DevExpress ASPxFileManager 10.2 < 13.2.8 - Directory Traversal

Advisory: Directory Traversal in DevExpress ASP.NET File Manager During a penetration test RedTeam Pentesting discovered a directory traversal vulnerability in DevExpress' ASP.NET File Manager and File Upload. Attackers are able to read arbitrary files by specifying a relative path. Details =====...

DevExpress ASP.NET File Manager 13.2.8 Directory Traversal

Advisory: Directory Traversal in DevExpress ASP.NET File Manager During a penetration test RedTeam Pentesting discovered a directory traversal vulnerability in DevExpress' ASP.NET File Manager and File Upload. Attackers are able to read arbitrary files by specifying a relative path. Details =====...

Dotclear Media Manager Authenticated Arbitrary File Upload Exploit

This is a Metasploit modules that leverages an authenticated arbitrary file upload vulnerability in Dotclear versions 2.6.2 and below. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3...

SEC Consult SA-20140402-0 :: Multiple vulnerabilities in Rhythm File Manager

SEC Consult Vulnerability Lab Security Advisory 20140402-0 ======================================================================= title: Multiple vulnerabilities product: Rhythm Software File Manager Rhythm Software File Manager HD vulnerable version: File Manager 1.16.6 File Manager HD 1.11.5...

Easy FileManager 1.1 iOS - Multiple Web Vulnerabilities

Document Title: =============== Easy FileManager 1.1 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1234 Release Date: ============= 2014-03-25 Vulnerability Laboratory ID VL-ID: ==================================== 12...

iStArtApp FileXChange 6.2 iOS - Multiple Vulnerabilities

Document Title: =============== iStArtApp FileXChange v6.2 iOS - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1237 Release Date: ============= 2014-03-26 Vulnerability Laboratory ID VL-ID: ====================================...

Easy FileManager 1.1 iOS - Multiple Vulnerabilities

Easy FileManager 1.1 iOS - Multiple Vulnerabilities Document Title: =============== Easy FileManager 1.1 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1234 Release Date: ============= 2014-03-25 Vulnerability Laborato...

ePhone Disk 1.0.2 LFI / Command Injection / DoS

Document Title: =============== ePhone Disk v1.0.2 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1230 Release Date: ============= 2014-03-25 Vulnerability Laboratory ID VL-ID: ==================================== 1230...

Easy FileManager 1.1 Local File Inclusion / Shell Upload

Document Title: =============== Easy FileManager 1.1 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1234 Release Date: ============= 2014-03-25 Vulnerability Laboratory ID VL-ID: ==================================== 12...

Easy FileManager 1.1 iOS - Multiple Vulnerabilities

Document Title: =============== Easy FileManager 1.1 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1234 Release Date: ============= 2014-03-25 Vulnerability Laboratory ID VL-ID: ==================================== 12...

ePhone Disk v1.0.2 iOS - Multiple Web Vulnerabilities

Document Title: =============== ePhone Disk v1.0.2 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1230 Release Date: ============= 2014-03-25 Vulnerability Laboratory ID VL-ID: ==================================== 1230...

Easy FileManager 1.1 iOS - Multiple Web Vulnerabilities

Document Title: =============== Easy FileManager 1.1 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1234 Release Date: ============= 2014-03-25 Vulnerability Laboratory ID VL-ID: ==================================== 12...

Cart Engine 3.0.0 - Remote Code Execution

Cart Engine 3.0.0 - Remote Code Execution Cart Engine 3.0.0 Remote Code Execution Vendor: C97net Product web page: http://www.c97.net Affected version: 3.0.0 Summary: Open your own online shop today with Cart Engine! The small, yet powerful and don't forget, FREE shopping cart based on PHP &...

Debian DSA-2882-1 : extplorer - security update

Multiple cross-site scripting XSS vulnerabilities have been discovered in extplorer, a web file explorer and manager using Ext JS. A remote attacker can inject arbitrary web script or HTML code via a crafted string in the URL to application.js.php, admin.php, copymove.php, functions.php, header.p...

Directory traversal

Directory traversal vulnerability in the ES File Explorer File Manager application before 3.0.4 for Android allows remote attackers to overwrite or create arbitrary files via unspecified vectors...

CVE-2014-1970

CVE-2014-1970 targets ES File Explorer on Android. The vulnerability is a directory traversal (CWE-22) in processing file names, enabling a remote, unauthenticated attacker to create or overwrite arbitrary files in directories the app can access. Affected product: ES File Explorer prior to versio...

Debian Security Advisory DSA 2882-1 (extplorer - security update)

Multiple cross-site scripting XSS vulnerabilities have been discovered in extplorer, a web file explorer and manager using Ext JS. A remote attacker can inject arbitrary web script or HTML code via a crafted string in the URL to application.js.php, admin.php, copymove.php, functions.php, header.p...

Ajax File and Image Manager 'search_folder'参数目录遍历漏洞

Bugtraq ID:66071 Ajax File and Image Manager是一款远程文件和图像管理工具。 Ajax File and Image Manager搜索功能不正确处理"searchfolder"参数数据，允许远程利用漏洞提交目录遍历请求，以WEB权限查看敏感文件信息。 0 Ajax File and Image Manager 目前没有详细解决方案提供： http://www.phpletter.com/...

Ajax File Manager Directory Traversal Vulnerability

Exploit for php platform in category web applications Exploit Title: Ajax File Manager DirectoryTraversal Google Dork: inurl: "plugins/ajaxfilemanager" Date: 03/07/2014 Exploit Author: Eduardo Alves edudx9 Vendor Homepage: phpletter.com Software Link: http://phpletter.com/Demo/Ajax-File--Manager/...

Ajax File Manager - Directory Traversal

Ajax File Manager - Directory Traversal Exploit Title: Ajax File Manager DirectoryTraversal Google Dork: inurl: "plugins/ajaxfilemanager" Date: 03/07/2014 Exploit Author: Eduardo Alves edudx9 Vendor Homepage: phpletter.com Software Link: http://phpletter.com/Demo/Ajax-File--Manager/ Version: app...