CVE-2017-14921

Stored XSS vulnerability via IMG element at "Filename" of Filemanager in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users...

Cross site scripting

Stored XSS vulnerability via IMG element at "Filename" of Filemanager in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users...

CVE-2017-14921

Stored XSS vulnerability via IMG element at "Filename" of Filemanager in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users...

CVE-2017-14921

CVE-2017-14921 is a stored XSS in the Filemanager component of Tine 2.0 Community Edition prior to 2017.08.4. An authenticated user can inject JavaScript via an IMG element in the Filename field, which is rendered by the admin/viewer context and by other users, enabling script execution. The vuln...

Remote Command Execution (RCE)

Codiad is vulnerable to remote code execution RCE attacks. A malicious user can embed shell commands in parameter values sent to components/filemanager/class.filemanager.php and execute them...

CVE-2017-11366

components/filemanager/class.filemanager.php in Codiad before 2.8.4 is vulnerable to remote command execution because shell commands can be embedded in parameter values, as demonstrated by searchfiletype...

Design/Logic Flaw

In CMS Made Simple CMSMS 2.2.2, remote authenticated administrators can upload a .php file via a FileManager action to admin/moduleinterface.php...

CVE-2017-11404

In CMS Made Simple CMSMS 2.2.2, remote authenticated administrators can upload a .php file via a FileManager action to admin/moduleinterface.php...

CVE-2017-11404

In CMS Made Simple CMSMS 2.2.2, remote authenticated administrators can upload a .php file via a FileManager action to admin/moduleinterface.php...

CVE-2017-11404

In CMS Made Simple CMSMS 2.2.2, remote authenticated administrators can upload a .php file via a FileManager action to admin/moduleinterface.php...

Arbitrary File Upload Vulnerability in Pixie CMS Backend

Pixie CMS is a full-featured and easy-to-use website builder. An arbitrary file upload vulnerability exists in the Pixie CMS backend modfilemanager.php file $multiupload-extensions. An attacker can use this vulnerability to upload arbitrary files and execute arbitrary code...

Design/Logic Flaw

Pixie 1.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via the POST data in an admin/index.php?s=publish&x=filemanager request for a filename with a double extension, such as a .jpg.php file with Content-Type of image/jpeg...

Picosafe Web Gui - Multiple Vulnerabilities

Exploit for php platform in category web applications - Title : Picosafe Web Gui - Multiple Vulnerabilities - Author : Shahab Shamsi - Vendor : https://github.com/embeddedprojects/picosafewebgui - Category : Webapps - Date : 01.October.2016 Vulnerable page :...

Picosafe Web GUI - Multiple Vulnerabilities

Title : Picosafe Web Gui - Multiple Vulnerabilities - Author : Shahab Shamsi - Vendor : https://github.com/embeddedprojects/picosafewebgui - Category : Webapps - Date : 01.October.2016 Vulnerable page : picosafewebgui/webinterface/js/filemanager/filemanager.php ========================== | Remote...

Kaspersky FileManager Cross Site Scripting

Document Title: =============== Kaspersky Company Account - FileManager Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1924 Release Date: ============= 2016-08-30 Vulnerability Laboratory ID VL-ID: ==================================== 1924...

Kaspersky Company Account - FileManager Vulnerability

Document Title: =============== Kaspersky Company Account - FileManager Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=1924 Video: https://www.vulnerability-lab.com/getcontent.php?id=1976 Release Date: ============= 2016-08-30 Vulnerabili...

Kaspersky Company Account - FileManager Vulnerability

Document Title: =============== Kaspersky Company Account - FileManager Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=1924 Video: https://www.vulnerability-lab.com/getcontent.php?id=1976 Release Date: ============= 2016-08-29 Vulnerabili...

DornCMS 1.4 FileManager Cross Site Scripting

Document Title: =============== DornCMS v1.4 - FileManager Persistent Cross Site Scripting Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1885 Release Date: ============= 2016-07-26 Vulnerability Laboratory ID VL-ID:...

KNOX 2.3 Clipboard Data Disclosure

Subject: CVE-2016-3996KNOX clipboard data disclosure KNOX 1.0 - KNOX 2.3 / Android Vulnerability Description ========================= The vulnerability allows disclosure of Clipboard data of Samsung KNOX 1.0 and 2.3 containers. On KNOX-enabled devices there exists a proprietary service called...

SIMOGEO FileManager 2.3.0 Path Traversal

Exploit Title: SIMOGEO FileManager 2.3.0 - Path Traversal Vulnerability Date: 2015-12-09 Exploit Author: HaHwul Exploit Author Blog: http://www.codeblack.net Vendor Homepage: https://github.com/simogeo/Filemanager Software Link: git clone http://github.com/simogeo/Filemanager.git Version: 2.3.0...