586 matches found
CVE-2018-20775
admin/?/plugin/filemanager in Frog CMS 0.9.5 allows PHP code execution by creating a new .php file containing PHP code, and then visiting this file under the public/ URI...
CVE-2018-16363
The mndpsingh287 File Manager plugin V2.9 for WordPress has XSS via the lang parameter in a wp-admin/admin.php?page=wpfilemanager request because settransient is used in filefoldermanager.php and there is an echo of lang in lib\wpfilemanager.php...
PT-2018-13518 · Mndpsingh287 · Wp File Manager
Name of the Vulnerable Software and Affected Versions: mndpsingh287 File Manager plugin version 2.9 Description: The issue concerns a cross-site scripting XSS problem. It occurs via the lang parameter in a "wp-admin/admin.php?page=wp file manager" request. This happens because set transient is us...
DEBIAN-CVE-2018-10900
Network Manager VPNC plugin aka networkmanager-vpnc before version 1.2.6 is vulnerable to a privilege escalation attack. A new line character can be used to inject a Password helper parameter into the configuration data passed to VPNC, allowing an attacker to execute arbitrary commands as root...
CVE-2018-0576
Cross-site scripting vulnerability in Events Manager plugin prior to version 5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2018-0576
Cross-site scripting vulnerability in Events Manager plugin prior to version 5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2018-0576
The CVE-2018-0576 issue concerns the WordPress plugin Events Manager (prior to version 5.9). The vulnerability is a cross-site scripting (XSS) flaw that could allow remote attackers to inject arbitrary script or HTML via unspecified vectors, potentially executing in a logged-in user’s browser. Af...
CVE-2018-9020
The Events Manager plugin before 5.8.1.2 for WordPress allows XSS via the events-manager.js mapTitle parameter in the Google Maps miniature...
CVE-2018-9020
The Events Manager plugin before 5.8.1.2 for WordPress allows XSS via the events-manager.js mapTitle parameter in the Google Maps miniature...
PT-2018-18784 · WordPress · Events Manager
Name of the Vulnerable Software and Affected Versions: Events Manager plugin versions prior to 5.8.1.2 Description: The issue allows for XSS via the mapTitle parameter in the Google Maps miniature within the events-manager.js file. Recommendations: For versions prior to 5.8.1.2, update to version...
File Manager <= 5.0.0 - Information Disclosure
The Giribaz File Manager plugin logged activity related to the plugin in /wp-content/uploads/file-manager/log.txt. If user edits wp-config.php file using this plugin, the wp-config.php contents get added to the file which is not protected and contains database credentials, salts, etc. These files...
CVE-2017-18032
The CVE refers to the WordPress Download Manager plugin. Affected component: download-manager plugin for WordPress, vulnerable before version 2.9.52. Root cause: XSS via the id parameter in the wpdm_generate_password action targeting wp-admin/admin-ajax.php. Impact: cross-site scripting could all...
CVE-2015-6668
The Job Manager plugin before 0.7.25 allows remote attackers to read arbitrary CV files via a brute force attack to the WordPress upload directory structure, related to an insecure direct object reference...
CVE-2015-6668
The WordPress Job Manager plugin vulnerable versions before 0.7.25 allow remote attackers to read arbitrary CV files via an insecure direct object reference by brute-forcing the WordPress upload directory. Impact: CV file disclosure; attack vector: network, no authentication required. Remediation...
CVE-2015-7806
Eval injection vulnerability in the fmsaveHelperGatherItems function in ajax.php in the Form Manager plugin before 1.7.3 for WordPress allows remote attackers to execute arbitrary code via unspecified vectors...
CVE-2015-7806
Eval injection vulnerability in the fmsaveHelperGatherItems function in ajax.php in the Form Manager plugin before 1.7.3 for WordPress allows remote attackers to execute arbitrary code via unspecified vectors...
CVE-2015-7806
The CVE-2015-7806 issue affects the WordPress Form Manager plugin (prior to 1.7.3). The vulnerability is in the fm_saveHelperGatherItems function of ajax.php, enabling remote code execution via unspecified vectors. Multiple sources confirm RCE potential, including CNVD and WPVulndB entries noting...
CVE-2017-11611
Wolf CMS 0.8.3.1 allows Cross-Site Scripting XSS attacks. The vulnerability exists due to insufficient sanitization of the file name in a "create-file-popup" action, and the directory name in a "create-directory-popup" action, in the HTTP POST method to the "/plugin/filemanager/" script aka an...
WordPress download manager plugin elevation of privilege vulnerability
WordPress is the WordPress Software Foundation a set of blogging platform using PHP language development, the platform supports in PHP and MySQL server set up a personal blog site.WordPress Download Manager is one of the file download management plugin. A security vulnerability exists in the...
CVE-2014-9260
The CVE-2014-9260 entry concerns the WordPress Download Manager plugin. The vulnerability is in the basic_settings function of the plugin before version 2.7.3, which allows remote authenticated users to update every WordPress option. This privilege escalation enables an attacker with existing WP ...