EUVD-2007-5705

Malware in sbrugna...

Unrestricted file upload

Unrestricted file upload vulnerability in eFileMan 7.1.0.87-88 allows remote attackers to upload arbitrary files, with "uploads/uploadfile." destination filenames, via unspecified vectors to upload.cgi, accessed from upload.html...

Improper access control

eFileMan 7.1.0.87-88 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain unspecified user information via a direct request for cgi-bin/efileman/efilemanconfig.pm...

CVE-2007-5734

Unrestricted file upload vulnerability in eFileMan 7.1.0.87-88 allows remote attackers to upload arbitrary files, with "uploads/uploadfile." destination filenames, via unspecified vectors to upload.cgi, accessed from upload.html...

CVE-2007-5735

eFileMan 7.1.0.87-88 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain unspecified user information via a direct request for cgi-bin/efileman/efilemanconfig.pm...

CVE-2007-5734

Unrestricted file upload vulnerability in eFileMan 7.1.0.87-88 allows remote attackers to upload arbitrary files, with "uploads/uploadfile." destination filenames, via unspecified vectors to upload.cgi, accessed from upload.html...

CVE-2007-5734

The CVE-2007-5734 entry concerns eFileMan 7.1.0.87-88 that permits unrestricted file uploads. The vulnerability allows remote attackers to upload arbitrary files using the uploads/upload_file. destination filenames via upload.cgi referenced from upload.html. The connected documents include no exp...

CVE-2007-5735

eFileMan 7.1.0.87-88 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain unspecified user information via a direct request for cgi-bin/efileman/efilemanconfig.pm...

CVE-2007-5735

CVE-2007-5735 affects eFileMan 7.1.0.87-88. The vulnerability arises from storing sensitive information under the web root with insufficient access control, allowing remote attackers to obtain unspecified user information via a direct request to cgi-bin/efileman/efileman_config.pm. Impact is part...

[Vulz] eFileMan 7.x Multiple Vulnerabilities by Xcross87

Software : eFileman Version : 7.x tested on 7.1.0.87-88 Found by : Xcross87 A. Remote File Upload Vulnerability : Xploit : http://victim.com/path/upload.html http://victim.com/path/cgi-bin/efileman/upload.cgi The uploaded files are stored in : http://victim.com/path/uploads/uploadfile.xxx B. Dire...

efileman-multi.txt

Software : eFileman Version : 7.x tested on 7.1.0.87-88 Found by : Xcross87 A. Remote File Upload Vulnerability : Xploit : http://victim.com/path/upload.html http://victim.com/path/cgi-bin/efileman/upload.cgi The uploaded files are stored in : http://victim.com/path/uploads/uploadfile.xxx B. Dire...