235 matches found
WordPress Frontend File Manager plugin <= 21.2 - Unauthenticated File Renaming vulnerability
Unauthenticated File Renaming vulnerability discovered by Raad Haddad Cloudyrion GmbH in WordPress Frontend File Manager plugin versions = 21.2. Solution Update the WordPress Frontend File Manager plugin to the latest available version at least 21.3...
GHSA-M76J-69C2-C3M8 TYPO3 vulnerable to remote authenticated arbitrary code execution
The File Abstraction Layer FAL in TYPO3 6.0.x before 6.0.9 and 6.1.x before 6.1.4 allows remote authenticated editors to execute arbitrary PHP code via unspecified characters in the file extension when renaming a file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4250...
Design/Logic Flaw
Users of the LearnPress WordPress plugin before 4.1.5 can upload an image as a profile avatar after the registration. After this process the user crops and saves the image. Then a "POST" request that contains user supplied name of the image is sent to the server for renaming and cropping of the...
The vulnerability of the CmActLicense component in the CodeMeter license management application allows a violator to rename any files at will.
The vulnerability of the CmActLicense component in the CodeMeter license management application is related to errors in verifying the cryptographic signature. Exploiting this vulnerability could allow a malicious actor to rename arbitrary files remotely...
LearnPress < 4.1.5 - Arbitrary Image Renaming
Users of the plugin can upload an image as a profile avatar after the registration. After this process the user crops and saves the image. Then a "POST" request that contains user supplied name of the image is sent to the server for renaming and cropping of the image. As a result of this request,...
Mcafee McAfee Application and Change Control 安全漏洞
Mcafee McAfee Application and Change Control MACC is a security threat monitoring system from McAfee, Inc. A security vulnerability exists in McAfee Application and Change Control, which can be exploited by an attacker to run code by renaming a file to exploit a vulnerability in McAfee Applicatio...
CVE-2021-24816 Phoenix Media Rename < 3.4.4 - Author Arbitrary Media File Renaming
The Phoenix Media Rename WordPress plugin before 3.4.4 does not have capability checks in its phoenixmediarename AJAX action, which could allow users with Author roles to rename any uploaded media files, including ones they do not own...
WordPress 插件访问控制错误漏洞
WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress Plugin is a WordPress open source application plugin. access control error vulnerability in Wordpress...
WordPress Phoenix Media Rename plugin <= 3.4.2 - Arbitrary Media File Renaming vulnerability
Arbitrary Media File Renaming vulnerability discovered by apple502j in WordPress Phoenix Media Rename plugin versions = 3.4.2. Solution Update the WordPress Phoenix Media Rename plugin to the latest available version at least 3.4.4...
Phoenix Media Rename < 3.4.4 - Author Arbitrary Media File Renaming
The plugin does not have capability checks in its phoenixmediarename AJAX action, which could allow users with Author roles to rename any uploaded media files, including ones they do not own. PoC As an Author, go to the page to edit one of your own Media ie /wp-admin/post.php?post=1993=edit, whic...
Phoenix Media Rename < 3.4.4 - Author Arbitrary Media File Renaming
The plugin does not have capability checks in its phoenixmediarename AJAX action, which could allow users with Author roles to rename any uploaded media files, including ones they do not own. As an Author, go to the page to edit one of your own Media ie /wp-admin/post.php?post=1993&action=edit,...
Cross-Site Request Forgery (CSRF) in qkqpttgf/onemanager-php
✍️ Description Attacker able to rename any file with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF attacks it...
Cross-Site Request Forgery (CSRF) in myvesta/vesta
✍️ Description Attacker is able to rename any file on the server if logged in user visits attacker website. 🕵️♂️ Proof of Concept Create a test.txt file under /home/user when you logged in open this POC.html in a browser you can check test.txt renames to test.php. //PoC.html history.pushState'',...
Advisory ROSA-SA-2021-1809
Software: bolt 0.7 OS: Cobalt 7.9 CVE-ID: CVE-2015-7309 CVE-Crit: HIGH CVE-DESC: The theme editor in Bolt before 2.2.5 does not check the file extension when renaming files, allowing remote authenticated users to execute arbitrary code by renaming a created file and then directly accessing it...
FusionPBX Path Traversal Vulnerability (CNVD-2021-36592)
FusionPBX is a scalable, multi-threaded communications platform. The platform can be used as a call center server, fax server, VOIP server, voicemail server, conference server and voice application server. FusionPBX 4.5.7 suffers from a path traversal vulnerability that originates from a maliciou...
CVE-2020-21055
A Directory Traversal vulnerability exists in FusionPBX 4.5.7 allows malicoius users to rename any file of the system.via the 1 folder, 2 filename, and 3 newfilename variables in app\edit\filerename.php...
CVE-2020-21055
A Directory Traversal vulnerability exists in FusionPBX 4.5.7 allows malicoius users to rename any file of the system.via the 1 folder, 2 filename, and 3 newfilename variables in app\edit\filerename.php...
CVE-2020-21055
CVE-2020-21055 is a path traversal vulnerability affecting FusionPBX 4.5.7. An attacker can rename any file on the system through the parameters (1) folder, (2) filename, and (3) newfilename in app\edit\filerename.php. The entry provides CVSS v3.1 base metrics: 6.5 (Impact: High integrity, Privil...
Trojan.Win32.Agentb.iofv Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/d4ac133a9df0c627f899bb6039d04215.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan.Win32.Agentb.iofv Vulnerability: Insecure Permissions Description: Agentb.iofv creates an...
Dolibarr ERP 11.0.4 - File Upload Restrictions Bypass (Authenticated RCE)
Exploit Title: Dolibarr ERP/CRM 11.0.4 - File Upload Restrictions Bypass Authenticated RCE Date: 16/06/2020 Exploit Author: Andrea Gonzalez Vendor Homepage: https://www.dolibarr.org/ Software Link: https://github.com/Dolibarr/dolibarr Version: Prior to 11.0.5 Tested on: Debian 9.12 CVE :...