724 matches found
Responsive Filemanager Authentication Bypass Vulnerability
Responsive FileManager is an open source file manager written in PHP that supports uploading and managing videos, images and other files. An authentication bypass vulnerability exists in Responsive Filemanager version 9.8.1 that allows an attacker to access the file management interface, which...
Responsive Filemanager 9.8.1 Authentication Bypass
I. VULNERABILITY ------------------------- Responsive Filemanager 9.8.1 Authentication Bypass II. CVE REFERENCE ------------------------- CVE-2018-18061 III. VENDOR ------------------------- https://www.responsivefilemanager.com IV. REFERENCES -------------------------...
Responsive Filemanager 9.8.1 Cross Site Scripting
I. VULNERABILITY ------------------------- Responsive Filemanager 9.8.1 Reflected Cross Site Scripting XSS II. CVE REFERENCE ------------------------- CVE-2018-18062 III. VENDOR ------------------------- https://www.responsivefilemanager.com IV. REFERENCES -------------------------...
Responsive FileManager < 9.13.4 - Directory Traversal
Exploit for php platform in category web applications The following vulnerabilities were fixed in the version 9.13.4. https://responsivefilemanager.com 1 Path Traversal Allows to Read Any File Reserved CVE: CVE-2018-15535 Discovered By: Simon Uvarov Vendor Status: Fixed Details: The following...
tecrail Responsive FileManager Path Traversal Vulnerability
tecrail Responsive FileManager is an open source file manager written in PHP by the Italian company tecrail that supports the uploading and management of videos, images and other files. A directory traversal vulnerability exists in the /filemanager/ajaxcalls.php file in versions of tecrail...
tecrail Responsive FileManager Arbitrary File Overwrite Vulnerability
tecrail Responsive FileManager is an open source file manager written in PHP by the Italian company tecrail that supports the uploading and management of videos, images and other files. An arbitrary file overwrite vulnerability exists in the /filemanager/ajaxcalls.php file in versions of tecrail...
Responsive FileManager 9.13.4 - Directory Traversal
Responsive FileManager 9.13.4 - Directory Traversal The following vulnerabilities were fixed in the version 9.13.4. https://responsivefilemanager.com 1 Path Traversal Allows to Read Any File Reserved CVE: CVE-2018-15535 Discovered By: Simon Uvarov Vendor Status: Fixed Details: The following reque...
CVE-2018-15536
/filemanager/ajaxcalls.php in tecrail Responsive FileManager before 9.13.4 does not properly validate file paths in archives, allowing for the extraction of crafted archives to overwrite arbitrary files via an extract action, aka Directory Traversal...
CVE-2018-15536
/filemanager/ajaxcalls.php in tecrail Responsive FileManager before 9.13.4 does not properly validate file paths in archives, allowing for the extraction of crafted archives to overwrite arbitrary files via an extract action, aka Directory Traversal...
CVE-2018-15535
/filemanager/ajaxcalls.php in tecrail Responsive FileManager before 9.13.4 uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize getfile sequences such as ".." that can resolve to a location that is outside of that directory,...
CVE-2018-15535
/filemanager/ajaxcalls.php in tecrail Responsive FileManager before 9.13.4 uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize getfile sequences such as ".." that can resolve to a location that is outside of that directory,...
Directory traversal
/filemanager/ajaxcalls.php in tecrail Responsive FileManager before 9.13.4 does not properly validate file paths in archives, allowing for the extraction of crafted archives to overwrite arbitrary files via an extract action, aka Directory Traversal...
Directory traversal
/filemanager/ajaxcalls.php in tecrail Responsive FileManager before 9.13.4 uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize getfile sequences such as ".." that can resolve to a location that is outside of that directory,...
CVE-2018-15535
The CVE-2018-15535 issue affects tecrail Responsive FileManager prior to 9.13.4. An attacker can abuse filemanager/ajax_calls.php to construct a file path using external input and insufficient neutralization of “..” sequences, enabling Directory Traversal/Local File Inclusion. Impact described ac...
CVE-2018-15536
/filemanager/ajaxcalls.php in tecrail Responsive FileManager before 9.13.4 does not properly validate file paths in archives, allowing for the extraction of crafted archives to overwrite arbitrary files via an extract action, aka Directory Traversal...
CVE-2018-15536
CVE-2018-15536 affects tecrail Responsive FileManager prior to 9.13.4. The /filemanager/ajax_calls.php file does not properly validate file paths in archives, permitting a crafted archive extraction that overwrites arbitrary files (directory traversal). Public disclosures and exploits reference p...
CVE-2018-15535
/filemanager/ajaxcalls.php in tecrail Responsive FileManager before 9.13.4 uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize getfile sequences such as ".." that can resolve to a location that is outside of that directory,...
Responsive FileManager 9.13.4 Path Traversal
The following vulnerabilities were fixed in the version 9.13.4. https://responsivefilemanager.com 1 Path Traversal Allows to Read Any File Reserved CVE: CVE-2018-15535 Discovered By: Simon Uvarov Vendor Status: Fixed Details: The following request allows a user to read any file on the system. GET...
CVE-2018-15495
/filemanager/upload.php in Responsive FileManager before 9.13.3 allows Directory Traversal and SSRF because the url parameter is used directly in a curlexec call, as demonstrated by a file:///etc/passwd value...
CVE-2018-15495
/filemanager/upload.php in Responsive FileManager before 9.13.3 allows Directory Traversal and SSRF because the url parameter is used directly in a curlexec call, as demonstrated by a file:///etc/passwd value...