CVE-2024-51489 Insufficient Message Token Validation in Ampache

Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing does not adequately validate CSRF tokens when users send messages to one another. This vulnerability could be exploited to forge CSRF attacks, allowing an attacker to send messag...

QSC: A multi-plugin framework used by CloudComputating group in cyberespionage campaigns

Introduction In 2021, we began to investigate an attack on the telecom industry in South Asia. During the investigation, we discovered QSC: a multi-plugin malware framework that loads and runs plugins modules in memory. The framework includes a Loader, a Core module, a Network module, a Command...

CVE-2024-37254

Missing Authorization vulnerability in mndpsingh287 File Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects File Manager: from n/a through 7.2.7...

CVE-2024-37254 WordPress WP File Manager plugin <= 7.2.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in mndpsingh287 File Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects File Manager: from n/a through 7.2.7...

CVE-2024-37254

CVE-2024-37254 is a confirmed Missing Authorization vulnerability in the WordPress WP File Manager plugin (wp-file-manager), affecting versions up to and including 7.2.7. The issue involves incorrectly configured access control (Broken Access Control), which can permit unauthorized actions on the...

CVE-2024-37254 WordPress WP File Manager plugin <= 7.2.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in mndpsingh287 File Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects File Manager: from n/a through 7.2.7...

WordPress plugin File Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...

VulnCheck KEV: CVE-2024-51568

CyberPanel aka Cyber Panel before 2.3.5 allows Command Injection via completePath in the ProcessUtilities.outputExecutioner sink. There is /filemanager/upload aka File Manager upload unauthenticated remote code execution via shell metacharacters...

CVE-2024-51568

CyberPanel pre-2.3.5 is affected by a critical, unauthenticated pre-auth RCE via command injection in the file upload path. Specifically, CVE-2024-51568 exploits the completePath parameter in the ProcessUtilities.outputExecutioner() sink, enabling remote code execution through /filemanager/upload...

CVE-2024-51568

CyberPanel aka Cyber Panel before 2.3.5 allows Command Injection via completePath in the ProcessUtilities.outputExecutioner sink. There is /filemanager/upload aka File Manager upload unauthenticated remote code execution via shell metacharacters...

CVE-2016-15042 Frontend File Manager < 4.0 & N-Media Post Front-end Form < 1.1 & - Arbitrary File Upload

The Frontend File Manager versions 4.0, N-Media Post Front-end Form versions 1.1 plugins for WordPress are vulnerable to arbitrary file uploads due to missing file type validation via the nmfilemanageruploadfile and nmpostfrontuploadfile AJAX actions. This makes it possible for unauthenticated...

CVE-2024-8507

The File Manager Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 8.3.9. This is due to missing or incorrect nonce validation on the 'mkfilefoldermanager' ajax action. This makes it possible for unauthenticated attackers to upload arbitrar...

CVE-2024-8746

The File Manager Pro plugin for WordPress is vulnerable to arbitrary backup file downloads and uploads due to missing file type validation via the 'mkfilefoldermanagershortcode' ajax action in all versions up to, and including, 8.3.9. This makes it possible for unauthenticated attackers, if grant...

CVE-2024-8918

The File Manager Pro plugin for WordPress is vulnerable to Limited JavaScript File Upload in all versions up to, and including, 8.3.9. This is due to a lack of proper checks on allowed file types. This makes it possible for unauthenticated attackers, with permissions granted by an administrator, ...

CVE-2024-8746

The File Manager Pro plugin for WordPress is vulnerable to arbitrary backup file downloads and uploads due to missing file type validation via the 'mkfilefoldermanagershortcode' ajax action in all versions up to, and including, 8.3.9. This makes it possible for unauthenticated attackers, if grant...

CVE-2024-8507

The File Manager Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 8.3.9. This is due to missing or incorrect nonce validation on the 'mkfilefoldermanager' ajax action. This makes it possible for unauthenticated attackers to upload arbitrar...

CVE-2024-8918

The File Manager Pro plugin for WordPress is vulnerable to Limited JavaScript File Upload in all versions up to, and including, 8.3.9. This is due to a lack of proper checks on allowed file types. This makes it possible for unauthenticated attackers, with permissions granted by an administrator, ...

CVE-2018-25105

The File Manager plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in the /inc/root.php file in versions up to, and including, 3.0. This makes it possible for unauthenticated attackers to download arbitrary files from the server and upload arbitrary file...

CVE-2018-25105

The File Manager plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in the /inc/root.php file in versions up to, and including, 3.0. This makes it possible for unauthenticated attackers to download arbitrary files from the server and upload arbitrary file...

CVE-2024-8507 File Manager Pro <= 8.3.9 - Cross-Site Request Forgery to Arbitrary File Upload

The File Manager Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 8.3.9. This is due to missing or incorrect nonce validation on the 'mkfilefoldermanager' ajax action. This makes it possible for unauthenticated attackers to upload arbitrar...