4 matches found
CVE-2008-2110
Unrestricted file upload vulnerability in qtofm.php in QTOFileManager 1.0 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request...
CVE-2006-3406
Directory traversal vulnerability in qtofm.php in QTOFileManager 1.0 allows remote attackers to modify arbitrary files via a .. dot dot sequence in the edit parameter...
CVE-2006-3405
CVE-2006-3405 is a cross-site scripting (XSS) vulnerability in QTOFileManager 1.0 , exploitable via the qtofm.php parameters: (1) delete, (2) pathext, and (3) edit. The NVD entry notes a base score of 5.8 (MEDIUM) with network attack vector, requiring no authentication and partial impact on confi...
QTOFileManager 1.0
-------------------------- Cross Site Scripting XSS -------------------------- http://target.xx/qtofm.php?delete=3Cscript3Ealert22Ellipsis20Security20Test223C/script3E&u=username&pathext=1...