3118 matches found
WordPress plugin Advanced File Manager 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A lack of authorization vulnerability exists in the WordPress Advanced File Manager plugin that stems from a lack of authorization and can be exploited by an attacker to modify...
OpenPanel Copy and View functions in the File Manager 0.3.4 - Directory Traversal
Exploit Title: OpenPanel Copy and View functions in the File Manager 0.3.4 - Directory Traversal Date: Nov 25, 2024 Exploit Author: Korn Chaisuwan, Punthat Siriwan, Pongtorn Angsuchotmetee Vendor Homepage: https://openpanel.com/ Software Link: https://openpanel.com/ Version: 0.3.4 Tested on: macO...
Webmin < 2.101 Multiple Vulnerabilities
According to its self-reported version, the Webmin install hosted on the remote host is prior to 2.101. It is, therefore, affected by multiple vulnerabilities: - A Reflected Cross-Site Scripting XSS vulnerability exists in the File Manager function. - A Cross-Site Scripting XSS vulnerability exis...
CmsMadeSimple Authenticated File Manager RCE
CMS Made Simple use exploit/multi/http/cmsmsfilemanagerauthrce msf exploitcmsmsfilemanagerauthrce show targets ...targets... msf exploitcmsmsfilemanagerauthrce set TARGET msf exploitcmsmsfilemanagerauthrce show options ...show and set options... msf exploitcmsmsfilemanagerauthrce exploit This...
Directory Traversal
Overview aim is a super-easy way to record, search and compare AI experiments. Affected versions of this package are vulnerable to Directory Traversal via the LocalFileManager.cleanup function, by crafting a malicious glob-pattern that is not verified to be within the directory managed by...
CVE-2024-6851 Arbitrary File Deletion in aimhubio/aim
In version 3.22.0 of aimhubio/aim, the LocalFileManager.cleanup function in the aim tracking server accepts a user-specified glob-pattern for deleting files. The function does not verify that the matched files are within the directory managed by LocalFileManager, allowing a maliciously crafted...
WordPress Bit File Manager 6.5.5 Race Condition / Code Injection
WordPress Bit File Manager plugin version 6.5.5 proof of concept race condition exploit that achieves remote code execution. ============================================================================================================================================= | Title : WordPress Bit File...
CVE-2024-13805
The Advanced File Manager — Ultimate WordPress File Manager and Document Library Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 5.2.14 due to insufficient input sanitization and output escaping. This makes it...
CVE-2024-13805 Advanced File Manager <= 5.2.14 - Authenticated (Subscriber+) Stored Cross-Site Scripting via SVG File Upload
The Advanced File Manager — Ultimate WordPress File Manager and Document Library Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 5.2.14 due to insufficient input sanitization and output escaping. This makes it...
CVE-2024-13805 Advanced File Manager <= 5.2.14 - Authenticated (Subscriber+) Stored Cross-Site Scripting via SVG File Upload
The Advanced File Manager — Ultimate WordPress File Manager and Document Library Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 5.2.14 due to insufficient input sanitization and output escaping. This makes it...
WordPress plugin Advanced File Manager 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerability...
WordPress Advanced File Manager plugin <= 5.2.14 - Authenticated (Subscriber+) Stored Cross-Site Scripting via SVG File Upload vulnerability
Authenticated Subscriber+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by Duc Manh in WordPress Plugin Advanced File Manager versions = 5.2.14...
CVE-2024-12276
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to second-order SQL Injection via filenames in all versions up to, and including, 2.9.2 due to insufficient escaping on the user supplied parameter...
FileRise
FileRise !GitHub starshttps://img.shields.io/github/stars...
WordPress File Manager Plugin < 7.2.2 Information Disclosure Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:webdesi9:filemanager"; if description...
CVE-2023-46694
Vtenext 21.02 allows an authenticated attacker to upload arbitrary files, potentially enabling them to execute remote commands. This flaw exists due to the application's failure to enforce proper authentication controls when accessing the Ckeditor file manager functionality...
CVE-2024-33469
An issue in Team Amaze Amaze File Manager v.3.8.5 and fixed in v.3.10 allows a local attacker to execute arbitrary code via the onCreate method of DatabaseViewerActivity.java...
CVE-2024-33469
An issue in Team Amaze Amaze File Manager v.3.8.5 and fixed in v.3.10 allows a local attacker to execute arbitrary code via the onCreate method of DatabaseViewerActivity.java...
CVE-2024-33469
The CVE concerns Amaze File Manager v3.8.5, with a fix in v3.10, where a local attacker can execute arbitrary code via the onCreate method of DatabaseViewerActivity.java. This is a local code-execution flaw in a UI component, enabling arbitrary code execution under local privileges. The descripti...
CVE-2024-33469
An issue in Team Amaze Amaze File Manager v.3.8.5 and fixed in v.3.10 allows a local attacker to execute arbitrary code via the onCreate method of DatabaseViewerActivity.java...