708 matches found
CVE-2018-20790
tecrail Responsive FileManager 9.13.4 allows remote attackers to delete an arbitrary file as a consequence of a paths0 path traversal mitigation bypass through the deletefile action in execute.php...
CVE-2018-20789
tecrail Responsive FileManager 9.13.4 allows remote attackers to delete an arbitrary directory as a consequence of a paths0 path traversal mitigation bypass through the deletefolder action in execute.php...
Path traversal
tecrail Responsive FileManager 9.13.4 allows remote attackers to delete an arbitrary directory as a consequence of a paths0 path traversal mitigation bypass through the deletefolder action in execute.php...
CVE-2018-20795
tecrail Responsive FileManager 9.13.4 allows remote attackers to read arbitrary files via path traversal with the path parameter, through the copycut action in ajaxcalls.php and the pasteclipboard action in execute.php...
Path traversal
tecrail Responsive FileManager 9.13.4 allows remote attackers to read arbitrary file via path traversal with the path parameter, through the getfile action in ajaxcalls.php...
CVE-2018-20793
tecrail Responsive FileManager 9.13.4 allows remote attackers to write to an arbitrary file as a consequence of a paths0 path traversal mitigation bypass, through the createfile action in execute.php...
CVE-2018-20790
tecrail Responsive FileManager 9.13.4 allows remote attackers to delete an arbitrary file as a consequence of a paths0 path traversal mitigation bypass through the deletefile action in execute.php...
CVE-2018-20795
tecrail Responsive FileManager 9.13.4 allows remote attackers to read arbitrary files via path traversal with the path parameter, through the copycut action in ajaxcalls.php and the pasteclipboard action in execute.php...
CVE-2018-20792
tecrail Responsive FileManager 9.13.4 allows remote attackers to read arbitrary file via path traversal with the path parameter, through the getfile action in ajaxcalls.php...
CVE-2018-20794
tecrail Responsive FileManager 9.13.4 allows remote attackers to write to an arbitrary image file jpg/jpeg/png via path traversal with the path parameter, through the saveimg action in ajaxcalls.php...
CVE-2018-20794
CVE-2018-20794 affects tecrail Responsive FileManager (version 9.13.4). The flaw is a path traversal in the save_img action of ajax_calls.php, enabling remote attackers to write to arbitrary image files (jpg/jpeg/png). The issue originates from how the path parameter is handled, allowing modifica...
CVE-2018-20790
The CVE-2018-20790 entry affects tecrail Responsive FileManager 9.13.4. A path traversal vulnerability exists in the delete_file action within execute.php, where a paths[0] traversal mitigation can be bypassed, enabling remote attackers to delete arbitrary files. This is initiated via the delete_...
CVE-2018-20795
CVE-2018-20795 affects tecrail Responsive FileManager 9.13.4. The vulnerability is a path traversal in file access that lets remote attackers read arbitrary files via a path parameter. Specifically, the issue is triggered through the copy_cut action in ajax_calls.php and the paste_clipboard actio...
CVE-2018-20793
The CVE-2018-20793 entry concerns tecrail Responsive FileManager version 9.13.4. A path traversal mitigation bypass in the create_file action of execute.php allows remote attackers to write arbitrary files, due to improper handling of paths[0]. This is a remote, unauthenticated vulnerability with...
CVE-2018-20790
tecrail Responsive FileManager 9.13.4 allows remote attackers to delete an arbitrary file as a consequence of a paths0 path traversal mitigation bypass through the deletefile action in execute.php...
CVE-2018-20791
CVE-2018-20791 affects tecrail Responsive FileManager 9.13.4. The issue is an XSS via a media file upload, caused by mishandling of the media_preview action, allowing an attacker to inject script/HTML through the filename. Connected sources confirm the product/version and the vulnerability class;...
CVE-2018-20792
tecrail Responsive FileManager 9.13.4 contains a path traversal vulnerability in ajax_calls.php (get_file action). Insufficient sanitization of directory traversal characters allows remote attackers to read arbitrary files. The issue is documented across multiple sources (NVD/CVE entries and vend...
CVE-2018-20795
tecrail Responsive FileManager 9.13.4 allows remote attackers to read arbitrary files via path traversal with the path parameter, through the copycut action in ajaxcalls.php and the pasteclipboard action in execute.php...
CVE-2018-20789
tecrail Responsive FileManager 9.13.4 allows remote attackers to delete an arbitrary directory as a consequence of a paths0 path traversal mitigation bypass through the deletefolder action in execute.php...
CVE-2018-20789
Product : tecrail Responsive FileManager 9.13.4. Vulnerability : path traversal mitigation bypass in the delete_folder action of execute.php, allowing a remote attacker to delete an arbitrary directory. Root cause : bypasses a path traversal check. Impact : arbitrary directory deletion as stated....