16 matches found
CVE-2023-53888
Zomplog 3.9 contains a remote code execution vulnerability that allows authenticated attackers to inject and execute arbitrary PHP code through file manipulation endpoints. Attackers can upload files such as JavaScript and rename them to .php via the saveE and rename actions, then execute the...
CVE-2023-53888
Zomplog 3.9 contains a remote code execution vulnerability that allows authenticated attackers to inject and execute arbitrary PHP code through file manipulation endpoints. Attackers can upload malicious JavaScript files, rename them to PHP, and execute system commands by exploiting the saveE and...
CVE-2023-53888 Zomplog 3.9 Remote Code Execution via Authenticated File Manipulation
Zomplog 3.9 contains a remote code execution vulnerability that allows authenticated attackers to inject and execute arbitrary PHP code through file manipulation endpoints. Attackers can upload files such as JavaScript and rename them to .php via the saveE and rename actions, then execute the...
CVE-2023-53888
CVE-2023-53888 affects Zomplog 3.9. An authenticated attacker can upload JavaScript files, rename them to PHP, and trigger arbitrary PHP code execution via the app’s file-manipulation endpoints (saveE and rename actions). The vulnerability originates from the authenticated file manipulation workf...
EUVD-2014-9070
Malware in sbrugna...
EUVD-2019-3185
Malware in sbrugna...
CVE-2019-11513
The File Manager in CMS Made Simple through 2.2.10 has Reflected XSS via the "New name" field in a Rename action...
CVE-2019-11513
The File Manager in CMS Made Simple through 2.2.10 has Reflected XSS via the "New name" field in a Rename action...
Design/Logic Flaw
The File Manager in CMS Made Simple through 2.2.10 has Reflected XSS via the "New name" field in a Rename action...
CVE-2019-11513
The File Manager in CMS Made Simple through 2.2.10 has Reflected XSS via the "New name" field in a Rename action...
CVE-2019-11513
The File Manager in CMS Made Simple through 2.2.10 has Reflected XSS via the "New name" field in a Rename action...
CVE-2018-9134
filemanagecontrol.php in DedeCMS 5.7 has CSRF in an fmdo=rename action, as demonstrated by renaming an arbitrary file under uploads/userup to a .php file under the web root to achieve PHP code execution. This uses the oldfilename and newfilename parameters...
CVE-2015-2925
The prependpath function in fs/dcache.c in the Linux kernel before 4.2.4 does not properly handle rename actions inside a bind mount, which allows local users to bypass an intended container protection mechanism by renaming a directory, related to a "double-chroot attack."...
Cross site scripting
Cross-site scripting XSS vulnerability in components/filemanager/dialog.php in Codiad 2.4.3 allows remote attackers to inject arbitrary web script or HTML via the shortname parameter in a rename action. NOTE: this issue was originally incorrectly mapped to CVE-2014-1137; see CVE-2014-1137 for mor...
Design/Logic Flaw
Zenoss Core through 5 Beta 3 allows remote attackers to obtain sensitive information by attempting a product-rename action with an invalid new name and then reading a stack trace, as demonstrated by internal URL information, aka ZEN-15382...
CVE-2014-9245
Zenoss Core through 5 Beta 3 allows remote attackers to obtain sensitive information by attempting a product-rename action with an invalid new name and then reading a stack trace, as demonstrated by internal URL information, aka ZEN-15382...