Malicious code in com.outsystems.plugins.fileviewer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 68e48c3e2dce6b01b3a80e3284dea055908e7c232a4f9fa11407fd851f4c0ecc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-2047 Malicious code in com.outsystems.plugins.fileviewer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 68e48c3e2dce6b01b3a80e3284dea055908e7c232a4f9fa11407fd851f4c0ecc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2021-24491

The Fileviewer WordPress plugin through 2.2 does not have CSRF checks in place when performing actions such as upload and delete files. As a result, attackers could make a logged in administrator delete and upload arbitrary files via a CSRF attack...

CVE-2021-24491

The Fileviewer WordPress plugin through 2.2 does not have CSRF checks in place when performing actions such as upload and delete files. As a result, attackers could make a logged in administrator delete and upload arbitrary files via a CSRF attack...

Cross site request forgery (csrf)

The Fileviewer WordPress plugin through 2.2 does not have CSRF checks in place when performing actions such as upload and delete files. As a result, attackers could make a logged in administrator delete and upload arbitrary files via a CSRF attack...

CVE-2021-24491

CVE-2021-24491 concerns the WordPress plugin Fileviewer (<= 2.2), where actions like file upload and deletion lack CSRF protection. The root cause is missing CSRF checks, enabling a CSRF attack that could cause a logged-in administrator to delete or upload arbitrary files. The vulnerability is...

CVE-2021-24491 Fileviewer <= 2.2 - Arbitrary File Upload/Deletion via CSRF

The Fileviewer WordPress plugin through 2.2 does not have CSRF checks in place when performing actions such as upload and delete files. As a result, attackers could make a logged in administrator delete and upload arbitrary files via a CSRF attack...

WordPress 插件跨站请求伪造漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in WordPress Fileviewer that stems from the WEB application not...

Fileviewer <= 2.2 - Arbitrary File Upload/Deletion via CSRF

The plugin does not have CSRF checks in place when performing actions such as upload and delete files. As a result, attackers could make a logged in administrator delete and upload arbitrary files via a CSRF attack To delete /phpinfo.php:...

Fileviewer <= 2.2 - Arbitrary File Upload/Deletion via CSRF

The plugin does not have CSRF checks in place when performing actions such as upload and delete files. As a result, attackers could make a logged in administrator delete and upload arbitrary files via a CSRF attack PoC To delete /phpinfo.php:...

Unspecified Vulnerability in Webgrind

Webgrind is a set of PHP execution time analysis tool . A security vulnerability exists in Webgrind version 1.5, which is caused by the program relying on user input to display files. The vulnerability can be exploited to view files on the local file system that are accessible to the Webserver us...

PT-2018-11466 · Webgrind · Webgrind

Name of the Vulnerable Software and Affected Versions: Webgrind version 1.5 Description: The issue allows anyone to view files from the local filesystem that the webserver user has access to. This is achieved by manipulating the file parameter in the /index.php API endpoint, specifically through...

CVE-2015-0783

The FileViewer class in Novell ZENworks Configuration Management ZCM allows remote authenticated users to read arbitrary files via the filename variable...

Design/Logic Flaw

The FileViewer class in Novell ZENworks Configuration Management ZCM allows remote authenticated users to read arbitrary files via the filename variable...

CVE-2015-0783

The FileViewer class in Novell ZENworks Configuration Management ZCM allows remote authenticated users to read arbitrary files via the filename variable...

CVE-2015-0783

The CVE-2015-0783 issue affects Novell ZENworks Configuration Management (ZENworks) FileViewer class. The vulnerability stems from inadequate sanitization of the filename parameter, allowing an authenticated remote user to disclose arbitrary server files. Exploitation does not require user intera...

Novell ZENworks Configuration Management FileViewer Information Disclosure (CVE-2015-0783)

An information disclosure vulnerability exists in Novell ZENworks Configuration Management. The vulnerability is due to lack of sanitization on the filename parameter within the FileViewer class. By sending crafted requests to the target server, a remote attacker can leverage this vulnerability t...

Novell ZENworks 'FileViewer' Class Information Disclosure Vulnerability

Novell ZENworks is a suite of software that supports automated IT management and business process management across resources within an organization. Novell ZENworks' FileViewer class fails to adequately filter the 'filename' variable, allowing remote attackers to read arbitrary files and obtain...

Novell Zenworks FileViewer Information Disclosure Vulnerability

This vulnerability allows attackers to obtain sensitive information on vulnerable installations of Novell Zenworks. User interaction is not required to exploit this vulnerability. The specific flaw exists within the FileViewer class. The issue lies in the failure to sanitize the "filename"...

Dotproject 2.1.5 SQL Injection / Cross Site Scripting

exploit title: sql injection in dotproject 2.1.5 date 21.o2.2o11 author: lemlajt software : dotproject version: 2.1.5 tested on: linux cve : http://dotproject.net/ PoC : http://localhost/www/cmsadmins/dotpro/dotproject/fileviewer.php?fileid=' in src: 2 ./dotproject/fileviewer.php: 127...