50 matches found
Cross site scripting
A cross-site scripting XSS vulnerability in upload.php in SunHater KCFinder 3.20-test1, 3.20-test2, 3.12, and earlier allows remote attackers to inject arbitrary web script or HTML via the CKEditorFuncNum parameter...
CVE-2019-14315
The CVE-2019-14315 entry documents a cross-site scripting (XSS) vulnerability in SunHater KCFinder where upload.php is affected in versions 3.20-test1, 3.20-test2, 3.12 and earlier. The root cause involves improper handling of input that allows an attacker to inject arbitrary web script or HTML v...
CVE-2019-14315
A cross-site scripting XSS vulnerability in upload.php in SunHater KCFinder 3.20-test1, 3.20-test2, 3.12, and earlier allows remote attackers to inject arbitrary web script or HTML via the CKEditorFuncNum parameter...
ClipperCMS File Upload Vulnerability
ClipperCMS is a content management system CMS. A security vulnerability exists in ClipperCMS version 1.3.3, which stems from the program failing to implement cross-site request forgery protection for kcfinder file uploads. A remote attacker can exploit this vulnerability to upload files...
ClipperCMS 1.3.3 - Cross-Site Request Forgery (File Upload)
Exploit Title: ClipperCMS 1.3.3 File Upload CSRF Vulnerability Date: 2018-11-11 Exploit Author: Ameer Pornillos Website: http://ethicalhackers.club Vendor Homepage: http://www.clippercms.com/ Software Link: https://github.com/ClipperCMS/ClipperCMS/releases/tag/clipper1.3.3 Version: 1.3.3 Tested o...
CVE-2018-19135
ClipperCMS 1.3.3 does not have CSRF protection on its kcfinder file upload enabled by default. This can be used by an attacker to perform actions for an admin or any user with the file upload capability. With this vulnerability, one can automatically upload files by default, it allows html, pdf,...
Design/Logic Flaw
ClipperCMS 1.3.3 does not have CSRF protection on its kcfinder file upload enabled by default. This can be used by an attacker to perform actions for an admin or any user with the file upload capability. With this vulnerability, one can automatically upload files by default, it allows html, pdf,...
LikeSoftware CMS Cross Site Request Forgery / Shell Upload
Exploit Title: LikeSoftware CMS - Arbitrary File Upload Google Dork: inurl:/painel/kcfinder/upload/ For easy you can using Google Search Image Date: 2018-05-24 Exploit Author: Mr.7z Vendor Homepage: http://www.likesoftware.com.br/ Software Link: - Tested on: Windows 10 64bit Home Edition Exploit:...
KCFinder integration - Critical - Unsupported Module - SA-CONTRIB-2018-024
KCFinder is a multi-language file / image manager you can use to easily select, insert, upload and arrange images, flash movies, and other kinds of files. The security team is marking this module unsupported. There is a known security issue with the module that has not been fixed by the maintaine...
Cross site scripting
Cross-site scripting XSS vulnerability in index.php in SunHater KCFinder 3.11 and earlier allows remote attackers to inject arbitrary web script or HTML via 1 file or 2 directory folder name of an uploaded file...
CVE-2014-3988
Cross-site scripting XSS vulnerability in index.php in SunHater KCFinder 3.11 and earlier allows remote attackers to inject arbitrary web script or HTML via 1 file or 2 directory folder name of an uploaded file...
CVE-2014-3988
CVE-2014-3988 is an XSS vulnerability in SunHater KCFinder 3.11 and earlier, exploitable via the file or directory name of an uploaded file in index.php. The published description states that remote attackers can inject arbitrary web script or HTML. Affected software/versions are explicitly SunHa...
Directory traversal
Directory traversal vulnerability in kcfinder/browse.php in Vtiger CRM before 6.0.0 Security patch 1 allows remote authenticated users to read arbitrary files via a .. dot dot in the file parameter in a download action. NOTE: it is likely that this issue is actually in the KCFinder third-party...
CVE-2014-1222
CVE-2014-1222 affects Vtiger CRM prior to 6.0.0 Security Patch 1, where a vulnerability in the kcfinder/browse.php component allows remote authenticated users to read arbitrary files via directory traversal (.. in the file parameter) in a download action. The issue is likely in KCFinder and may a...
KCFinder 2.51 - Local File Disclosure
No description provided by source. --------------------------------------------------- Exploit Title: KCFinder Local File Disclosure Author: DaOne Vendor Homepage: http://kcfinder.sunhater.com/ Category: webapps/php Version: 2.51 + old versions Google dork: inurl:kcfinder/browse.php...
KCFinder 2.2 - Arbitrary File Upload Vulnerability
No description provided by source. : Exploit Title: kcfinder 2.2 upload shell : : Date: 15/10/2010 : : Author: saudi0hacker : : Software Link: http://kcfinder.sunhater.com/ : : Version: 2.x : : Tested on: linux b0x : : Greetz to : All of my Friends :...
vTiger CRM 5.4.0 kcfinder LFI
Local file include vulnerability in vtiger CRM kcfinder component Vulnerability Type: Local File Include For the exploit source code contact DSquare Security sales team...
vTiger CRM 5.4.0 kcfinder File Upload
File upload vulnerability in vtiger CRM kcfinder component Vulnerability Type: File Upload For the exploit source code contact DSquare Security sales team...
KCFinder 'browse.php'任意文件上传漏洞
Bugtraq ID:66443 KCFinder是CKEditor的一个开源文件管理器插件。 KCFinder 'browse.php'脚本不正确过滤用户提交的上传文件,允许攻击者利用漏洞上传恶意文件并执行。 0 KCFinder 2.51 - 2.53 目前没有详细解决方案提供: http://kcfinder.sunhater.com/...
KCFinder 2.53 Shell Upload
Exploit Title : KCFinder Upload Shell Vulnerability + Google Dork : inurl:/kcfinder/browse.php + Date : 24/04/2014 + Exploit Author : IranianDarkCodersTeam + Home : http://www.idc-team.net + Discovered By : Black.Hack3r + Vendor Homepage : http://kcfinder.sunhater.com/ + Version : 2.51 - 2.53 +...