CVE-2018-20789

Product : tecrail Responsive FileManager 9.13.4. Vulnerability : path traversal mitigation bypass in the delete_folder action of execute.php, allowing a remote attacker to delete an arbitrary directory. Root cause : bypasses a path traversal check. Impact : arbitrary directory deletion as stated....

tecrail Responsive FileManager path traversal vulnerability (CNVD-2019-12901)

tecrail Responsive FileManager is an open source file manager written in PHP by the Italian company tecrail. The product supports the uploading and management of videos, images or other files. A path traversal vulnerability exists in the 'createfile' function of the execute.php file in version...

tecrail Responsive FileManager Cross-Site Scripting Vulnerability

tecrail Responsive FileManager is an open source file manager written in PHP by the Italian company tecrail. The product supports the uploading and management of videos, images or other files. A cross-site scripting vulnerability exists in version 9.13.4 of tecrail Responsive FileManager. A remot...

tecrail Responsive FileManager path traversal vulnerability (CNVD-2019-12902)

tecrail Responsive FileManager is an open source file manager written in PHP by the Italian company tecrail. The product supports the uploading and management of videos, images or other files. A path traversal vulnerability exists in the 'saveimg' function of the ajaxcalls.php file in version...

tecrail Responsive FileManager path traversal vulnerability (CNVD-2019-12903)

tecrail Responsive FileManager is an open source file manager written in PHP by the Italian company tecrail. The product supports the uploading and management of videos, images or other files. A path traversal vulnerability exists in tecrail Responsive FileManager version 9.13.4. A remote attacke...

tecrail Responsive FileManager path traversal vulnerability (CNVD-2019-12900)

tecrail Responsive FileManager is an open source file manager written in PHP by the Italian company tecrail. The product supports the uploading and management of videos, images or other files. A path traversal vulnerability exists in the 'getfile' function of the ajaxcalls.php file in version...

tecrail Responsive FileManager Arbitrary Directory Deletion Vulnerability

tecrail Responsive FileManager is an open source file manager written in PHP by the Italian company tecrail. The product supports the uploading and management of videos, images or other files. A security vulnerability exists in the 'deletefolder' function of the execute.php file in version 9.13.4...

Design/Logic Flaw

PHP Scripts Mall Responsive Video News Script has XSS via the Search Bar. This might, for example, be leveraged for HTML injection or URL redirection...

CVE-2019-8361

PHP Scripts Mall Responsive Video News Script has XSS via the Search Bar. This might, for example, be leveraged for HTML injection or URL redirection...

CVE-2019-8361

The CVE-2019-8361 vulnerability affects PHP Scripts Mall’s Responsive Video News Script, where an XSS flaw in the Search Bar could enable HTML injection or URL redirection. Public details describe the vulnerability but do not provide exploit code, affected versions, or explicit remediation in the...

Slims CMS Senayan Library Management System 7.0 Shell Upload

Exploit Title : Slims CMS Senayan Library Management System 7.0 Arbitrary File Upload Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Team Date : 13/02/2019 Vendor Homepage : slims.web.id Software Download Link : github.com/slims/...

Joomla LightGallery 1.2.1 SQL Injection

Exploit Title : Joomla LightGallery Components 1.2.1 SQL Injection Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 14/02/2019 Vendor Homepage : joompolitan.com Software Download Link : joompolitan.com/lightgallery.html...

WordPress Plugin TimeTable Responsive Schedule Information Disclosure Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. An information disclosure vulnerability exists in the WordPress plugin TimeTable Responsive Schedule. An attacker can exploit...

Responsive FileManager 9.13.4 - Multiple Vulnerabilities

Responsive FileManager 9.13.4 - Multiple Vulnerabilities Date: December 12, 2018 Author: farisv Vendor Homepage: https://www.responsivefilemanager.com/ Vulnerable Package Link: https://github.com/trippo/ResponsiveFilemanager/releases/download/v9.13.4/responsivefilemanager.zip Responsive FileManag...

WordPress TimeTable Responsive Schedule 5.4 Database Disclosure

Exploit Title : WordPress TimeTable Responsive Schedule Plugins 5.4 Database Backup Disclosure Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 08/12/2018 Vendor Homepage : wordpress.org codecanyon.net Software Download Link :...

Joomla Component Responsive eXtro jQuery Gallery 'filter_category' parameter SQL injection vulnerability

eXtro Responsive Gallery creates fully responsive galleries based on images stored in the server catalog. The module also creates optimized preview images based on settings. A SQL injection vulnerability exists in the 'filtercategory' parameter in Joomla Component Responsive eXtro jQuery Gallery...

School ERP Pro+Responsive 1.0 Arbitrary File Download

Exploit Title: School ERP Pro+Responsive 1.0 - Arbitrary File Download Dork: N/A Date: 2018-10-23 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.arox.in/ Software Link: https://sourceforge.net/projects/school-management-system-php/files/latest/download Software Link: http://erp.arox.in/...

School ERP Pro+Responsive 1.0 - fid SQL Injection

School ERP Pro+Responsive 1.0 - fid SQL Injection Exploit Title: School ERP Pro+Responsive 1.0 - 'fid' SQL Injection Dork: N/A Date: 2018-10-23 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.arox.in/ Software Link:...

School ERP Pro+Responsive 1.0 - Arbitrary File Download

School ERP Pro+Responsive 1.0 - Arbitrary File Download Exploit Title: School ERP Pro+Responsive 1.0 - Arbitrary File Download Dork: N/A Date: 2018-10-23 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.arox.in/ Software Link:...

School ERP Pro+Responsive 1.0 SQL Injection

Exploit Title: School ERP Pro+Responsive 1.0 - 'fid' SQL Injection Dork: N/A Date: 2018-10-23 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.arox.in/ Software Link: https://sourceforge.net/projects/school-management-system-php/files/latest/download Software Link: http://erp.arox.in/...