Lucene search
K

31 matches found

CVE
CVE
added 2019/02/11 2:0 a.m.40 views

CVE-2018-20778

CVE-2018-20778 corresponds to Frog CMS 0.9.5 where the vulnerability exists in the admin/?/plugin/file_manager component. The issue arises from creating a new file containing a crafted attribute of an IMG element, enabling cross-site scripting (XSS). The affected software is Frog CMS 0.9.5; root ...

6.1CVSS5.9AI score0.00826EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2018/09/03 12:0 a.m.54 views

CVE-2018-16373

Frog CMS 0.9.5 is affected by a file-upload vulnerability described as an Upload vulnerability that can create files via /admin/?/plugin/file_manager/save. The available sources (NVD/NVD-derived entries and CNVD/PRION/CVE records) consistently identify Frog CMS 0.9.5 and the file_manager/save end...

4.9CVSS5.2AI score0.01062EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2018/04/11 6:29 a.m.15 views

CVE-2018-9992

Frog CMS 0.9.5 has XSS via the name field of a new "File" or "Directory" on the admin/?/plugin/filemanager/browse/ screen...

4.8CVSS5AI score0.00534EPSS
Exploits1References1
NVD
NVD
added 2017/07/25 6:29 p.m.19 views

CVE-2015-4463

The filemanager component in eFront CMS before 3.6.15.5 allows remote authenticated users to bypass intended file-upload restrictions by appending a crafted parameter to the file URL...

6.5CVSS6.1AI score0.01063EPSS
Exploits1References2
Prion
Prion
added 2017/07/25 6:29 p.m.14 views

Design/Logic Flaw

The filemanager component in eFront CMS before 3.6.15.5 allows remote authenticated users to bypass intended file-upload restrictions by appending a crafted parameter to the file URL...

4CVSS6.7AI score0.01063EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2017/07/25 6:0 p.m.48 views

CVE-2015-4462

The CVE-2015-4462 issue affects eFront CMS pre-3.6.15.5 in the file_manager component. It enables absolute path traversal via the Upload file from url field in professor.php, allowing remote authenticated users to read arbitrary files on the server. No remediation details are provided in the conn...

6.5CVSS6.1AI score0.01104EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2017/07/25 6:0 p.m.46 views

CVE-2015-4463

The CVE-2015-4463 entry concerns the file_manager component of eFront CMS prior to version 3.6.15.5. Affected software: eFront CMS. What is vulnerable: the file_manager’s file upload handling can be bypassed by remote authenticated users through a crafted parameter appended to the file URL, enabl...

6.5CVSS6AI score0.01063EPSS
Exploits1References2Affected Software1
0day.today
0day.today
added 2015/12/10 12:0 a.m.31 views

redaxscript 2.5.0 - Multiple Vulnerabilities

Exploit for php platform in category web applications redaxscript 2.5.0 - Multiple Vulnerabilities Description The module filemanager allows for file uploads, and uses exifimagetype to check the validity of the file. By setting the first bytes of the uploaded file to that of a valid image type, a...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2015/12/10 12:0 a.m.40 views

redaxscript 2.5.0 Code Execution

Security Advisory - Curesec Research Team 1. Introduction Affected Product: redaxscript 2.5.0 Fixed in: module has been removed in version 2.6.0 Fixed Version Link: n/a Vendor Contact: [email protected] Vulnerability Type: Code Execution Remote Exploitable: Yes Reported to vendor: 10/02/2015...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2013/01/04 12:0 a.m.29 views

TomatoCart - json.php Security Bypass

TomatoCart - json.php Security Bypass source: https://www.securityfocus.com/bid/57156/info TomatoCart is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and create files with arbitrary shell script which may aid in further...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2009/08/03 12:0 a.m.38 views

MAXcms 3.11.20b - Remote File Inclusion / File Disclosure

MAXcms 3.11.20b RFI / File Disclosure Vulnerabilities I- Remote File Disclosure Vulnerabilities In /includes/inc.thcmsadmindirtree.php Code 22: if $GET"getjs"=="1" POC : http://localhost//microcms/includes/filemanager/special.php?fmincludesspecial=http://localhost/020.txt Thanx To ... | || \ \ \ ...

7.4AI score
Exploits0
Rows per page
Query Builder