EUVD-2019-9293

Malware in sbrugna...

EUVD-2019-9295

Malware in sbrugna...

CVE-2019-19683

RoxyFileman, as shipped with nopCommerce v4.2.0, is vulnerable to ../ path traversal via d or f to Admin/RoxyFileman/ProcessRequest because of Libraries/Nop.Services/Media/RoxyFileman/FileRoxyFilemanService.cs...

CVE-2019-19685

RoxyFileman, as shipped with nopCommerce v4.2.0, is vulnerable to CSRF because GET requests can be used for renames and deletions...

nopCommerce Path Traversal Vulnerability

nopCommerce is an open source e-commerce shopping cart software. roxy Fileman is a free open source file browser for .NET and PHP , can be integrated into the CKEditor and TinyMCE WYSIWYG html editor . Roxy Fileman used in nopCommerce 4.2.0 suffers from . /path traversal vulnerability can be...

CVE-2019-19683

RoxyFileman, as shipped with nopCommerce v4.2.0, is vulnerable to ../ path traversal via d or f to Admin/RoxyFileman/ProcessRequest because of Libraries/Nop.Services/Media/RoxyFileman/FileRoxyFilemanService.cs...

CVE-2019-19683

RoxyFileman, as shipped with nopCommerce v4.2.0, is vulnerable to ../ path traversal via d or f to Admin/RoxyFileman/ProcessRequest because of Libraries/Nop.Services/Media/RoxyFileman/FileRoxyFilemanService.cs...

CVE-2019-19685

RoxyFileman, as shipped with nopCommerce v4.2.0, is vulnerable to CSRF because GET requests can be used for renames and deletions...

CVE-2019-19685

RoxyFileman, as shipped with nopCommerce v4.2.0, is vulnerable to CSRF because GET requests can be used for renames and deletions...

Design/Logic Flaw

RoxyFileman, as shipped with nopCommerce v4.2.0, is vulnerable to CSRF because GET requests can be used for renames and deletions...

Path traversal

RoxyFileman, as shipped with nopCommerce v4.2.0, is vulnerable to ../ path traversal via d or f to Admin/RoxyFileman/ProcessRequest because of Libraries/Nop.Services/Media/RoxyFileman/FileRoxyFilemanService.cs...

CVE-2019-19685

CVE-2019-19685 concerns a CSRF flaw in RoxyFileman shipped with nopCommerce v4.2.0. The issue arises because GET requests can perform state-changing actions (renames and deletions), enabling an attacker to induce unintended requests from an authenticated user. The affected component is RoxyFilema...

CVE-2019-19685

RoxyFileman, as shipped with nopCommerce v4.2.0, is vulnerable to CSRF because GET requests can be used for renames and deletions...

CVE-2019-19683

CVE-2019-19683 affects nopCommerce v4.2.0 when using RoxyFileman. The issue is a path traversal vulnerability: an attacker can exploit ../ traversal via d or f to reach Admin/RoxyFileman/ProcessRequest due to the implementation in Libraries/Nop.Services/Media/RoxyFileman/FileRoxyFilemanService.cs...

CVE-2019-19683

RoxyFileman, as shipped with nopCommerce v4.2.0, is vulnerable to ../ path traversal via d or f to Admin/RoxyFileman/ProcessRequest because of Libraries/Nop.Services/Media/RoxyFileman/FileRoxyFilemanService.cs...