PT-2024-5678 · Unknown · Netcat Cms

Name of the Vulnerable Software and Affected Versions: Netcat CMS affected versions not specified Description: The issue exists due to a lack of protection for the web page structure in the filemanager module of the Netcat CMS system. This allows a remote attacker to execute arbitrary JavaScript...

BIT-OPENCART-2024-21516

This affects versions of the package opencart/opencart from 4.0.0.0 and before 4.1.0.0. A reflected XSS issue was identified in the directory parameter of admin common/filemanager.list route. An attacker could obtain a user's token by tricking the user to click on a maliciously crafted URL. The...

Cross site scripting in opencart

This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the directory parameter of admin common/filemanager.list route. An attacker could obtain a user's token by tricking the user to click on a maliciously crafted URL. The user is then prompte...

CVE-2024-21516

This affects versions of the package opencart/opencart from 4.0.0.0 and before 4.1.0.0. A reflected XSS issue was identified in the directory parameter of admin common/filemanager.list route. An attacker could obtain a user's token by tricking the user to click on a maliciously crafted URL. The...

PT-2024-18929 · Opencart · Opencart

Name of the Vulnerable Software and Affected Versions: opencart/opencart versions 4.0.0.0 through 4.1.0.0 Description: A reflected XSS issue was identified in the directory parameter of the admin common/filemanager.list route. An attacker could obtain a user's token by tricking the user to click ...

ZwiiCMS 12.2.04 - Remote Code Execution (Authenticated)

Exploit Title: ZwiiCMS 12.2.04 Remote Code Execution Authenticated Date: 03/06/2023 Exploit Author: Hadi Mene Vendor Homepage: https://zwiicms.fr/ Version: 12.2.04 and potentially lower versions Tested on: Linux CVE: CVE-2020-10567 Category: webapps ZwiiCMS 12.2.04 uses "Responible FileManager"...

Remote Code Execution (RCE)

Overview unisharp/laravel-filemanager is an A file upload/editor intended for use with Laravel 5 to 6 and CKEditor / TinyMCE. Affected versions of this package are vulnerable to Remote Code Execution RCE through using a valid mimetype and inserting the . character after the php file extension. Th...

Pyradm - Python Remote Administration Tool Via Telegram

Remote administration crossplatfrom tool via telegram\ Coded with ❤️ python3 + aiogram3 \ https://t.me/ptsoft v0.3 X Screenshot from target X Crossplatform X Upload/Download X Fully compatible shell X Process list X Webcam video record or screenshot X Geolocation X Filemanager X Microphone X...

Rich Filemanager Detection (HTTP)

HTTP based detection of Rich Filemanager. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description scriptoid"1.3.6.1.4.1.25623.1.0.151895...

BIT-LIMESURVEY-2020-11455

LimeSurvey before 4.1.12+200324 contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileManager.php...

CVE-2024-2055

The "Rich Filemanager" feature of Artica Proxy provides a web-based interface for file management capabilities. When the feature is enabled, it does not require authentication by default, and runs as the root user...

CVE-2024-2055

The "Rich Filemanager" feature of Artica Proxy provides a web-based interface for file management capabilities. When the feature is enabled, it does not require authentication by default, and runs as the root user...

Design/Logic Flaw

The "Rich Filemanager" feature of Artica Proxy provides a web-based interface for file management capabilities. When the feature is enabled, it does not require authentication by default, and runs as the root user...

CVE-2024-2055

The Artica Proxy vulnerability CVE-2024-2055 involves the Rich Filemanager feature. When enabled, it does not require authentication and runs as root, exposing an unauthenticated web interface on port 5000/tcp. An attacker can gain complete filesystem access and could modify critical files (e.g.,...

Artica Proxy Unauthenticated File Manager Vulnerability

Vulnerability Details Affected Vendor: Artica Affected Product: Artica Proxy Affected Version: 4.40 and 4.50 Platform: Debian 10 LTS CWE Classification: CWE-288: Authentication Bypass Using an Alternate Path or Channel, CWE-552: Files or Directories Accessible to External Parties CVE ID:...

Artica Proxy Security Vulnerability

Artica Proxy is an open source Artica proxy solution from the Spanish company Artica. A security vulnerability exists in Artica Proxy that stems from the Rich Filemanager feature being enabled to run as root user without authentication by default...

PT-2024-18680 · Unknown · Artica Proxy

Name of the Vulnerable Software and Affected Versions: Artica Proxy affected versions not specified Description: The "Rich Filemanager" feature of Artica Proxy provides a web-based interface for file management capabilities. When the feature is enabled, it does not require authentication by...

CVE-2018-25094

CVE-2018-25094 affects the Online Accounting System (versions up to 1.4.0). The vulnerability lies in ckeditor/filemanager/browser/default/image.php where manipulating the fid argument (input like ../../../etc/passwd) yields a path traversal (../filedir). The exploit has been disclosed publicly. ...

Online Accounting System Security Vulnerability

Online Accounting System is an online accounting system by 59160781 Individual Developer. A security vulnerability exists in Online Accounting System version 1.4.0 and earlier, which stems from a path traversal caused by the parameter fid in the file ckeditor/filemanager/browser/default/image.php...

OroPlatform vulnerable to path traversal during temporary file manipulations

Impact Path Traversal is possible in Oro\Bundle\GaufretteBundle\FileManager::getTemporaryFileName. With this method, an attacker can pass the path to a non-existent file, which will allow writing the content to a new file that will be available during script execution. The file will be deleted...