CVE-2019-10717

BlogEngine.NET 3.3.7.0 allows /api/filemanager Directory Traversal via the path parameter...

Directory traversal

BlogEngine.NET 3.3.7.0 allows /api/filemanager Directory Traversal via the path parameter...

CVE-2019-12190

XSS was discovered in CentOS-WebPanel.com aka CWP CentOS Web Panel through 0.9.8.747 via the testacc/fileManager2.php fmcurrentdir or filename parameter...

CVE-2019-11193

The FileManager in InfinitumIT DirectAdmin through v1.561 has XSS via CMDFILEMANAGER, CMDSHOWUSER, and CMDSHOWRESELLER; an attacker can bypass the CSRF protection with this, and take over the administration panel...

CVE-2019-11193

The FileManager in InfinitumIT DirectAdmin through v1.561 has XSS via CMDFILEMANAGER, CMDSHOWUSER, and CMDSHOWRESELLER; an attacker can bypass the CSRF protection with this, and take over the administration panel...

CVE-2019-11193

The FileManager in InfinitumIT DirectAdmin through v1.561 has XSS via CMDFILEMANAGER, CMDSHOWUSER, and CMDSHOWRESELLER; an attacker can bypass the CSRF protection with this, and take over the administration panel...

PT-2019-12174

Name of the Vulnerable Software and Affected Versions InfinitumIT DirectAdmin versions prior to v1.561 Description The issue concerns the FileManager in InfinitumIT DirectAdmin, where an attacker can exploit XSS via CMD FILE MANAGER, CMD SHOW USER, and CMD SHOW RESELLER. This allows the attacker ...

Bolt Arbitrary PHP Code Execution Vulnerability

Bolt is a simple CMS written in PHP. An arbitrary PHP code execution vulnerability exists in Controller/Async/FilesystemManager.php in filemanager in versions prior to Bolt 3.6.5. A remote attacker can execute arbitrary PHP code by renaming a previously uploaded file to have a .php extension...

CVE-2019-9185

Controller/Async/FilesystemManager.php in the filemanager in Bolt before 3.6.5 allows remote attackers to execute arbitrary PHP code by renaming a previously uploaded file to have a .php extension...

CVE-2019-9185

Controller/Async/FilesystemManager.php in the filemanager in Bolt before 3.6.5 allows remote attackers to execute arbitrary PHP code by renaming a previously uploaded file to have a .php extension...

CVE-2019-9185

Controller/Async/FilesystemManager.php in the filemanager in Bolt before 3.6.5 allows remote attackers to execute arbitrary PHP code by renaming a previously uploaded file to have a .php extension...

CVE-2019-9185

Bolt CMS prior to 3.6.5 is affected by a vulnerability in the filemanager’s Controller/Async/FilesystemManager.php that allows remote code execution by renaming a previously uploaded file to have a .php extension. Public references indicate the fix was released in Bolt 3.6.5 (see Bolt v3.6.5 rele...

Default credentials

tecrail Responsive FileManager 9.13.4 allows XSS via a media file upload with an XSS payload in the name, because of mishandling of the mediapreview action...

CVE-2018-20793

tecrail Responsive FileManager 9.13.4 allows remote attackers to write to an arbitrary file as a consequence of a paths0 path traversal mitigation bypass, through the createfile action in execute.php...

CVE-2018-20791

tecrail Responsive FileManager 9.13.4 allows XSS via a media file upload with an XSS payload in the name, because of mishandling of the mediapreview action...

CVE-2018-20790

tecrail Responsive FileManager 9.13.4 allows remote attackers to delete an arbitrary file as a consequence of a paths0 path traversal mitigation bypass through the deletefile action in execute.php...

CVE-2018-20792

tecrail Responsive FileManager 9.13.4 allows remote attackers to read arbitrary file via path traversal with the path parameter, through the getfile action in ajaxcalls.php...

Path traversal

tecrail Responsive FileManager 9.13.4 allows remote attackers to delete an arbitrary directory as a consequence of a paths0 path traversal mitigation bypass through the deletefolder action in execute.php...

CVE-2018-20789

tecrail Responsive FileManager 9.13.4 allows remote attackers to delete an arbitrary directory as a consequence of a paths0 path traversal mitigation bypass through the deletefolder action in execute.php...

CVE-2018-20795

tecrail Responsive FileManager 9.13.4 allows remote attackers to read arbitrary files via path traversal with the path parameter, through the copycut action in ajaxcalls.php and the pasteclipboard action in execute.php...