8 matches found
CVE-2017-12756
Command inject in transfer from another server in extplorer 2.1.9 and prior allows attacker to inject command via the userfile0 parameter...
Command injection
Command inject in transfer from another server in extplorer 2.1.9 and prior allows attacker to inject command via the userfile0 parameter...
CVE-2017-12756
Command inject in transfer from another server in extplorer 2.1.9 and prior allows attacker to inject command via the userfile0 parameter...
CVE-2017-12756
CVE-2017-12756 affects extplorer, specifically versions up to 2.1.9. The flaw is a command injection in the transfer workflow from another server, exploitable via the userfile[0] parameter, enabling an attacker to execute arbitrary commands on the affected system. Debian/DLA-1063-1 notes the fix ...
UBUNTU-CVE-2016-4313
Directory traversal vulnerability in unzip/extract feature in eXtplorer 2.1.9 allows remote attackers to execute arbitrary files via a .. dot dot in an archive file...
Directory traversal
Directory traversal vulnerability in unzip/extract feature in eXtplorer 2.1.9 allows remote attackers to execute arbitrary files via a .. dot dot in an archive file...
CVE-2016-4313
Directory traversal vulnerability in unzip/extract feature in eXtplorer 2.1.9 allows remote attackers to execute arbitrary files via a .. dot dot in an archive file...
CVE-2016-4313
CVE-2016-4313 affects eXtplorer 2.1.9 (and earlier) in the unzip/extract feature, enabling directory traversal and arbitrary file writes via crafted archives containing "../". Affected component is the unzip/extract functionality; root cause is path traversal in archive extraction. Reported impac...