Roxy Fileman 1.4.5 - Unrestricted File Upload

Roxy Fileman 1.4.5 is susceptible to unrestricted file upload via upload.php. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. id: CVE-2018-20526 info: name: Roxy Fileman 1.4.5 -...

EUVD-2019-16718

Malware in sbrugna...

EUVD-2018-4025

Malware in sbrugna...

EUVD-2022-44063

Malicious code in bioql PyPI...

VulnCheck KEV: CVE-2018-20526

Roxy Fileman 1.4.5 allows unrestricted file upload in upload.php...

CVE-2022-40797

Roxy Fileman 1.4.6 allows Remote Code Execution via a .phar upload, because the default FORBIDDENUPLOADS value in conf.json only blocks .php, .php4, and .php5 files. Visiting any .phar file invokes the PHP interpreter in some realistic web-server configurations...

CVE-2018-20525

Roxy Fileman 1.4.5 allows Directory Traversal in copydir.php, copyfile.php, and fileslist.php...

CVE-2018-12042

Roxy Fileman through v1.4.5 has Directory traversal via the php/download.php f parameter...

CVE-2018-20526

Roxy Fileman 1.4.5 allows unrestricted file upload in upload.php...

Roxy Fileman 1.4.5 - Arbitrary File Upload

Exploit Title: Roxy Fileman 1.4.5 - Arbitrary File Upload Date: 09/04/2023 Exploit Author: Zer0FauLT [email protected] Vendor Homepage: roxyfileman.com Software Link: https://web.archive.org/web/20190317053437/http://roxyfileman.com/download.php?f=1.4.5-net Version: = 1.4.5 Tested on: Window...

Roxy Fileman 1.4.5 - Arbitrary File Upload Vulnerability

Exploit Title: Roxy Fileman 1.4.5 - Arbitrary File Upload Exploit Author: Zer0FauLT email protected Vendor Homepage: roxyfileman.com Software Link: https://web.archive.org/web/20190317053437/http://roxyfileman.com/download.php?f=1.4.5-net Version: = 1.4.5 Tested on: Windows 10 and Windows Server...

Roxy Fileman 1.4.6 Remote Shell Upload Exploit

Exploit Title: Roxy Fileman Vendor Homepage: roxyfileman.com Software Link: https://web.archive.org/web/20210126213412/https://roxyfileman.com/download.php?f=1.4.6-php Version: \t\n' banner += '\t\t\t\t\t\t\n' banner += '\n' parser = OptionParser parser.addoption"-u", "--url", dest="url", help="u...

Roxy Fileman 1.4.6 Remote Shell Upload

Exploit Title: Roxy Fileman Vendor Homepage: roxyfileman.com Software Link: https://web.archive.org/web/20210126213412/https://roxyfileman.com/download.php?f=1.4.6-php Version: \t\n' banner += '\t\t\t\t\t\t\n' banner += '\n' parser = OptionParser parser.addoption"-u", "--url", dest="url", help="u...

CVE-2022-40797

Roxy Fileman 1.4.6 allows Remote Code Execution via a .phar upload, because the default FORBIDDENUPLOADS value in conf.json only blocks .php, .php4, and .php5 files. Visiting any .phar file invokes the PHP interpreter in some realistic web-server configurations...

CVE-2022-40797

Roxy Fileman 1.4.6 allows Remote Code Execution via a .phar upload, because the default FORBIDDENUPLOADS value in conf.json only blocks .php, .php4, and .php5 files. Visiting any .phar file invokes the PHP interpreter in some realistic web-server configurations...

Design/Logic Flaw

Roxy Fileman 1.4.6 allows Remote Code Execution via a .phar upload, because the default FORBIDDENUPLOADS value in conf.json only blocks .php, .php4, and .php5 files. Visiting any .phar file invokes the PHP interpreter in some realistic web-server configurations...

CVE-2022-40797

CVE-2022-40797 affects Roxy Fileman 1.4.6. The vulnerability is a remote code execution via uploading a .phar file, because conf.json’s FORBIDDEN_UPLOADS setting only blocks .php, .php4, and .php5. In some web-server configurations visiting a .phar file can execute the PHP interpreter, enabling a...

CVE-2022-40797

Roxy Fileman 1.4.6 allows Remote Code Execution via a .phar upload, because the default FORBIDDENUPLOADS value in conf.json only blocks .php, .php4, and .php5 files. Visiting any .phar file invokes the PHP interpreter in some realistic web-server configurations...

CVE-2022-40797

Roxy Fileman 1.4.6 allows Remote Code Execution via a .phar upload, because the default FORBIDDENUPLOADS value in conf.json only blocks .php, .php4, and .php5 files. Visiting any .phar file invokes the PHP interpreter in some realistic web-server configurations...

PT-2022-25541 · Unknown · Roxy Fileman

Name of the Vulnerable Software and Affected Versions: Roxy Fileman version 1.4.6 Description: The issue allows Remote Code Execution via a .phar upload. This is because the default FORBIDDEN UPLOADS value in conf.json only blocks .php, .php4, and .php5 files. In some web-server configurations,...