Quixplorer <=2.4.1 - Cross-Site Scripting

Quixplorer through 2.4.1 contains a cross-site scripting vulnerability. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site, which can allow the attacker to steal cookie-based authentication credentials and launch other attacks. id:...

EUVD-2013-1673

Malware in sbrugna...

Quixplorer Input Validation Error Vulnerability

QuiXplorer is a web-based file manager that supports document uploading, downloading, searching, editing and more. Quixplorer has an input validation error vulnerability in version 2.4.1 and earlier, which originates from a cross-site scripting attack caused by improper user-supplied input...

CVE-2020-24902

Quixplorer =2.4.1 is vulnerable to reflected cross-site scripting XSS caused by improper validation of user supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute a script in a victim's Web browser within the security context of the hosting Web...

Cross site scripting

Quixplorer =2.4.1 is vulnerable to reflected cross-site scripting XSS caused by improper validation of user supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute a script in a victim's Web browser within the security context of the hosting Web...

CVE-2020-24902

Quixplorer =2.4.1 is vulnerable to reflected cross-site scripting XSS caused by improper validation of user supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute a script in a victim's Web browser within the security context of the hosting Web...

CVE-2020-24902

Quixplorer affects versions up to 2.4.1 and is vulnerable to a reflected XSS due to improper input validation. An attacker can craft a URL that executes arbitrary JavaScript in the victim’s browser within the site’s context, potentially stealing cookie-based credentials. The connected Nuclei temp...

QuiXplorer 跨站脚本漏洞

QuiXplorer is a web-based file manager that supports document uploading, downloading, searching, editing and more. Quixplorer has an input validation error vulnerability in version 2.4.1 and earlier, which originates from a cross-site scripting attack caused by improper user-supplied input...

CVE-2013-1642

Multiple cross-site scripting XSS vulnerabilities in QuiXplorer before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via the 1 dir, 2 item, 3 order, 4 searchitem, 5 selitems, or 6 srt parameter to index.php or 7 the QUERYSTRING to index.php...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in QuiXplorer before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via the 1 dir, 2 item, 3 order, 4 searchitem, 5 selitems, or 6 srt parameter to index.php or 7 the QUERYSTRING to index.php...

CVE-2013-1642

Multiple cross-site scripting XSS vulnerabilities in QuiXplorer before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via the 1 dir, 2 item, 3 order, 4 searchitem, 5 selitems, or 6 srt parameter to index.php or 7 the QUERYSTRING to index.php...

CVE-2013-1642

QuiXplorer (before 2.5.5) is affected by multiple XSS vulnerabilities. The issue enables remote attackers to inject arbitrary web script or HTML via parameters (dir, item, order, searchitem, selitems[], srt) to index.php or via QUERY_STRING. Impact includes possible client-side script execution; ...

Quixplorer 2.4.1 Beta Cross Site Scripting

Exploit Title: Reflected XSS in quixplorer-2.4.1beta Google Dork: intitle:"My Download Server" Date: 04/24/2018 Exploit Author: Adriano Marcio Monteiro @adrianomarcmont Exploit Author Site: https://www.brztec.com Exploit Author E-mail: [email protected] Vendor Homepage:...

TYPO3 Typo3 Quixplorer扩展跨站请求伪造漏洞

No description provided by source...

CVE-2013-1641

Directory traversal vulnerability in the zip download functionality in QuiXplorer before 2.5.5 allows remote attackers to read arbitrary files via a .. dot dot in the selitems parameter in a downloadselected action to index.php...

Directory traversal

Directory traversal vulnerability in the zip download functionality in QuiXplorer before 2.5.5 allows remote attackers to read arbitrary files via a .. dot dot in the selitems parameter in a downloadselected action to index.php...

CVE-2013-1641

Directory traversal vulnerability in the zip download functionality in QuiXplorer before 2.5.5 allows remote attackers to read arbitrary files via a .. dot dot in the selitems parameter in a downloadselected action to index.php...

CVE-2013-1641

Summary (CVE-2013-1641) : QuiXplorer before 2.5.5 is vulnerable to a directory traversal in the zip download functionality. An attacker can read arbitrary files by injecting a ".." sequence into the selitems[] parameter of a download_selected action to index.php. This exposes sensitive files on t...

TinyWebGallery <= 1.7.6 LFI / Remote Code Execution Exploit

No description provided by source. ?php / ----------------------------------------------------------- TinyWebGallery = 1.7.6 LFI / Remote Code Execution Exploit ----------------------------------------------------------- author...: EgiX mail.....: n0b0d13satgmaildotcom link.....:...

QuiXplorer 'index.php' Arbitrary File Upload Vulnerability

QuiXplorer is prone to an arbitrary-file-upload vulnerability because the application fails to adequately sanitize user-supplied input. An attacker can exploit this issue to upload arbitrary code and run it in the context of the webserver process. QuiXplorer 2.3 is vulnerable; other versions may...