513 matches found
PT-2026-7168
Name of the Vulnerable Software and Affected Versions File Browser versions prior to 2.57.1 Description File Browser offers a file management interface for tasks like uploading, deleting, previewing, renaming, and editing files within a designated directory. Before version 2.57.1, an authenticate...
SUSE CVE-2026-23849
File Browser provides a file managing interface within a specified directory and can be used to upload, delete, preview, rename, and edit files. Prior to version 2.55.0, the JSONAuth. Auth function contains a logic flaw that allows unauthenticated attackers to enumerate valid usernames by measuri...
GO-2026-4344 File Browser Vulnerable to Username Enumeration via Timing Attack in /api/login in github.com/filebrowser/filebrowser
File Browser Vulnerable to Username Enumeration via Timing Attack in /api/login in github.com/filebrowser/filebrowser...
PT-2026-6513
File Browser Vulnerable to Username Enumeration via Timing Attack in /api/login in github.com/filebrowser/filebrowser...
CVE-2020-36973
PDW File Browser 1.3 contains a remote code execution vulnerability that allows authenticated users to upload and rename webshell files to arbitrary web server locations. Attackers can upload a .txt webshell, rename it to .php, and move it to accessible directories using double-encoded path...
CVE-2020-36973
PDW File Browser 1.3 is affected by a remote code execution vulnerability that lets authenticated users upload and rename webshell files to arbitrary web server locations. An attacker can upload a .txt webshell, rename it to .php, and move it into accessible directories using double-encoded path ...
CVE-2020-36973 PDW File Browser 1.3 - Remote Code Execution
PDW File Browser 1.3 contains a remote code execution vulnerability that allows authenticated users to upload and rename webshell files to arbitrary web server locations. Attackers can upload a .txt webshell, rename it to .php, and move it to accessible directories using double-encoded path...
CVE-2020-36988
PDW File Browser version 1.3 contains stored and reflected cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts through file rename and path parameters. Attackers can craft malicious URLs or rename files with XSS payloads to execute arbitrary...
CVE-2020-36988
PDW File Browser
CVE-2020-36988 PDW File Browser <= v1.3 - Cross-Site Scripting (XSS)
PDW File Browser version 1.3 contains stored and reflected cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts through file rename and path parameters. Attackers can craft malicious URLs or rename files with XSS payloads to execute arbitrary...
CVE-2020-36988
PDW File Browser version 1.3 contains stored and reflected cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts through file rename and path parameters. Attackers can craft malicious URLs or rename files with XSS payloads to execute arbitrary...
CVE-2020-36988 PDW File Browser <= v1.3 - Cross-Site Scripting (XSS)
PDW File Browser version 1.3 contains stored and reflected cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts through file rename and path parameters. Attackers can craft malicious URLs or rename files with XSS payloads to execute arbitrary...
PT-2026-5114
PDW File Browser version 1.3 contains stored and reflected cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts through file rename and path parameters. Attackers can craft malicious URLs or rename files with XSS payloads to execute arbitrary...
PDW-File-Browser security vulnerability
PDW-File-Browser is a file browser developed by Michal Charemza. Version 1.3 of PDW-File-Browser has a security vulnerability; this vulnerability stems from the ability to upload and rename webshell files, which may lead to remote code execution...
Exploit for Cross-site Scripting in Iptanus Wordpress_File_Upload
CVE-2024-6651 POC XSS - CVE-2024-6651 PoC funcional para l...
EUVD-2026-3287
File Browser Vulnerable to Username Enumeration via Timing Attack in /api/login...
CVE-2026-23849
File Browser provides a file managing interface within a specified directory and can be used to upload, delete, preview, rename, and edit files. Prior to version 2.55.0, the JSONAuth. Auth function contains a logic flaw that allows unauthenticated attackers to enumerate valid usernames by measuri...
CVE-2026-23849
CVE-2026-23849 – File Browser (github.com/filebrowser/filebrowser) shows a timing-based username enumeration flaw in the /api/login flow. The JSONAuth.Auth logic short-circuits when a user is not found, returning quickly, while a valid user triggers bcrypt password verification (users.CheckPwd) w...
CVE-2026-23849 File Browser vulnerable to Username Enumeration via Timing Attack in /api/login
File Browser provides a file managing interface within a specified directory and can be used to upload, delete, preview, rename, and edit files. Prior to version 2.55.0, the JSONAuth. Auth function contains a logic flaw that allows unauthenticated attackers to enumerate valid usernames by measuri...
CVE-2026-23849 File Browser vulnerable to Username Enumeration via Timing Attack in /api/login
File Browser provides a file managing interface within a specified directory and can be used to upload, delete, preview, rename, and edit files. Prior to version 2.55.0, the JSONAuth. Auth function contains a logic flaw that allows unauthenticated attackers to enumerate valid usernames by measuri...