Roxy Fileman 1.4.5 - Unrestricted File Upload

Roxy Fileman 1.4.5 is susceptible to unrestricted file upload via upload.php. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. id: CVE-2018-20526 info: name: Roxy Fileman 1.4.5 -...

EUVD-2019-16718

Malware in sbrugna...

EUVD-2018-4025

Malware in sbrugna...

EUVD-2017-9552

Malware in sbrugna...

EUVD-2018-13417

Malware in sbrugna...

EUVD-2022-44063

Malicious code in bioql PyPI...

VulnCheck KEV: CVE-2018-20526

Roxy Fileman 1.4.5 allows unrestricted file upload in upload.php...

CVE-2022-40797

Roxy Fileman 1.4.6 allows Remote Code Execution via a .phar upload, because the default FORBIDDENUPLOADS value in conf.json only blocks .php, .php4, and .php5 files. Visiting any .phar file invokes the PHP interpreter in some realistic web-server configurations...

CVE-2018-20525

Roxy Fileman 1.4.5 allows Directory Traversal in copydir.php, copyfile.php, and fileslist.php...

CVE-2018-12042

Roxy Fileman through v1.4.5 has Directory traversal via the php/download.php f parameter...

CVE-2019-25105

A vulnerability, which was classified as problematic, was found in dro.pm. This affects an unknown part of the file web/fileman.php. The manipulation of the argument secret/key leads to cross site scripting. It is possible to initiate the attack remotely. This product does not use versioning. Thi...

CVE-2018-20526

Roxy Fileman 1.4.5 allows unrestricted file upload in upload.php...

Roxy Fileman 1.4.5 - Arbitrary File Upload

Exploit Title: Roxy Fileman 1.4.5 - Arbitrary File Upload Date: 09/04/2023 Exploit Author: Zer0FauLT [email protected] Vendor Homepage: roxyfileman.com Software Link: https://web.archive.org/web/20190317053437/http://roxyfileman.com/download.php?f=1.4.5-net Version: = 1.4.5 Tested on: Window...

Roxy Fileman 1.4.5 - Arbitrary File Upload Vulnerability

Exploit Title: Roxy Fileman 1.4.5 - Arbitrary File Upload Exploit Author: Zer0FauLT email protected Vendor Homepage: roxyfileman.com Software Link: https://web.archive.org/web/20190317053437/http://roxyfileman.com/download.php?f=1.4.5-net Version: = 1.4.5 Tested on: Windows 10 and Windows Server...

dro.pm 跨站脚本漏洞

dro.pm is an application by Luc Gommans personal developer. Used to remove links, text and files for easy sharing A cross-site scripting vulnerability exists in previous versions of dro.pm fa73c3a42bc5c246a1b8f815699ea241aef154bb, which stems from a security issue in the unknown section of the fi...

PT-2023-11363 · Dro.Pm · Dro.Pm

Name of the Vulnerable Software and Affected Versions: dro.pm affected versions not specified Description: A problematic issue was found in dro.pm, affecting an unknown part of the file web/fileman.php. The manipulation of the secret/key argument leads to cross-site scripting. It is possible to...

Roxy Fileman 1.4.6 Remote Shell Upload Exploit

Exploit Title: Roxy Fileman Vendor Homepage: roxyfileman.com Software Link: https://web.archive.org/web/20210126213412/https://roxyfileman.com/download.php?f=1.4.6-php Version: \t\n' banner += '\t\t\t\t\t\t\n' banner += '\n' parser = OptionParser parser.addoption"-u", "--url", dest="url", help="u...

Roxy Fileman 1.4.6 Remote Shell Upload

Exploit Title: Roxy Fileman Vendor Homepage: roxyfileman.com Software Link: https://web.archive.org/web/20210126213412/https://roxyfileman.com/download.php?f=1.4.6-php Version: \t\n' banner += '\t\t\t\t\t\t\n' banner += '\n' parser = OptionParser parser.addoption"-u", "--url", dest="url", help="u...

CVE-2022-40797

Roxy Fileman 1.4.6 allows Remote Code Execution via a .phar upload, because the default FORBIDDENUPLOADS value in conf.json only blocks .php, .php4, and .php5 files. Visiting any .phar file invokes the PHP interpreter in some realistic web-server configurations...

CVE-2022-40797

Roxy Fileman 1.4.6 allows Remote Code Execution via a .phar upload, because the default FORBIDDENUPLOADS value in conf.json only blocks .php, .php4, and .php5 files. Visiting any .phar file invokes the PHP interpreter in some realistic web-server configurations...