104 matches found
Cross site scripting
An issue was discovered in dialog.php in tecrail Responsive FileManager 9.8.1. A reflected XSS vulnerability allows remote attackers to inject arbitrary web script or HTML...
CVE-2018-18062
The CVE-2018-18062 entry concerns tecrail Responsive FileManager 9.8.1, specifically a vulnerability in dialog.php that enables reflected XSS. An attacker can craft a URL to cause the hosting site's context to execute arbitrary script/HTML in a victim’s browser, potentially stealing cookie-based ...
CVE-2018-18061
Summary (CVE-2018-18061): Tecral/Responsive FileManager 9.8.1 exposes an authentication bypass in its dialog.php, allowing remote attackers to access the file-management interface and perform file upload, edit, and delete actions. Concrete PoC references show that a secretkey parameter can bypass...
Responsive Filemanager Authentication Bypass Vulnerability
Responsive FileManager is an open source file manager written in PHP that supports uploading and managing videos, images and other files. An authentication bypass vulnerability exists in Responsive Filemanager version 9.8.1 that allows an attacker to access the file management interface, which...
Responsive Filemanager Cross-Site Scripting Vulnerability
Responsive FileManager is an open source file manager written in PHP that supports uploading and managing videos, images and other files. A cross-site scripting vulnerability exists in Responsive Filemanager version 9.8.1, which can be exploited by a remote attacker to execute script in a victim'...
Responsive Filemanager 9.8.1 Cross Site Scripting
I. VULNERABILITY ------------------------- Responsive Filemanager 9.8.1 Reflected Cross Site Scripting XSS II. CVE REFERENCE ------------------------- CVE-2018-18062 III. VENDOR ------------------------- https://www.responsivefilemanager.com IV. REFERENCES -------------------------...
Responsive Filemanager 9.8.1 Authentication Bypass
I. VULNERABILITY ------------------------- Responsive Filemanager 9.8.1 Authentication Bypass II. CVE REFERENCE ------------------------- CVE-2018-18061 III. VENDOR ------------------------- https://www.responsivefilemanager.com IV. REFERENCES -------------------------...
Responsive FileManager < 9.13.4 - Directory Traversal
Exploit for php platform in category web applications The following vulnerabilities were fixed in the version 9.13.4. https://responsivefilemanager.com 1 Path Traversal Allows to Read Any File Reserved CVE: CVE-2018-15535 Discovered By: Simon Uvarov Vendor Status: Fixed Details: The following...
Responsive FileManager 9.13.4 - Directory Traversal
Responsive FileManager 9.13.4 - Directory Traversal The following vulnerabilities were fixed in the version 9.13.4. https://responsivefilemanager.com 1 Path Traversal Allows to Read Any File Reserved CVE: CVE-2018-15535 Discovered By: Simon Uvarov Vendor Status: Fixed Details: The following reque...
tecrail Responsive FileManager Path Traversal Vulnerability
tecrail Responsive FileManager is an open source file manager written in PHP by the Italian company tecrail that supports the uploading and management of videos, images and other files. A directory traversal vulnerability exists in the /filemanager/ajaxcalls.php file in versions of tecrail...
CVE-2018-15535
/filemanager/ajaxcalls.php in tecrail Responsive FileManager before 9.13.4 uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize getfile sequences such as ".." that can resolve to a location that is outside of that directory,...
CVE-2018-15536
/filemanager/ajaxcalls.php in tecrail Responsive FileManager before 9.13.4 does not properly validate file paths in archives, allowing for the extraction of crafted archives to overwrite arbitrary files via an extract action, aka Directory Traversal...
Directory traversal
/filemanager/ajaxcalls.php in tecrail Responsive FileManager before 9.13.4 does not properly validate file paths in archives, allowing for the extraction of crafted archives to overwrite arbitrary files via an extract action, aka Directory Traversal...
CVE-2018-15536
CVE-2018-15536 affects tecrail Responsive FileManager prior to 9.13.4. The /filemanager/ajax_calls.php file does not properly validate file paths in archives, permitting a crafted archive extraction that overwrites arbitrary files (directory traversal). Public disclosures and exploits reference p...
CVE-2018-15535
/filemanager/ajaxcalls.php in tecrail Responsive FileManager before 9.13.4 uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize getfile sequences such as ".." that can resolve to a location that is outside of that directory,...
CVE-2018-15536
/filemanager/ajaxcalls.php in tecrail Responsive FileManager before 9.13.4 does not properly validate file paths in archives, allowing for the extraction of crafted archives to overwrite arbitrary files via an extract action, aka Directory Traversal...
Responsive FileManager 9.13.4 Path Traversal
The following vulnerabilities were fixed in the version 9.13.4. https://responsivefilemanager.com 1 Path Traversal Allows to Read Any File Reserved CVE: CVE-2018-15535 Discovered By: Simon Uvarov Vendor Status: Fixed Details: The following request allows a user to read any file on the system. GET...
CVE-2018-15495
/filemanager/upload.php in Responsive FileManager before 9.13.3 allows Directory Traversal and SSRF because the url parameter is used directly in a curlexec call, as demonstrated by a file:///etc/passwd value...
CVE-2018-15495
/filemanager/upload.php in Responsive FileManager before 9.13.3 allows Directory Traversal and SSRF because the url parameter is used directly in a curlexec call, as demonstrated by a file:///etc/passwd value...
CVE-2018-15495
CVE-2018-15495 affects Responsive FileManager prior to 9.13.3. The vulnerability allows Directory Traversal and SSRF because the url parameter is used directly in a curl_exec call, demonstrated by file:///etc/passwd. Several connected records (OSV and related entries) note that a fix existed but ...