CVE-2024-9669 File Manager Pro – Filester <= 1.8.5 - Authenticated (Administrator+) Local JavaScript File Inclusion

The File Manager Pro – Filester plugin for WordPress is vulnerable to Local JavaScript File Inclusion in all versions up to, and including, 1.8.5 via the 'fmlocale' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute...

CVE-2024-9669 File Manager Pro – Filester <= 1.8.5 - Authenticated (Administrator+) Local JavaScript File Inclusion

The File Manager Pro – Filester plugin for WordPress is vulnerable to Local JavaScript File Inclusion in all versions up to, and including, 1.8.5 via the 'fmlocale' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute...

CVE-2024-9669

The CVE-2024-9669 entry describes an Local JavaScript File Inclusion vulnerability in WordPress File Manager Pro – Filester plugin (versions

CVE-2024-8066 File Manager Pro – Filester <= 1.8.6- Authenticated (Subscriber+) Arbitrary File Upload

The File Manager Pro – Filester plugin for WordPress is vulnerable to arbitrary file uploads due to missing validation in the 'fsConnector' function in all versions up to, and including, 1.8.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, and granted...

CVE-2024-8066 File Manager Pro – Filester <= 1.8.6- Authenticated (Subscriber+) Arbitrary File Upload

The File Manager Pro – Filester plugin for WordPress is vulnerable to arbitrary file uploads due to missing validation in the 'fsConnector' function in all versions up to, and including, 1.8.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, and granted...

CVE-2024-8066

CVE-2024-8066 affects File Manager Pro – Filester plugin for WordPress (all versions up to and including 1.8.6). The vulnerability stems from missing validation in the fsConnector function, enabling authenticated users with Subscriber-level access (and with permissions granted by an Administrator...

PT-2024-38782 · WordPress · File Manager Pro – Filester

Name of the Vulnerable Software and Affected Versions: File Manager Pro – Filester plugin for WordPress versions up to, and including, 1.8.6 Description: The issue is related to arbitrary file uploads due to missing validation in the fsConnector function. This allows authenticated attackers with...

WordPress plugin File Manager Pro – Filester 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin.... A code issue vulnerability exist...

WordPress plugin File Manager Pro – Filester 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A path traversal...

WordPress File Manager Pro – Filester plugin <= 1.8.4 - Authenticated (Subscriber+) Arbitrary File Upload vulnerability

Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by TANG Cheuk Hei siunam in WordPress Plugin File Manager Pro versions = 1.8.4...

WordPress File Manager Pro Plugin <= 1.8.4 is vulnerable to Arbitrary File Upload

Software File Manager Pro Type Plugin Vulnerable versions = 1.8.4 Fixed in 1.8.5 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-8066 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 0f4641bb0b51 Credits TANG Cheuk Hei siunam Required privileg...

The vulnerability of the Adobe Bridge file manager, related to reading data beyond the buffer in memory, allows an attacker to exploit the protected information.

The vulnerability of the Adobe Bridge file manager is related to reading data beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to disclose protected information...

The vulnerability of the Adobe Bridge file manager, related to integer overflow, allows an attacker to execute arbitrary code.

The vulnerability of the Adobe Bridge file manager is related to a potential integer overflow. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

The vulnerability of the Adobe Bridge file manager, related to writing beyond the buffer boundaries in memory, allows a hacker to execute arbitrary code.

The vulnerability of the Adobe Bridge file manager is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

PT-2024-16828 · Eyoucms · Eyoucms

Name of the Vulnerable Software and Affected Versions: EyouCMS version 1.51 Description: A critical issue affects the function editFile of the file application/admin/logic/FilemanagerLogic.php. The manipulation of the argument activepath leads to path traversal. The attack may be initiated...

EyouCMS 路径遍历漏洞

EyouCMS is an open source content management system CMS based on ThinkPHP by China Eyou Eyou Company. A path traversal vulnerability exists in EyouCMS version 1.51, which originates from a path traversal issue in the activepath parameter of the editFile function on the...

The vulnerability of the Adobe Bridge file manager, related to reading beyond the buffer in memory, allows an attacker to access confidential information.

The vulnerability of the Adobe Bridge file manager is related to reading beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to access confidential information through a specially created file...

The vulnerability of the Adobe Bridge file manager arises from overflowing buffers in dynamic memory, allowing an attacker to execute arbitrary code.

The vulnerability of the Adobe Bridge file manager arises due to buffer overflow in dynamic memory. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created file...

CVE-2024-51485

Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing fails to properly validate CSRF tokens when activating or deactivating plugins. This vulnerability allows an attacker to exploit CSRF attacks, potentially enabling them to change...

CVE-2024-51485 Insufficient Validation in Plugins (Activation/Deactivation) in Ampache

Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing fails to properly validate CSRF tokens when activating or deactivating plugins. This vulnerability allows an attacker to exploit CSRF attacks, potentially enabling them to change...