30 matches found
CVE-2003-1539
Cross-site scripting XSS vulnerability in ONEdotOH Simple File Manager SFM before 0.21 allows remote attackers to inject arbitrary web script or HTML via 1 file names and 2 directory names...
CVE-2003-1539
The CVE-2003-1539 entry affects the ONEdotOH Simple File Manager (SFM) CGI (fm.php) prior to version 0.21. The vulnerability arises from improper validation of directory and file names, enabling cross-site scripting (XSS) by an attacker who can supply crafted names. Impact is remote XSS via manip...
CVE-2006-6376
Multiple directory traversal vulnerabilities in fm.php in Simple File Manager SFM 0.24a allow remote attackers to use ".." sequences to 1 read arbitrary files via the filename parameter in a download action, 2 delete arbitrary files via the delete parameter, and 3 modify arbitrary files via the...
CVE-2006-6376
The CVE-2006-6376 entry refers to multiple directory traversal vulnerabilities in Simple File Manager (SFM) 0.24a, specifically in the fm.php component. The underlying issue allows an attacker to manipulate .. directory traversals to (1) read arbitrary files via the filename parameter in a downlo...
EUVD-2006-6359
Multiple directory traversal vulnerabilities in fm.php in Simple File Manager SFM 0.24a allow remote attackers to use ".." sequences to 1 read arbitrary files via the filename parameter in a download action, 2 delete arbitrary files via the delete parameter, and 3 modify arbitrary files via the...
CVE-2006-3160
Cross-site scripting XSS vulnerability in fm.php in ONEdotOH Simple File Manager SFM 0.24a and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter...
CVE-2006-3160
The CVE-2006-3160 entry describes a Cross-Site Scripting (XSS) vulnerability in ONEdotOH Simple File Manager (SFM) up to version 0.24a, specifically in fm.php where the msg parameter can be leveraged to inject arbitrary script/HTML. The vulnerability affects the fm.php component and arises from i...
CVE-2006-3160
Cross-site scripting XSS vulnerability in fm.php in ONEdotOH Simple File Manager SFM 0.24a and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter...
CVE-2003-1539
Cross-site scripting XSS vulnerability in ONEdotOH Simple File Manager SFM before 0.21 allows remote attackers to inject arbitrary web script or HTML via 1 file names and 2 directory names...
Simple File Manager Directory / Filename XSS
The remote Simple File Manager CGI fm.php improperly validates the names of the directories entered and created by the user. As a result, a user could generate a cross-site scripting attack on this host. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...