708 matches found
CVE-2009-2025
admin/login.php in DM FileManager 3.9.2 allows remote attackers to bypass authentication and gain administrative access by setting the 1 USER, 2 GROUPID, 3 GROUP, and 4 USERID cookies to certain values...
CVE-2009-2025
DM FileManager 3.9.2 is affected by an authentication bypass vulnerability where remote attackers can gain admin access by tampering cookies (USER, GROUPID, GROUP, USERID). The issue is triggered through admin/login.php and leads to partial confidentiality/integrity/availability impacts as per CV...
DM FileManager 3.9.2 Insecure Cookie Handling Vulnerability
Exploit for unknown platform in category web applications =========================================================== DM FileManager 3.9.2 Insecure Cookie Handling Vulnerability =========================================================== DM FileManager 3.9.2 Insecure Cookie Handling Vuln Founder:...
DM FileManager 3.9.2 - Insecure Cookie Handling
DM FileManager 3.9.2 Insecure Cookie Handling Vuln Founder: ThE g0bL!N ------ Home: http:/www.4ckx.com/dz/ ---- Vendor:http://dutchmonkey.com Special Thx: Snakespc Note: Algerie 3-1 Egypt Exploit: ------ javascript:document.cookie="USER=user name ;path=/";...
DM FileManager 3.9.2 Insecure Cookie
DM FileManager 3.9.2 Insecure Cookie Handling Vuln Founder: ThE g0bL!N ------ Home: http:/www.4ckx.com/dz/ ---- Vendor:http://dutchmonkey.com Special Thx: Snakespc Note: Algerie 3-1 Egypt Exploit: ------ javascript:document.cookie="USER=user name ;path=/";...
CVE-2009-1741
Multiple SQL injection vulnerabilities in login.php in DM FileManager 3.9.2, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via the 1 Username and 2 Password fields...
CVE-2009-1741
CVE-2009-1741 relates to DM FileManager 3.9.2, where login.php contains multiple SQL injection vulnerabilities when magic_quotes_gpc is disabled. Remote attackers can cause arbitrary SQL execution via the (1) Username and (2) Password fields. The NVD notes a CVSSv2 base score of 6.8 (MEDIUM). No ...
CVE-2009-1741
Multiple SQL injection vulnerabilities in login.php in DM FileManager 3.9.2, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via the 1 Username and 2 Password fields...
DM FileManager 3.9.2 (Auth Bypass) SQL Injection Vulnerability
No description provided by source. -------------------------AllaH AkbaR------------------------------- dm-filemanager Auth Bypass Remote Sql Injection --------------------------------------------------------------------------- Discovered By: Snakespc ALGERIAN HaCkEr Mail: [email protected]...
DM FileManager 3.9.2 - Authentication Bypass
-------------------------AllaH AkbaR------------------------------- dm-filemanager Auth Bypass Remote Sql Injection --------------------------------------------------------------------------- Discovered By: Snakespc ALGERIAN HaCkEr Mail: [email protected] Site:http://www.snakespc.com/sc/index.ph...
DM FileManager 3.9.2 - Authentication Bypass
DM FileManager 3.9.2 - Authentication Bypass -------------------------AllaH AkbaR------------------------------- dm-filemanager Auth Bypass Remote Sql Injection --------------------------------------------------------------------------- Discovered By: Snakespc ALGERIAN HaCkEr Mail:...
DM FileManager 3.9.2 SQL Injection
-------------------------AllaH AkbaR------------------------------- dm-filemanager Auth Bypass Remote Sql Injection --------------------------------------------------------------------------- Discovered By: Snakespc ALGERIAN HaCkEr Mail: [email protected] Site:http://www.snakespc.com/sc/index.ph...
DM FileManager 3.9.2 (Auth Bypass) SQL Injection Vulnerability
Exploit for unknown platform in category web applications ============================================================== DM FileManager 3.9.2 Auth Bypass SQL Injection Vulnerability ==============================================================...
CVE-2008-6685
Unspecified vulnerability in Frontend Filemanager airfilemanager 0.6.1 and earlier extension for TYPO3 allows remote attackers to execute arbitrary commands via unknown vectors...
CVE-2008-6685
The CVE-2008-6685 entry concerns Frontend Filemanager (air_filemanager) 0.6.1 and earlier TYPO3 extension. It describes an unspecified vulnerability that allows remote attackers to execute arbitrary commands via unknown vectors. The available sources confirm the affected software and the remote c...
CVE-2008-6685
Unspecified vulnerability in Frontend Filemanager airfilemanager 0.6.1 and earlier extension for TYPO3 allows remote attackers to execute arbitrary commands via unknown vectors...
SoftArtisans XFile FileManager ActiveX Control Buffer Overflow
This module exploits a stack buffer overflow in SoftArtisans XFile FileManager ActiveX control SAFmgPwd.dll 2.0.5.3. When sending an overly long string to the GetDriveName method an attacker may be able to execute arbitrary code. This module requires Metasploit: https://metasploit.com/download...
WeBid 0.5.4 (fckeditor) Remote Arbitrary File Upload Exploit
No description provided by source. ?php / ----------------------------------------------------------------- WeBid v0.5.4 fckeditor Remote Arbitrary File Upload Exploit ----------------------------------------------------------------- author...: Stack - vulnerable code in...
CVE-2007-1682
Multiple stack-based buffer overflows in the FileManager ActiveX control in SAFmgPws.dll in SoftArtisans XFile before 2.4.0 allow remote attackers to execute arbitrary code via unspecified calls to the 1 BuildPath, 2 GetDriveName, 3 DriveExists, or 4 DeleteFile method...
CVE-2007-1682
SoftArtisans XFile FileManager ActiveX control (SAFmgPws.dll) is affected by CVE-2007-1682 through vulnerable BuildPath(), GetDriveName(), DriveExists(), and DeleteFile() methods. The vulnerability is a stack-based buffer overflow in XFile before version 2.4.0 that could allow remote code executi...