17 matches found
CVE-2021-33213
An SSRF vulnerability in the "Upload from URL" feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to retrieve HTTP and FTP files from the internal server network by inserting an internal address...
EUVD-2021-19923
Malware in sbrugna...
EUVD-2021-19925
Malware in sbrugna...
EUVD-2021-19924
Malware in sbrugna...
CVE-2021-33211
A Directory Traversal vulnerability in the Unzip feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to write files to arbitrary directories via relative paths in ZIP archives...
CVE-2021-33212
A Cross-site scripting XSS vulnerability in the "View in Browser" feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted SVG image...
CVE-2021-33211
A Directory Traversal vulnerability in the Unzip feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to write files to arbitrary directories via relative paths in ZIP archives...
CVE-2021-33213
An SSRF vulnerability in the "Upload from URL" feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to retrieve HTTP and FTP files from the internal server network by inserting an internal address...
CVE-2021-33213
An SSRF vulnerability in the "Upload from URL" feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to retrieve HTTP and FTP files from the internal server network by inserting an internal address...
Server side request forgery (ssrf)
An SSRF vulnerability in the "Upload from URL" feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to retrieve HTTP and FTP files from the internal server network by inserting an internal address...
Directory traversal
A Directory Traversal vulnerability in the Unzip feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to write files to arbitrary directories via relative paths in ZIP archives...
CVE-2021-33211
CVE-2021-33211 affects Elements-IT HTTP Commander 5.3.3, due to a path traversal flaw in the Unzip feature. The vulnerability allows remote authenticated users to write files to arbitrary directories by supplying relative paths inside ZIP archives, enabling potential data impact beyond the intend...
CVE-2021-33212
A Cross-site scripting XSS vulnerability in the "View in Browser" feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted SVG image...
CVE-2021-33212
Elements-IT HTTP Commander 5.3.3 contains a cross-site scripting (XSS) flaw in the "View in Browser"/"Browser View" feature. A remote authenticated user can inject arbitrary script/HTML through a crafted SVG image. Documented impact is XSS with partial integrity impact; no patch/version remediati...
CVE-2021-33213
The CVE-2021-33213 entry documents an SSRF in Elements-IT HTTP Commander 5.3.3, specifically in the Upload from URL feature. When authenticated, an attacker can supply an internal address to retrieve HTTP/FTP resources from the internal network, exposing internal resources. Root cause: SSRF in th...
Elements-IT HTTP Commander 路径遍历漏洞
Elements-IT HTTP Commander is a server-hosted, web-based file management solution from Elements-IT Germany. It provides basic functionality for working with files creating, copying, deleting, etc. and many other additional features, such as integration with cloud services, online editing of Offic...
Elements-IT HTTP Commander 跨站脚本漏洞
Elements-IT HTTP Commander is a server-hosted, web-based file management solution from Elements-IT Germany. It provides basic functionality for working with files creating, copying, deleting, etc. and many other additional features, such as integration with cloud services, online editing of Offic...