WordPress Frontend File Manager plugin plugin <= 23.4 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary File Renaming vulnerability

Insecure Direct Object Reference to Authenticated Subscriber+ Arbitrary File Renaming vulnerability discovered by t.t.brothers in WordPress Plugin Frontend File Manager versions = 23.4...

EUVD-2018-20734

Malware in sbrugna...

GeoServer Arbitrary file renaming vulnerability in REST Coverage/Data Store API

Summary An arbitrary file renaming vulnerability exists that enables an authenticated administrator with permissions to modify stores through the REST Coverage Store or Data Store API to rename arbitrary files and directories with a name that does not end in ".zip". Details Store file uploads...

GHSA-75M5-HH4R-Q9GX GeoServer Arbitrary file renaming vulnerability in REST Coverage/Data Store API

Summary An arbitrary file renaming vulnerability exists that enables an authenticated administrator with permissions to modify stores through the REST Coverage Store or Data Store API to rename arbitrary files and directories with a name that does not end in ".zip". Details Store file uploads...

The vulnerability of the CmActLicense component in the CodeMeter license management application allows a violator to rename any files at will.

The vulnerability of the CmActLicense component in the CodeMeter license management application is related to errors in verifying the cryptographic signature. Exploiting this vulnerability could allow a malicious actor to rename arbitrary files remotely...

Phoenix Media Rename < 3.4.4 - Author Arbitrary Media File Renaming

The plugin does not have capability checks in its phoenixmediarename AJAX action, which could allow users with Author roles to rename any uploaded media files, including ones they do not own. As an Author, go to the page to edit one of your own Media ie /wp-admin/post.php?post=1993&action=edit,...

Directory traversal

The Media File Manager plugin 1.4.2 for WordPress allows arbitrary file renaming specifying a "from" and "to" filename via a ../ directory traversal in the dir parameter of an mrelocatorrename action to the wp-admin/admin-ajax.php URI...

CVE-2018-19043

The Media File Manager plugin 1.4.2 for WordPress allows arbitrary file renaming specifying a "from" and "to" filename via a ../ directory traversal in the dir parameter of an mrelocatorrename action to the wp-admin/admin-ajax.php URI...

zzzcms v1.5.3.0129 version exists arbitrary file renaming vulnerability

zzcms is a free website builder developed in asp language. zzzcms v1.5.3.0129 version of the existence of arbitrary file renaming vulnerability. The vulnerability stems from the fact that the file name and path of the file to be renamed are not filtered, which can be exploited by an attacker to...

Arbitrary File Renaming Vulnerability in KingCMS v6.1.1641_Sp2 Version

KingCMS is a set of easy to learn, simple to operate open source content management system CMS, support for PHP + sqLite3/MySQL and ASP + ACCESS/MSSQL, dedicated to the professional development of oriented programs and enterprise website construction system. KingCMS v6.1.1641Sp2 version of...