "create-directory-popup" action, in the HTTP POST method to the "/plugin/filemanager/" script aka an...

Cross site scripting

Wolf CMS 0.8.3.1 allows Cross-Site Scripting XSS attacks. The vulnerability exists due to insufficient sanitization of the file name in a "create-file-popup" action, and the directory name in a "create-directory-popup" action, in the HTTP POST method to the "/plugin/filemanager/" script aka an...

CVE-2017-11366

components/filemanager/class.filemanager.php in Codiad before 2.8.4 is vulnerable to remote command execution because shell commands can be embedded in parameter values, as demonstrated by searchfiletype...

Horde Groupware 5.2.21 - Unauthorized File Download

Vulnerability Summary The following advisory describes an unauthorized file download vulnerability found in Horde Groupware version 5.2.21. Horde Groupware Webmail Edition is “a free, enterprise ready, browser based communication suite. Users can read, send and organize email messages and manage...

DAws - Advanced Web Shell

There's multiple things that makes DAws better than every Web Shell out there: 1. Bypasses Security SystemsIPS, WAFs,etc like Suhosinuses up to 20 php functions just to get a command executed. 2. Drops CGI Shells and communicate with them to bypass Security Systems. 3. Uses the SSH Authorized Key...

Path traversal

Absolute path traversal vulnerability in the filemanager component of eFront CMS before 3.6.15.5 allows remote authenticated users to read arbitrary files via a full pathname in the "Upload file from url" field in the file manager for professor.php...

CVE-2015-4462

Absolute path traversal vulnerability in the filemanager component of eFront CMS before 3.6.15.5 allows remote authenticated users to read arbitrary files via a full pathname in the "Upload file from url" field in the file manager for professor.php...

CVE-2015-4462

Absolute path traversal vulnerability in the filemanager component of eFront CMS before 3.6.15.5 allows remote authenticated users to read arbitrary files via a full pathname in the "Upload file from url" field in the file manager for professor.php...

Critical Code Injection Flaw In Gnome File Manager Leaves Linux Users Open to Hacking

A security researcher has discovered a code injection vulnerability in the thumbnail handler component of GNOME Files file manager that could allow hackers to execute malicious code on targeted Linux machines. Dubbed Bad Taste, the vulnerability CVE-2017-11421 was discovered by German researcher...

CVE-2017-11421

gnome-exe-thumbnailer before 0.9.5 is prone to a VBScript Injection when generating thumbnails for MSI files, aka the "Bad Taste" issue. There is a local attack if the victim uses the GNOME Files file manager, and navigates to a directory containing a .msi file with VBScript code in its filename...