CVE-2018-15535

/filemanager/ajaxcalls.php in tecrail Responsive FileManager before 9.13.4 uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize getfile sequences such as ".." that can resolve to a location that is outside of that directory,...

Responsive FileManager 9.13.4 Path Traversal

The following vulnerabilities were fixed in the version 9.13.4. https://responsivefilemanager.com 1 Path Traversal Allows to Read Any File Reserved CVE: CVE-2018-15535 Discovered By: Simon Uvarov Vendor Status: Fixed Details: The following request allows a user to read any file on the system. GET...

CVE-2018-15495

/filemanager/upload.php in Responsive FileManager before 9.13.3 allows Directory Traversal and SSRF because the url parameter is used directly in a curlexec call, as demonstrated by a file:///etc/passwd value...

CVE-2018-15495

/filemanager/upload.php in Responsive FileManager before 9.13.3 allows Directory Traversal and SSRF because the url parameter is used directly in a curlexec call, as demonstrated by a file:///etc/passwd value...

CVE-2018-15495

CVE-2018-15495 affects Responsive FileManager prior to 9.13.3. The vulnerability allows Directory Traversal and SSRF because the url parameter is used directly in a curl_exec call, demonstrated by file:///etc/passwd. Several connected records (OSV and related entries) note that a fix existed but ...

Responsive File Manager 9.13.1 File Disclosure

Responsive Filemanager v 9.13.1 1 Author: Silton Santos ===== Table of Contents =================================== Overview Detailed description Timeline of disclosure Thanks & Acknowledgements References ===== Overview =================================== System affected : Responsive Filemanager...

Responsive FileManager Cross-Site Request Forgery Vulnerability

Responsive FileManager is an open source file manager written in PHP that supports uploading and managing videos, images and other files. A server-side request forgery vulnerability exists in the upload.php file in version 9.13.1 of Responsive FileManager. No details of the vulnerability are...

CVE-2018-14728

upload.php in Responsive FileManager 9.13.1 allows SSRF via the url parameter...

Server side request forgery (ssrf)

upload.php in Responsive FileManager 9.13.1 allows SSRF via the url parameter...

Responsive Filemanager 9.13.1 - Server-Side Request Forgery

Exploit Title: Responsive filemanager 9.13.1 - Server-Side Request Forgery Date: 2018-07-29 Exploit Author: GUIA BRAHIM FOUAD Vendor Homepage: http://responsivefilemanager.com/ Software Link: https://github.com/trippo/ResponsiveFilemanager/releases/download/v9.13.1/responsivefilemanager.zip...

Responsive Filemanager 9.13.1 - Server-Side Request Forgery

Responsive Filemanager 9.13.1 - Server-Side Request Forgery Exploit Title: Responsive filemanager 9.13.1 - Server-Side Request Forgery Date: 2018-07-29 Exploit Author: GUIA BRAHIM FOUAD Vendor Homepage: http://responsivefilemanager.com/ Software Link:...

Responsive Filemanager 9.13.1 Server-Side Request Forgery Vulnerability

Exploit for php platform in category web applications Exploit Title: Responsive filemanager - SSRF Exploit Author: GUIA BRAHIM FOUAD Vendor Homepage: http://responsivefilemanager.com/ Software Link: https://github.com/trippo/ResponsiveFilemanager/releases/download/v9.13.1/responsivefilemanager.zi...

PT-2018-10108 · Cksource +1 · Ckeditor +1

Name of the Vulnerable Software and Affected Versions: Liferay versions 6.2.x and earlier Description: The issue concerns an FCKeditor configuration that may allow an attacker to upload or transfer files of potentially dangerous types. These files can be automatically processed within the product...

CVE-2015-2324

CVE-2015-2324 is a Cross-Site Scripting (XSS) vulnerability in the WordPress Photo Gallery plugin’s filemanager, affecting versions before 1.2.13. The issue permits remote authenticated users with edit permission to inject arbitrary web script or HTML via unspecified vectors. Exploitation details...

Rich FileManager 2.7.0 Cross Site Scripting

============================================================================================================================ | Title : Rich FileManager v2.7.0 xss via file uploads Vulnerability | | Author : indoushka | | Telegram : @indoushka | | Tested on : windows 10 FranASSais V.Pro | | | Vend...

Design/Logic Flaw

Mautic versions 1.0.0 - 2.11.0 are vulnerable to allowing any authorized Mautic user session must be logged into Mautic to use the Filemanager to download any file from the server that the web user has access to...

CVE-2017-1000490

Mautic versions 1.0.0 - 2.11.0 are vulnerable to allowing any authorized Mautic user session must be logged into Mautic to use the Filemanager to download any file from the server that the web user has access to...

CVE-2017-1000490

Summary: Mautic 1.0.0–2.11.0 is vulnerable to arbitrary file download via the Filemanager by any authenticated session. The root cause is a flaw in the Filemanager access control that allows a logged-in user to download files the web server user can access. Impact: Confidentiality of arbitrary se...

CVE-2017-1000490

Mautic versions 1.0.0 - 2.11.0 are vulnerable to allowing any authorized Mautic user session must be logged into Mautic to use the Filemanager to download any file from the server that the web user has access to...

CVE-2017-14921

Stored XSS vulnerability via IMG element at "Filename" of Filemanager in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users...