63 matches found
CVE-2022-40797
CVE-2022-40797 affects Roxy Fileman 1.4.6. The vulnerability is a remote code execution via uploading a .phar file, because conf.json’s FORBIDDEN_UPLOADS setting only blocks .php, .php4, and .php5. In some web-server configurations visiting a .phar file can execute the PHP interpreter, enabling a...
CVE-2019-19731
Roxy Fileman 1.4.5 for .NET is vulnerable to path traversal. A remote attacker can write uploaded files to arbitrary locations via the RENAMEFILE action. This can be leveraged for code execution by uploading a specially crafted Windows shortcut file and writing the file to the Startup folder...
Path traversal
Roxy Fileman 1.4.5 for .NET is vulnerable to path traversal. A remote attacker can write uploaded files to arbitrary locations via the RENAMEFILE action. This can be leveraged for code execution by uploading a specially crafted Windows shortcut file and writing the file to the Startup folder...
CVE-2019-19731
Roxy Fileman 1.4.5 for .NET is vulnerable to path traversal. A remote attacker can write uploaded files to arbitrary locations via the RENAMEFILE action. This can be leveraged for code execution by uploading a specially crafted Windows shortcut file and writing the file to the Startup folder...
CVE-2019-19731
CVE-2019-19731 affects Roxy Fileman 1.4.5 for .NET. The vulnerability is a path traversal flaw that allows a remote attacker to write uploaded files to arbitrary locations via the RENAMEFILE action. Documents describe that this can enable code execution by uploading a crafted Windows shortcut fil...
Roxy Fileman Path Traversal Vulnerability (CNVD-2020-03726)
Roxy Fileman is a set of open source file browser for . A path traversal vulnerability exists in Roxy Fileman version 1.4.5 for . The vulnerability stems from a failure of a networked system or product to properly filter special elements in the path of a resource or file. An attacker could use th...
Roxy Fileman 1.4.5 - Directory Traversal
Exploit Title: Roxy Fileman 1.4.5 - Directory Traversal Author: Patrik Lantz Date: 2019-12-06 Software: Roxy Fileman Version: 1.4.5 Vendor Homepage: http://www.roxyfileman.com/ Software Link: http://www.roxyfileman.com/download.php?f=1.4.5-net CVE: CVE-2019-19731 Tested on: ASP.NET 4.0.30319 and...
Roxy Fileman 1.4.5 - Directory Traversal
Roxy Fileman 1.4.5 - Directory Traversal Exploit Title: Roxy Fileman 1.4.5 - Directory Traversal Author: Patrik Lantz Date: 2019-12-06 Software: Roxy Fileman Version: 1.4.5 Vendor Homepage: http://www.roxyfileman.com/ Software Link: http://www.roxyfileman.com/download.php?f=1.4.5-net CVE:...
Roxy Fileman 1.4.5 For .NET Directory Traversal Vulnerability
Exploit for php platform in category web applications =========================== Exploit Title: Roxy Fileman 1.4.5 for .NET - Directory Traversal Software: Roxy Fileman Version: 1.4.5 Vendor Homepage: http://www.roxyfileman.com/ Software Link: http://www.roxyfileman.com/download.php?f=1.4.5-net...
Roxy Fileman 1.4.5 For .NET Directory Traversal
=========================== Exploit Title: Roxy Fileman 1.4.5 for .NET - Directory Traversal Software: Roxy Fileman Version: 1.4.5 Vendor Homepage: http://www.roxyfileman.com/ Software Link: http://www.roxyfileman.com/download.php?f=1.4.5-net CVE number: CVE-2019-19731 Found: 2019-12-06 Tested on...
nopCommerce Path Traversal Vulnerability
nopCommerce is an open source e-commerce shopping cart software. roxy Fileman is a free open source file browser for .NET and PHP , can be integrated into the CKEditor and TinyMCE WYSIWYG html editor . Roxy Fileman used in nopCommerce 4.2.0 suffers from . /path traversal vulnerability can be...
nopCommerce Cross-Site Request Forgery Vulnerability
nopCommerce is an open source e-commerce shopping cart software. roxy Fileman is a free open source file browser for .NET and PHP , can be integrated into the CKEditor and TinyMCE WYSIWYG html editor . A cross-site request forgery vulnerability exists in Roxy Fileman used in nopCommerce 4.2.0,...
Design/Logic Flaw
Roxy Fileman 1.4.5 allows attackers to execute renamefile.php aka Rename File, createdir.php aka Create Directory, fileslist.php aka Echo File List, and movefile.php aka Move File operations...
CVE-2019-7174
Roxy Fileman 1.4.5 allows attackers to execute renamefile.php aka Rename File, createdir.php aka Create Directory, fileslist.php aka Echo File List, and movefile.php aka Move File operations...
CVE-2019-7174
Roxy Fileman 1.4.5 allows attackers to execute renamefile.php aka Rename File, createdir.php aka Create Directory, fileslist.php aka Echo File List, and movefile.php aka Move File operations...
CVE-2019-7174
Roxy Fileman 1.4.5 allows attackers to execute renamefile.php aka Rename File, createdir.php aka Create Directory, fileslist.php aka Echo File List, and movefile.php aka Move File operations...
CVE-2019-7174
CVE-2019-7174 pertains to Roxy Fileman 1.4.5, where attackers can trigger the server to perform file-management operations via renamefile.php, createdir.php, fileslist.php, and movefile.php. The affected component is the Fileman web interface; the description notes these endpoints can be executed...
CVE-2018-20525
Roxy Fileman 1.4.5 allows Directory Traversal in copydir.php, copyfile.php, and fileslist.php...
CVE-2018-20525
Roxy Fileman 1.4.5 allows Directory Traversal in copydir.php, copyfile.php, and fileslist.php...
CVE-2018-20526
Roxy Fileman 1.4.5 allows unrestricted file upload in upload.php...