Easy File Uploader - Arbitrary File Upload

Exploit Title: Easy File Uploader - Arbitrary File Upload Date: 27/04/2017 Exploit Author: Daniel Godoy Vendor Homepage: https://codecanyon.net/ Software Link: https://codecanyon.net/item/easy-file-uploader-php-multiple-uploader-with-file-manager/17222287 Tested on: GNU/Linux GREETZ: Rodrigo...

concrete5 File Manager Thumbnail Editor Cross-Site Request Forgery Vulnerability

concrete5 is a free content management system CMS developed by Portland Labs in the United States. The system can be edited and typeset directly on the page.File Manager is a full-featured file manager.Thumbnail Editor is one of the thumbnail editors. A cross-site request forgery vulnerability...

CVE-2017-8082

concrete5 8.1.0 has CSRF in Thumbnail Editor in the File Manager, which allows remote attackers to disable the entire installation by merely tricking an admin into viewing a malicious page involving the /tools/required/files/importers/imageeditor?fID=1&imgData= URI. This results in a site-wide...

Design/Logic Flaw

concrete5 8.1.0 has CSRF in Thumbnail Editor in the File Manager, which allows remote attackers to disable the entire installation by merely tricking an admin into viewing a malicious page involving the /tools/required/files/importers/imageeditor?fID=1&imgData= URI. This results in a site-wide...

CVE-2017-8082

concrete5 8.1.0 has CSRF in Thumbnail Editor in the File Manager, which allows remote attackers to disable the entire installation by merely tricking an admin into viewing a malicious page involving the /tools/required/files/importers/imageeditor?fID=1&imgData= URI. This results in a site-wide...

CVE-2017-8082

concrete5 8.1.0 has CSRF in Thumbnail Editor in the File Manager, which allows remote attackers to disable the entire installation by merely tricking an admin into viewing a malicious page involving the /tools/required/files/importers/imageeditor?fID=1&imgData= URI. This results in a site-wide...

CVE-2017-8082

Summary: Concrete5 CMS 8.1.0 is vulnerable in the File Manager’s Thumbnail Editor due to a cross-site request forgery (CSRF) flaw. The underlying issue allows an attacker to remotely disable the entire installation by tricking an admin into viewing a crafted page containing an image editor reques...

Concrete5 8.x Header Injection and CSRF Vulnerability

Concrete5 CMS is prone to a header injection and cross-site request forgery CSRF vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

CVE-2015-6568

Wolf CMS before 0.8.3.1 is vulnerable to an unrestricted file upload that allows changing a file’s extension to .php via admin/plugin/file_manager/browse/, enabling PHP code execution. Exploitation requires a registered user with upload access. The issue is addressed in Wolf CMS 0.8.3.1 (release ...

Pixie CMS 1.04 arbitrary file upload

Pixie CMS 1.04 background the presence of arbitrary file upload vulnerability Vulnerability analysis: In Publish File Manager module you can upload any file View Code /admin/admin/modules/modfilemanager.php $multiupload-extensions = array '. png', '. jpg', '. gif', '. zip', '. mp3', '. pdf', '...

ES File Explorer File Manager - Customized SSL, Dangerous filesystem permissions, Exported ContentProvider vulnerabilities

HackApp vulnerability scanner discovered that application ES File Explorer File Manager published at the 'play' market has multiple vulnerabilities...

Pixie 1.0.4 - Arbitrary File Upload Vulnerability

Exploit for php platform in category web applications Exploit Title: File Extension Filter Bypass in File Manager Pixie 1.0.4 With Low Privilege Google Dork: no Date: 02-April-2017 Exploit Author: @runggareksya, @dvnrcy, @dickysofficial Vendor Homepage: http://www.getpixie.co.uk Software Link:...

Pixie 1.0.4 - Arbitrary File Upload

Exploit Title: File Extension Filter Bypass in File Manager Pixie 1.0.4 With Low Privilege Google Dork: no Date: 02-April-2017 Exploit Author: @runggareksya, @dvnrcy, @dickysofficial Vendor Homepage: http://www.getpixie.co.uk Software Link:...

Pixie 1.0.4 - Arbitrary File Upload

Pixie 1.0.4 - Arbitrary File Upload Exploit Title: File Extension Filter Bypass in File Manager Pixie 1.0.4 With Low Privilege Google Dork: no Date: 02-April-2017 Exploit Author: @runggareksya, @dvnrcy, @dickysofficial Vendor Homepage: http://www.getpixie.co.uk Software Link:...

Pixie 1.0.4 Shell Upload

Exploit Title: File Extension Filter Bypass in File Manager Pixie 1.0.4 With Low Privilege Google Dork: no Date: 02-April-2017 Exploit Author: @runggareksya, @dvnrcy, @dickysofficial Vendor Homepage: http://www.getpixie.co.uk Software Link:...

Root File Manager - Dangerous filesystem permissions, Runtime privilege escalation, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Root File Manager published at the 'play' market has multiple vulnerabilities...

WordPress File Manager 3.0.1 Cross Site Request Forgery

------------------------------------------------------------------------ Cross-Site Request Forgery in File Manager WordPress plugin ------------------------------------------------------------------------ David Vaartjes, July 2016...

File Manager <= 4.1.4 - Cross-Site Request Forgery (CSRF) Arbitrary File Upload

The File Manager WordPress plugin was affected by a Cross-Site Request Forgery CSRF Arbitrary File Upload security vulnerability...

WordPress Plugin File Manager 3.0.1 - Cross-Site Request Forgery

!-- Source: https://sumofpwn.nl/advisory/2016/crosssiterequestforgeryinfilemanagerwordpressplugin.html Abstract A Cross-Site Request Forgery CSRF vulnerability was found in the File Manager WordPress Plugin. Among others, this issue can be used to upload arbitrary PHP files to the server. Contact...

WordPress Plugin File Manager 3.0.1 - Cross-Site Request Forgery

WordPress Plugin File Manager 3.0.1 - Cross-Site Request Forgery !-- Source: https://sumofpwn.nl/advisory/2016/crosssiterequestforgeryinfilemanagerwordpressplugin.html Abstract A Cross-Site Request Forgery CSRF vulnerability was found in the File Manager WordPress Plugin. Among others, this issue...