Lucene search
K

50 matches found

Prion
Prion
added 2019/07/28 1:15 a.m.19 views

Cross site scripting

A cross-site scripting XSS vulnerability in upload.php in SunHater KCFinder 3.20-test1, 3.20-test2, 3.12, and earlier allows remote attackers to inject arbitrary web script or HTML via the CKEditorFuncNum parameter...

4.3CVSS5.9AI score0.01242EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2019/07/28 12:23 a.m.86 views

CVE-2019-14315

The CVE-2019-14315 entry documents a cross-site scripting (XSS) vulnerability in SunHater KCFinder where upload.php is affected in versions 3.20-test1, 3.20-test2, 3.12 and earlier. The root cause involves improper handling of input that allows an attacker to inject arbitrary web script or HTML v...

6.1CVSS5.9AI score0.01242EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/07/28 12:23 a.m.25 views

CVE-2019-14315

A cross-site scripting XSS vulnerability in upload.php in SunHater KCFinder 3.20-test1, 3.20-test2, 3.12, and earlier allows remote attackers to inject arbitrary web script or HTML via the CKEditorFuncNum parameter...

6AI score0.01242EPSS
Exploits1References1
CNVD
CNVD
added 2018/11/13 12:0 a.m.6 views

ClipperCMS File Upload Vulnerability

ClipperCMS is a content management system CMS. A security vulnerability exists in ClipperCMS version 1.3.3, which stems from the program failing to implement cross-site request forgery protection for kcfinder file uploads. A remote attacker can exploit this vulnerability to upload files...

8.8CVSS8.8AI score0.02962EPSS
Exploits5References1
Exploit DB
Exploit DB
added 2018/11/13 12:0 a.m.35 views

ClipperCMS 1.3.3 - Cross-Site Request Forgery (File Upload)

Exploit Title: ClipperCMS 1.3.3 File Upload CSRF Vulnerability Date: 2018-11-11 Exploit Author: Ameer Pornillos Website: http://ethicalhackers.club Vendor Homepage: http://www.clippercms.com/ Software Link: https://github.com/ClipperCMS/ClipperCMS/releases/tag/clipper1.3.3 Version: 1.3.3 Tested o...

8.8CVSS8.8AI score0.02962EPSS
Exploits5
NVD
NVD
added 2018/11/11 4:29 a.m.27 views

CVE-2018-19135

ClipperCMS 1.3.3 does not have CSRF protection on its kcfinder file upload enabled by default. This can be used by an attacker to perform actions for an admin or any user with the file upload capability. With this vulnerability, one can automatically upload files by default, it allows html, pdf,...

8.8CVSS8.7AI score0.02962EPSS
Exploits5References2
Prion
Prion
added 2018/11/11 4:29 a.m.10 views

Design/Logic Flaw

ClipperCMS 1.3.3 does not have CSRF protection on its kcfinder file upload enabled by default. This can be used by an attacker to perform actions for an admin or any user with the file upload capability. With this vulnerability, one can automatically upload files by default, it allows html, pdf,...

6.8CVSS8.7AI score0.02962EPSS
Exploits5References2Affected Software1
Packet Storm
Packet Storm
added 2018/05/24 12:0 a.m.32 views

LikeSoftware CMS Cross Site Request Forgery / Shell Upload

Exploit Title: LikeSoftware CMS - Arbitrary File Upload Google Dork: inurl:/painel/kcfinder/upload/ For easy you can using Google Search Image Date: 2018-05-24 Exploit Author: Mr.7z Vendor Homepage: http://www.likesoftware.com.br/ Software Link: - Tested on: Windows 10 64bit Home Edition Exploit:...

0.5AI score
Exploits0
Drupal
Drupal
added 2018/05/09 12:0 a.m.8 views

KCFinder integration - Critical - Unsupported Module - SA-CONTRIB-2018-024

KCFinder is a multi-language file / image manager you can use to easily select, insert, upload and arrange images, flash movies, and other kinds of files. The security team is marking this module unsupported. There is a known security issue with the module that has not been fixed by the maintaine...

7.2AI score
Exploits0References2
Prion
Prion
added 2014/12/03 1:59 a.m.13 views

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in SunHater KCFinder 3.11 and earlier allows remote attackers to inject arbitrary web script or HTML via 1 file or 2 directory folder name of an uploaded file...

