Cross site scripting

OPT/NET BV NG-NetMS version v3.6-2 and earlier versions contains a Cross Site Scripting XSS vulnerability in /js/libs/jstree/demo/filebrowser/index.php page. The "id" and "operation" GET parameters can be used to inject arbitrary JavaScript which is returned in the page's response that can result...

CVE-2018-13980

The websites that were built from Zeta Producer Desktop CMS before 14.2.1 are vulnerable to unauthenticated file disclosure if the plugin "filebrowser" is installed, because of assets/php/filebrowser/filebrowser.main.php?file=../ directory traversal...

Directory traversal

The websites that were built from Zeta Producer Desktop CMS before 14.2.1 are vulnerable to unauthenticated file disclosure if the plugin "filebrowser" is installed, because of assets/php/filebrowser/filebrowser.main.php?file=../ directory traversal...

CVE-2018-13980

The websites that were built from Zeta Producer Desktop CMS before 14.2.1 are vulnerable to unauthenticated file disclosure if the plugin "filebrowser" is installed, because of assets/php/filebrowser/filebrowser.main.php?file=../ directory traversal...

CVE-2018-13980

CVE-2018-13980 affects Zeta Producer Desktop CMS <14.2.1. The vulnerability is Local File Inclusion via the filebrowser plugin, exploiting assets/php/filebrowser/filebrowser.main.php?file=../ directory traversal. Resulting impact is unauthenticated local file disclosure on websites built with ...

Zeta Producer Desktop CMS 14.2.0 - Remote Code Execution Local File Disclosure

Zeta Producer Desktop CMS 14.2.0 - Remote Code Execution Local File Disclosure SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Remote Code Execution & Local File Disclosure product: Zeta Producer Desktop CMS vulnerable...

Zeta Producer Desktop CMS 14.2.0 Code Execution / File Disclosure

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Remote Code Execution & Local File Disclosure product: Zeta Producer Desktop CMS vulnerable version: =14.2.1 CVE number: CVE-2018-13981, CVE-2018-13980 impact: critical...

Unauthorized Modification

The filebrowser-safe library is vulnerable to unauthorized modification attacks. filebrowser-safe has a directory traversal issue which allows an authenticated administrative level user to rename or delete files under the static directory, above the filebrowser uploads directory. This level of...

Cross site request forgery (csrf)

Mahara 1.9 before 1.9.8 and 1.10 before 1.10.6 and 15.04 before 15.04.3 are vulnerable to perform a cross-site request forgery CSRF attack on the uploader contained in Mahara's filebrowser widget. This could allow an attacker to trick a Mahara user into unknowingly uploading malicious files into...

CVE-2017-1000147

Mahara 1.9 before 1.9.8 and 1.10 before 1.10.6 and 15.04 before 15.04.3 are vulnerable to perform a cross-site request forgery CSRF attack on the uploader contained in Mahara's filebrowser widget. This could allow an attacker to trick a Mahara user into unknowingly uploading malicious files into...

CVE-2017-1000147

Mahara 1.9 before 1.9.8 and 1.10 before 1.10.6 and 15.04 before 15.04.3 are vulnerable to perform a cross-site request forgery CSRF attack on the uploader contained in Mahara's filebrowser widget. This could allow an attacker to trick a Mahara user into unknowingly uploading malicious files into...

CVE-2017-1000147

Mahara 1.9 before 1.9.8 and 1.10 before 1.10.6 and 15.04 before 15.04.3 are vulnerable to perform a cross-site request forgery CSRF attack on the uploader contained in Mahara's filebrowser widget. This could allow an attacker to trick a Mahara user into unknowingly uploading malicious files into...

CVE-2017-1000147

CVE-2017-1000147 affects Mahara 1.9 before 1.9.8, 1.10 before 1.10.6, and 15.04 before 15.04.3. It enables a CSRF on the uploader in Mahara’s filebrowser widget, allowing an attacker to trick a user into uploading malicious files to their Mahara account. The provided documents do not specify a pa...

Mezzanine 4.1.0 Cross Site Scripting

Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MEZZANINE-CMS-XSS.txt Vendor: =================== mezzanine.jupo.org Product: ================ Mezzanine 4.1.0 Mezzanine is an open source CMS built using the python based Django framework...

Mezzanine 4.1.0 Arbitrary File Upload

Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MEZZANINE-CMS-ARBITRARY-FILE-UPLOAD.txt Vendor: =================== mezzanine.jupo.org Product: ================ Mezzanine 4.1.0 Mezzanine is an open source CMS built using the python based...

CMSimple 4.4.4 - Remote File Inclusion

CMSimple 4.4.4 - Remote File Inclusion source: https://www.securityfocus.com/bid/68961/info CMSimple is prone to multiple security vulnerabilities including: 1. Multiple arbitrary PHP code-execution vulnerabilities 2. A weak authentication security-bypass vulnerability 3. Multiple security...

CMSimple 4.4, 4.4.2 - Remote File Inclusion

No description provided by source. ============================================================================================================= o CMSimple - Open Source CMS with no database = Remote File Inclusion Vulnerability Software : CMSimple - Open Source CMS with no database Version : 4.4...

CMSimple 4.44.4.2 - Remote File Inclusion

CMSimple 4.44.4.2 - Remote File Inclusion ============================================================================================================= o CMSimple - Open Source CMS with no database = Remote File Inclusion Vulnerability Software : CMSimple - Open Source CMS with no database Versio...

Synology DiskStation Manager < 4.3-3810 Update 3 Multiple FileBrowser Component Directory Traversal Vulnerabilities

According to its version number, the Synology DiskStation Manager installed on the remote host is 4.3-x equal or prior to 4.3-3810. It is, therefore, affected by multiple directory traversal vulnerabilities in the FileBrowser component. The issue exists due to improper validation of values...

CVE-2013-6987

Multiple directory traversal vulnerabilities in the FileBrowser components in Synology DiskStation Manager DSM before 4.3-3810 Update 3 allow remote attackers to read, write, and delete arbitrary files via a .. dot dot in the 1 path parameter to filedelete.cgi or 2 folderpath parameter to...