15 matches found
EUVD-2019-9295
Malware in sbrugna...
EUVD-2019-9293
Malware in sbrugna...
CVE-2019-19683
RoxyFileman, as shipped with nopCommerce v4.2.0, is vulnerable to ../ path traversal via d or f to Admin/RoxyFileman/ProcessRequest because of Libraries/Nop.Services/Media/RoxyFileman/FileRoxyFilemanService.cs...
CVE-2019-19685
RoxyFileman, as shipped with nopCommerce v4.2.0, is vulnerable to CSRF because GET requests can be used for renames and deletions...
nopCommerce Path Traversal Vulnerability
nopCommerce is an open source e-commerce shopping cart software. roxy Fileman is a free open source file browser for .NET and PHP , can be integrated into the CKEditor and TinyMCE WYSIWYG html editor . Roxy Fileman used in nopCommerce 4.2.0 suffers from . /path traversal vulnerability can be...
CVE-2019-19683
RoxyFileman, as shipped with nopCommerce v4.2.0, is vulnerable to ../ path traversal via d or f to Admin/RoxyFileman/ProcessRequest because of Libraries/Nop.Services/Media/RoxyFileman/FileRoxyFilemanService.cs...
CVE-2019-19685
RoxyFileman, as shipped with nopCommerce v4.2.0, is vulnerable to CSRF because GET requests can be used for renames and deletions...
CVE-2019-19685
RoxyFileman, as shipped with nopCommerce v4.2.0, is vulnerable to CSRF because GET requests can be used for renames and deletions...
CVE-2019-19683
RoxyFileman, as shipped with nopCommerce v4.2.0, is vulnerable to ../ path traversal via d or f to Admin/RoxyFileman/ProcessRequest because of Libraries/Nop.Services/Media/RoxyFileman/FileRoxyFilemanService.cs...
Path traversal
RoxyFileman, as shipped with nopCommerce v4.2.0, is vulnerable to ../ path traversal via d or f to Admin/RoxyFileman/ProcessRequest because of Libraries/Nop.Services/Media/RoxyFileman/FileRoxyFilemanService.cs...
Design/Logic Flaw
RoxyFileman, as shipped with nopCommerce v4.2.0, is vulnerable to CSRF because GET requests can be used for renames and deletions...
CVE-2019-19685
RoxyFileman, as shipped with nopCommerce v4.2.0, is vulnerable to CSRF because GET requests can be used for renames and deletions...
CVE-2019-19685
CVE-2019-19685 concerns a CSRF flaw in RoxyFileman shipped with nopCommerce v4.2.0. The issue arises because GET requests can perform state-changing actions (renames and deletions), enabling an attacker to induce unintended requests from an authenticated user. The affected component is RoxyFilema...
CVE-2019-19683
RoxyFileman, as shipped with nopCommerce v4.2.0, is vulnerable to ../ path traversal via d or f to Admin/RoxyFileman/ProcessRequest because of Libraries/Nop.Services/Media/RoxyFileman/FileRoxyFilemanService.cs...
CVE-2019-19683
CVE-2019-19683 affects nopCommerce v4.2.0 when using RoxyFileman. The issue is a path traversal vulnerability: an attacker can exploit ../ traversal via d or f to reach Admin/RoxyFileman/ProcessRequest due to the implementation in Libraries/Nop.Services/Media/RoxyFileman/FileRoxyFilemanService.cs...