WordPress Shared Files plugin <= 1.6.60 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Mika in WordPress Shared Files plugin versions = 1.6.60. Solution Update the WordPress Shared Files plugin to the latest available version at least 1.6.61...

Shared Files < 1.6.61 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape the Download Counter Text settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC Put the following payload in the Download Counter Text settings and tick the Show...

Shared Files < 1.6.61 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape the Download Counter Text settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Put the following payload in the Download Counter Text settings and tick the Show Downlo...

WordPress Shared Files plugin <= 1.6.56 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Shivam Rai in WordPress Shared Files plugin versions = 1.6.56. Solution Update the WordPress Shared Files plugin to the latest available version at least 1.6.57...

Shared Files < 1.6.57 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings before outputting them in attributes, which could lead to Stored Cross-Site Scripting issues. PoC Put the following payload in the "Folder for new files" and "Maximum size of uploaded file" settings of the plugin: "...

Shared Files < 1.6.57 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings before outputting them in attributes, which could lead to Stored Cross-Site Scripting issues. Put the following payload in the "Folder for new files" and "Maximum size of uploaded file" settings of the plugin: "alert/XSS/...

CVE-2021-32734

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, the Nextcloud Text application shipped with Nextcloud Server returned verbatim exception messages to the user. This could result in a full path disclosure on shared files. The issu...

CVE-2021-32734 File path disclosure of shared files in Nextcloud Text application

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, the Nextcloud Text application shipped with Nextcloud Server returned verbatim exception messages to the user. This could result in a full path disclosure on shared files. The issu...

File path disclosure of shared files in Nextcloud Text application

None...

Nextcloud 信息泄露漏洞

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. An information disclosure vulnerability exists in Nextcloud Server in versions prior to 19.0.13, 20.011, and 21.0.3, which could result in the full path of a...

Cisco Webex Teams 安全漏洞

Cisco Webex Teams is a comprehensive communications application designed to provide you with all the necessary tools and the right environment to enhance team collaboration. A shared file manipulation vulnerability exists in versions prior to Cisco Webex Teams 40.12.0.17293. The vulnerability ste...

CVE-2020-11797

An Authentication Bypass vulnerability in the Published Area of the web conferencing component of Mitel MiCollab AWV before 8.1.2.4 and 9.x before 9.1.3 could allow an unauthenticated attacker to gain access to unauthorized information due to insufficient access validation. A successful exploit...

CVE-2020-11797

An Authentication Bypass vulnerability in the Published Area of the web conferencing component of Mitel MiCollab AWV before 8.1.2.4 and 9.x before 9.1.3 could allow an unauthenticated attacker to gain access to unauthorized information due to insufficient access validation. A successful exploit...

CVE-2020-11797

An Authentication Bypass vulnerability in the Published Area of the web conferencing component of Mitel MiCollab AWV before 8.1.2.4 and 9.x before 9.1.3 could allow an unauthenticated attacker to gain access to unauthorized information due to insufficient access validation. A successful exploit...

CVE-2020-9423

LogicalDoc before 8.3.3 could allow an attacker to upload arbitrary files, leading to command execution or retrieval of data from the database. LogicalDoc provides a functionality to add documents. Those documents could then be used for multiple tasks, such as version control, shared among users,...

CVE-2019-17334 TIBCO Spotfire Analyst and Desktop Remote Code Execution Via Shared Files

The Visualizations component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop, and TIBCO Spotfire Desktop Language Packs contains a vulnerability that theoretically allows an attacker with...

TerraMaster F2-210 Information Disclosure Vulnerability (CNVD-2019-38809)

The Terramaster F2-210 is an entry-level two-drive NAS. An information disclosure vulnerability exists in the TerraMaster F2-210. An attacker could exploit this vulnerability to gain unauthorized read access to shared files...

Nextcloud Server Session Fixation Vulnerability

Nextcloud is an open source self-hosted file synchronization and sharing communication application platform from Nextcloud Germany.Nextcloud Server is one of the server version. A session fixation vulnerability exists in Nextcloud Server versions prior to 14.0.0, 13.0.3, and 12.0.8, which can be...

Nextcloud Server Privilege Authentication Vulnerability

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform.Nextcloud Server is one of the server version. A privilege authentication vulnerability exists in versions of Nextcloud Server prior to 14.0.0, which can be exploited by an attacker t...

ASUSTOR Data Master File Disclosure Vulnerability

ASUSTOR Data Master ADM is a dedicated operating system for ASUSTOR NAS storage devices from ASUSTOR. A file disclosure vulnerability exists in ASUSTOR ADM 3.1.5 and earlier versions. A remote attacker can exploit this vulnerability by sending a request to the downloadwallpaper.cgi file and...