80 matches found
CVE-2018-18867
An SSRF issue was discovered in tecrail Responsive FileManager 9.13.4 via the upload.php url parameter. NOTE: this issue exists because of an incomplete fix for CVE-2018-15495...
CVE-2018-18867
An SSRF issue was discovered in tecrail Responsive FileManager 9.13.4 via the upload.php url parameter. NOTE: this issue exists because of an incomplete fix for CVE-2018-15495...
CVE-2018-18867
CVE-2018-18867 is an SSRF vulnerability in tecrail Responsive FileManager (version 9.13.4) exploitable via the upload.php url parameter. This issue is noted to stem from an incomplete fix for CVE-2018-15495, which itself allowed Directory Traversal and SSRF because the url parameter was used dire...
CVE-2018-18867
An SSRF issue was discovered in tecrail Responsive FileManager 9.13.4 via the upload.php url parameter. NOTE: this issue exists because of an incomplete fix for CVE-2018-15495...
CVE-2018-18062
An issue was discovered in dialog.php in tecrail Responsive FileManager 9.8.1. A reflected XSS vulnerability allows remote attackers to inject arbitrary web script or HTML...
CVE-2018-18062
An issue was discovered in dialog.php in tecrail Responsive FileManager 9.8.1. A reflected XSS vulnerability allows remote attackers to inject arbitrary web script or HTML...
CVE-2018-18061
An issue was discovered in dialog.php in tecrail Responsive FileManager 9.8.1. Attackers can access the file manager interface that provides them with the ability to upload and delete files...
Cross site scripting
An issue was discovered in dialog.php in tecrail Responsive FileManager 9.8.1. A reflected XSS vulnerability allows remote attackers to inject arbitrary web script or HTML...
CVE-2018-18062
The CVE-2018-18062 entry concerns tecrail Responsive FileManager 9.8.1, specifically a vulnerability in dialog.php that enables reflected XSS. An attacker can craft a URL to cause the hosting site's context to execute arbitrary script/HTML in a victim’s browser, potentially stealing cookie-based ...
CVE-2018-18061
Summary (CVE-2018-18061): Tecral/Responsive FileManager 9.8.1 exposes an authentication bypass in its dialog.php, allowing remote attackers to access the file-management interface and perform file upload, edit, and delete actions. Concrete PoC references show that a secretkey parameter can bypass...
tecrail Responsive FileManager Path Traversal Vulnerability
tecrail Responsive FileManager is an open source file manager written in PHP by the Italian company tecrail that supports the uploading and management of videos, images and other files. A directory traversal vulnerability exists in the /filemanager/ajaxcalls.php file in versions of tecrail...
tecrail Responsive FileManager Arbitrary File Overwrite Vulnerability
tecrail Responsive FileManager is an open source file manager written in PHP by the Italian company tecrail that supports the uploading and management of videos, images and other files. An arbitrary file overwrite vulnerability exists in the /filemanager/ajaxcalls.php file in versions of tecrail...
CVE-2018-15536
/filemanager/ajaxcalls.php in tecrail Responsive FileManager before 9.13.4 does not properly validate file paths in archives, allowing for the extraction of crafted archives to overwrite arbitrary files via an extract action, aka Directory Traversal...
CVE-2018-15536
/filemanager/ajaxcalls.php in tecrail Responsive FileManager before 9.13.4 does not properly validate file paths in archives, allowing for the extraction of crafted archives to overwrite arbitrary files via an extract action, aka Directory Traversal...
CVE-2018-15535
/filemanager/ajaxcalls.php in tecrail Responsive FileManager before 9.13.4 uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize getfile sequences such as ".." that can resolve to a location that is outside of that directory,...
CVE-2018-15535
/filemanager/ajaxcalls.php in tecrail Responsive FileManager before 9.13.4 uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize getfile sequences such as ".." that can resolve to a location that is outside of that directory,...
Directory traversal
/filemanager/ajaxcalls.php in tecrail Responsive FileManager before 9.13.4 uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize getfile sequences such as ".." that can resolve to a location that is outside of that directory,...
CVE-2018-15536
/filemanager/ajaxcalls.php in tecrail Responsive FileManager before 9.13.4 does not properly validate file paths in archives, allowing for the extraction of crafted archives to overwrite arbitrary files via an extract action, aka Directory Traversal...
CVE-2018-15535
/filemanager/ajaxcalls.php in tecrail Responsive FileManager before 9.13.4 uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize getfile sequences such as ".." that can resolve to a location that is outside of that directory,...
CVE-2018-15536
CVE-2018-15536 affects tecrail Responsive FileManager prior to 9.13.4. The /filemanager/ajax_calls.php file does not properly validate file paths in archives, permitting a crafted archive extraction that overwrites arbitrary files (directory traversal). Public disclosures and exploits reference p...