4.3CVSS6.1AI score0.014EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2014/12/03 1:59 a.m.14 views

CVE-2014-3988

Cross-site scripting XSS vulnerability in index.php in SunHater KCFinder 3.11 and earlier allows remote attackers to inject arbitrary web script or HTML via 1 file or 2 directory folder name of an uploaded file...

4.3CVSS5.7AI score0.014EPSS
Exploits1References1
CVE
CVE
added 2014/12/03 1:0 a.m.40 views

CVE-2014-3988

CVE-2014-3988 is an XSS vulnerability in SunHater KCFinder 3.11 and earlier, exploitable via the file or directory name of an uploaded file in index.php. The published description states that remote attackers can inject arbitrary web script or HTML. Affected software/versions are explicitly SunHa...

4.3CVSS5.8AI score0.014EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2014/08/12 11:55 p.m.19 views

Directory traversal

Directory traversal vulnerability in kcfinder/browse.php in Vtiger CRM before 6.0.0 Security patch 1 allows remote authenticated users to read arbitrary files via a .. dot dot in the file parameter in a download action. NOTE: it is likely that this issue is actually in the KCFinder third-party...

4CVSS6.5AI score0.08795EPSS
Exploits10References3Affected Software1
CVE
CVE
added 2014/08/12 11:0 p.m.98 views

CVE-2014-1222

CVE-2014-1222 affects Vtiger CRM prior to 6.0.0 Security Patch 1, where a vulnerability in the kcfinder/browse.php component allows remote authenticated users to read arbitrary files via directory traversal (.. in the file parameter) in a download action. The issue is likely in KCFinder and may a...

4CVSS8.5AI score0.08795EPSS
Exploits10References3Affected Software1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.43 views

KCFinder 2.51 - Local File Disclosure

No description provided by source. --------------------------------------------------- Exploit Title: KCFinder Local File Disclosure Author: DaOne Vendor Homepage: http://kcfinder.sunhater.com/ Category: webapps/php Version: 2.51 + old versions Google dork: inurl:kcfinder/browse.php...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.46 views

KCFinder 2.2 - Arbitrary File Upload Vulnerability

No description provided by source. : Exploit Title: kcfinder 2.2 upload shell : : Date: 15/10/2010 : : Author: saudi0hacker : : Software Link: http://kcfinder.sunhater.com/ : : Version: 2.x : : Tested on: linux b0x : : Greetz to : All of my Friends :...

7.1AI score
Exploits0
Dsquare
Dsquare
added 2014/04/02 12:0 a.m.132 views

vTiger CRM 5.4.0 kcfinder LFI

Local file include vulnerability in vtiger CRM kcfinder component Vulnerability Type: Local File Include For the exploit source code contact DSquare Security sales team...

4CVSS0.5AI score0.08795EPSS
Exploits10References2
Dsquare
Dsquare
added 2014/04/02 12:0 a.m.55 views

vTiger CRM 5.4.0 kcfinder File Upload

File upload vulnerability in vtiger CRM kcfinder component Vulnerability Type: File Upload For the exploit source code contact DSquare Security sales team...

6.5CVSS0.5AI score0.43103EPSS
Exploits6References2
seebug.org
seebug.org
added 2014/03/31 12:0 a.m.83 views

KCFinder 'browse.php'任意文件上传漏洞

Bugtraq ID:66443 KCFinder是CKEditor的一个开源文件管理器插件。 KCFinder 'browse.php'脚本不正确过滤用户提交的上传文件,允许攻击者利用漏洞上传恶意文件并执行。 0 KCFinder 2.51 - 2.53 目前没有详细解决方案提供: http://kcfinder.sunhater.com/...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2014/03/24 12:0 a.m.112 views

KCFinder 2.53 Shell Upload

Exploit Title : KCFinder Upload Shell Vulnerability + Google Dork : inurl:/kcfinder/browse.php + Date : 24/04/2014 + Exploit Author : IranianDarkCodersTeam + Home : http://www.idc-team.net + Discovered By : Black.Hack3r + Vendor Homepage : http://kcfinder.sunhater.com/ + Version : 2.51 - 2.53 +...

Exploits0
Rows per page
Query Builder