CVE-2007-3049

CVE-2007-3049 : In Buttercup Web File Manager (BWFM), the vulnerability is an XSS in index.php via the title parameter. The root cause is lack of input sanitization on the title field, allowing remote attackers to inject arbitrary web script/HTML. According to the NVD entry, the impact is partial...

Buttercup WFM - 'Title' Cross-Site Scripting

source: https://www.securityfocus.com/bid/24269/info Buttercup WFM Web File Manager is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...

WEBInsta FM 0.1.4 - 'login.php' absolute_path Remote File Inclusion

!/usr/bin/perl / \ / \ | | | | | | | | | | | / | | | | | | | ' / | | ' \ / \ | | | | || | || | | | \ | | | | / | , |/ /|| ||| |||| / | |/ INFO: Program Title WebInsta FM = 0.1.4 Remote File Inclusion Vulnerability Description This is a basic file manager written by WebInsta.com Vuln Code In...

WEBInsta FM 0.1.4 login.php absolute_path Remote File Inclusion Exploit

No description provided by source. !/usr/bin/perl / \ / \ | | | | | | | | | | | / | | | | | | | ' / | | ' \ / \ | | | | || | || | | | \ | | | | / | , |/ /|| ||| |||| / | |/ INFO: Program Title WebInsta FM = 0.1.4 Remote Fi...

WEBInsta FM 0.1.4 login.php absolute_path Remote File Inclusion Exploit

Exploit for unknown platform in category web applications ======================================================================= WEBInsta FM 0.1.4 login.php absolutepath Remote File Inclusion Exploit ======================================================================= !/usr/bin/perl / \ / \ |...

Expow 0.8 File manager Autoindex.php (cfg_file) Remote File Inclusion Vulnerability

Expow 0.8 File manager Autoindex.php cfgfile Remote File Inclusion Vulnerability found by : mdx -------------------------------------------------------------------------- Download script : http://sourceforge.net/project/downloading.php?groupid=29595&usemirror=kent&filename=expow-0.8.tar.gz&929272...

Expow 0.8 - autoindex.php?cfg_file Remote File Inclusion

Expow 0.8 - autoindex.php?cfgfile Remote File Inclusion Expow 0.8 File manager Autoindex.php cfgfile Remote File Inclusion Vulnerability found by : mdx -------------------------------------------------------------------------- Download script :...

CVE-2007-0252

Unspecified vulnerability in easy-content filemanager allows remote attackers to upload or modify arbitrary files via unspecified vectors...

CVE-2006-6376

Multiple directory traversal vulnerabilities in fm.php in Simple File Manager SFM 0.24a allow remote attackers to use ".." sequences to 1 read arbitrary files via the filename parameter in a download action, 2 delete arbitrary files via the delete parameter, and 3 modify arbitrary files via the...

CVE-2006-6376

The CVE-2006-6376 entry refers to multiple directory traversal vulnerabilities in Simple File Manager (SFM) 0.24a, specifically in the fm.php component. The underlying issue allows an attacker to manipulate .. directory traversals to (1) read arbitrary files via the filename parameter in a downlo...

EUVD-2006-6359

Multiple directory traversal vulnerabilities in fm.php in Simple File Manager SFM 0.24a allow remote attackers to use ".." sequences to 1 read arbitrary files via the filename parameter in a download action, 2 delete arbitrary files via the delete parameter, and 3 modify arbitrary files via the...

Simple File Manager 0.24a Multiple Remote Vulnerabilities

No description provided by source. /\ | flame vrs Simple File Manager =0.24= | | http://onedotoh.sourceforge.net/ | | Various Vulnerbilities Including: | / /+++++++++++++++++++++++++++++++++++++++++++\ | Using the scripts supplied by the webapp: | | Reading of Arbitrary files | | Deletion of...

CVE-2006-6256

Cross-site scripting XSS vulnerability in the file manager in admin/bromain.php in AlternC 0.9.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a folder name...

CVE-2006-6257

The file manager in AlternC 0.9.5 and earlier, when warnings are enabled in PHP, allows remote attackers to obtain sensitive information via certain folder names such as ones composed of JavaScript code, which reveal the path in a warning message...

CVE-2006-6256

Cross-site scripting XSS vulnerability in the file manager in admin/bromain.php in AlternC 0.9.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a folder name...

CVE-2006-6257

The file manager in AlternC 0.9.5 and earlier, when warnings are enabled in PHP, allows remote attackers to obtain sensitive information via certain folder names such as ones composed of JavaScript code, which reveal the path in a warning message...

CVE-2006-6256

CVE-2006-6256 concerns a Cross-site Scripting (XSS) vulnerability in the file manager (admin/bro_main.php) of AlternC 0.9.5 and earlier. The flaw allows remote attackers to inject arbitrary web script or HTML via a folder name. Affected software is AlternC, up to version 0.9.5 (older). The connec...

CVE-2006-6257

The CVE-2006-6257 issue affects AlternC 0.9.5 and earlier, where PHP warning messages disclose sensitive path information when folder names include JavaScript-like strings. The root cause is information leakage via warning output, enabling remote attackers to learn partial path details. Impact is...

CVE-2006-6256

Cross-site scripting XSS vulnerability in the file manager in admin/bromain.php in AlternC 0.9.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a folder name...

CVE-2006-6257

The file manager in AlternC 0.9.5 and earlier, when warnings are enabled in PHP, allows remote attackers to obtain sensitive information via certain folder names such as ones composed of JavaScript code, which reveal the path in a warning message...