SIMOGEO FileManager 2.3.0 File Upload

Exploit Title: SIMOGEO FileManager 2.3.0 - File Upload Vulnerability Date: 2015-12-09 Exploit Author: HaHwul Exploit Author Blog: http://www.codeblack.net Vendor Homepage: https://github.com/simogeo/Filemanager Software Link: git clone http://github.com/simogeo/Filemanager.git Version: 2.3.0 Test...

SIMOGEO FileManager 2.3.0 - Multiple Vulnerabilities

Exploit for php platform in category web applications Exploit Title: SIMOGEO FileManager 2.3.0 - Path Traversal Vulnerability Exploit Author: HaHwul Exploit Author Blog: http://www.codeblack.net Vendor Homepage: https://github.com/simogeo/Filemanager Software Link: git clone...

CVE-2015-1422

Multiple cross-site scripting XSS vulnerabilities in Gecko CMS 2.2 and 2.3 allow remote attackers to inject arbitrary web script or HTML via the 1 horder, 2 jakcatid, 3 jakcontent, 4 jakcss, 5 jakdeletelog, 6 jakemail, 7 jakextfile, 8 jakfile, 9 jakhookshow, 10 jakimg, 11 jakjavascript, 12...

b2evolution 'filemanager' cross-site scripting vulnerability

b2evolution is a PHP and MySQL based blogging software developed by software developer Francois Planque. A cross-site scripting vulnerability exists in b2evolution 'filemanager'. The blogs/admin.php script fails to adequately filter the 'fmfilter' parameter. A remote attacker can exploit the...

CVE-2014-9599

Cross-site scripting XSS vulnerability in the filemanager in b2evolution before 5.2.1 allows remote attackers to inject arbitrary web script or HTML via the fmfilter parameter to blogs/admin.php...

Cross site scripting

Cross-site scripting XSS vulnerability in the filemanager in b2evolution before 5.2.1 allows remote attackers to inject arbitrary web script or HTML via the fmfilter parameter to blogs/admin.php...

CVE-2014-9599

Cross-site scripting XSS vulnerability in the filemanager in b2evolution before 5.2.1 allows remote attackers to inject arbitrary web script or HTML via the fmfilter parameter to blogs/admin.php...

CMS b2evolution 5.2.0 Cross Site Scripting Vulnerability

CMS b2evolution version 5.2.0 suffers from a cross site scripting vulnerability. Advisory: Reflecting XSS vulnerability in CMS filemanager of b2evolution v. 5.2.0 Author: Steffen Rösemann Affected Software: CMS b2evolution v. 5.2.0 Release-Date: 6th-Dec-2014 Vendor URL: http://b2evolution.net/...

CMS b2evolution 5.2.0 Cross Site Scripting

Advisory: Reflecting XSS vulnerability in CMS filemanager of b2evolution v. 5.2.0 Advisory ID: SROEADV-2014-09 Author: Steffen Rösemann Affected Software: CMS b2evolution v. 5.2.0 Release-Date: 6th-Dec-2014 Vendor URL: http://b2evolution.net/ Vendor Status: did not respond to issue CVE-ID: -...

CMS Croogo 2.2.0 Cross Site Scripting

Advisory: Reflecting XSS vulnerability in CMS Croogo v.2.2.0 Advisory ID: SROEADV-2015-02 Author: Steffen Rösemann Affected Software: CMS Croogo v.2.20 Vendor URL: https://croogo.org Vendor Status: solved CVE-ID: - ========================== Vulnerability Description: ========================== T...

Codiad short_name Cross-Site Scripting Vulnerability

Codiad is an open source Web-based IDE application for writing and editing code online . A cross-site scripting vulnerability exists in Codiad components/filemanager/dialog.php, which allows injection of arbitrary web script or HTML via the shortname parameter, which can obtain sensitive...

e107 '/e107_admin/filemanager.php' cross-site scripting vulnerability

E107 is an open source, free and based on PHP and MySQL content management system CMS of the United States E107 company. The system supports a variety of plug-in programs and appearance of the theme , can be used as a personal blog , discussion community , archive repository and so on. A cross-si...

CVE-2014-9582

CVE-2014-9582 affects Codiad 2.4.3 in components/filemanager/dialog.php, where the short_name parameter in a rename action enables cross-site scripting (XSS). This allows remote attackers to inject arbitrary web script or HTML. The issue is explicitly noted as originally mis-mapped to CVE-2014-11...

Croogo 2.0.0 - Arbitrary PHP Code Execution

!/usr/bin/env python Croogo 2.0.0 Arbitrary PHP Code Execution Exploit Vendor: Fahad Ibnay Heylaal Product web page: http://www.croogo.org Affected version: 2.0.0 Summary: Croogo is a free, open source, content management system for PHP, released under The MIT License. It is powered by CakePHP MV...

wp-FileManager <= 1.3.0 - File Download

The wp-filemanager WordPress plugin was affected by a File Download security vulnerability. As seen in access logs: http://www.example.com/wp-content/plugins/wp-filemanager/incl/libfile.php?path=../../&filename=wp-config.php&action=download...

wp-FileManager <= 1.3.0 - File Download

The wp-filemanager WordPress plugin was affected by a File Download security vulnerability. PoC As seen in access logs: http://www.example.com/wp-content/plugins/wp-filemanager/incl/libfile.php?path=../../=wp-config.php=download...

Frog CMS 0.9.5 - Arbitrary File Upload

No description provided by source. Exploit Title: Arbitrary File Upload in Frog CMS 0.9.5 Date : 2014-07-07 Exploit Author : Javid Hussain Vendor Homepage : http://www.madebyfrog.com Exploit-DB Note: All authenticated users can upload files. If the file does not have execute permissions the CMS...

Easy FileManager 1.1 iOS - Multiple Vulnerabilities

No description provided by source...

WebJeff Filemanager 1.6 File Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7995/info A vulnerability has been reported for Filemanager that may result in the disclosure of arbitrary files. The vulnerability exists due to insufficient sanitization of user-supplied values for URI parameters. A...

TinyMCE MCFileManager 2.1.2 - Arbitrary File Upload Vulnerability

No description provided by source. ============================================== File Upload Vulnerability Plugins tinymce ============================================== http://tinymce.moxiecode.com/pluginsfilemanager.php Author : Hackeri-AL Contact : h-al at hotmail dot it Greetz : LoocK3D &...