Lucene search
+L

80 matches found

NVD
NVD
added 2018/10/31 5:29 a.m.25 views

CVE-2018-18867

An SSRF issue was discovered in tecrail Responsive FileManager 9.13.4 via the upload.php url parameter. NOTE: this issue exists because of an incomplete fix for CVE-2018-15495...

8.6CVSS7.8AI score0.01503EPSS
Exploits1References1
OSV
OSV
added 2018/10/31 5:29 a.m.14 views

CVE-2018-18867

An SSRF issue was discovered in tecrail Responsive FileManager 9.13.4 via the upload.php url parameter. NOTE: this issue exists because of an incomplete fix for CVE-2018-15495...

8.6CVSS7AI score
Exploits0References1
CVE
CVE
added 2018/10/31 5:0 a.m.43 views

CVE-2018-18867

CVE-2018-18867 is an SSRF vulnerability in tecrail Responsive FileManager (version 9.13.4) exploitable via the upload.php url parameter. This issue is noted to stem from an incomplete fix for CVE-2018-15495, which itself allowed Directory Traversal and SSRF because the url parameter was used dire...

8.6CVSS7.7AI score0.01503EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2018/10/31 5:0 a.m.28 views

CVE-2018-18867

An SSRF issue was discovered in tecrail Responsive FileManager 9.13.4 via the upload.php url parameter. NOTE: this issue exists because of an incomplete fix for CVE-2018-15495...

7.9AI score0.01503EPSS
Exploits1References1
OSV
OSV
added 2018/10/10 9:29 p.m.5 views

CVE-2018-18062

An issue was discovered in dialog.php in tecrail Responsive FileManager 9.8.1. A reflected XSS vulnerability allows remote attackers to inject arbitrary web script or HTML...

6.1CVSS5.9AI score0.00813EPSS
Exploits3References1
NVD
NVD
added 2018/10/10 9:29 p.m.26 views

CVE-2018-18062

An issue was discovered in dialog.php in tecrail Responsive FileManager 9.8.1. A reflected XSS vulnerability allows remote attackers to inject arbitrary web script or HTML...

6.1CVSS6AI score0.00813EPSS
Exploits3References1
NVD
NVD
added 2018/10/10 9:29 p.m.28 views

CVE-2018-18061

An issue was discovered in dialog.php in tecrail Responsive FileManager 9.8.1. Attackers can access the file manager interface that provides them with the ability to upload and delete files...

7.5CVSS7.5AI score0.0091EPSS
Exploits3References1
Prion
Prion
added 2018/10/10 9:29 p.m.20 views

Cross site scripting

An issue was discovered in dialog.php in tecrail Responsive FileManager 9.8.1. A reflected XSS vulnerability allows remote attackers to inject arbitrary web script or HTML...

4.3CVSS6AI score0.00813EPSS
Exploits3References1Affected Software1
CVE
CVE
added 2018/10/10 9:0 p.m.48 views

CVE-2018-18062

The CVE-2018-18062 entry concerns tecrail Responsive FileManager 9.8.1, specifically a vulnerability in dialog.php that enables reflected XSS. An attacker can craft a URL to cause the hosting site's context to execute arbitrary script/HTML in a victim’s browser, potentially stealing cookie-based ...

6.1CVSS5.9AI score0.00813EPSS
Exploits3References1Affected Software1
CVE
CVE
added 2018/10/10 9:0 p.m.57 views

CVE-2018-18061

Summary (CVE-2018-18061): Tecral/Responsive FileManager 9.8.1 exposes an authentication bypass in its dialog.php, allowing remote attackers to access the file-management interface and perform file upload, edit, and delete actions. Concrete PoC references show that a secretkey parameter can bypass...

7.5CVSS7.5AI score0.0091EPSS
Exploits3References1Affected Software1
CNVD
CNVD
added 2018/08/27 12:0 a.m.6 views

tecrail Responsive FileManager Path Traversal Vulnerability

tecrail Responsive FileManager is an open source file manager written in PHP by the Italian company tecrail that supports the uploading and management of videos, images and other files. A directory traversal vulnerability exists in the /filemanager/ajaxcalls.php file in versions of tecrail...

7.5CVSS6.4AI score0.45242EPSS
Exploits5References1
CNVD
CNVD
added 2018/08/27 12:0 a.m.6 views

tecrail Responsive FileManager Arbitrary File Overwrite Vulnerability

tecrail Responsive FileManager is an open source file manager written in PHP by the Italian company tecrail that supports the uploading and management of videos, images and other files. An arbitrary file overwrite vulnerability exists in the /filemanager/ajaxcalls.php file in versions of tecrail...

5.8CVSS5.7AI score0.0641EPSS
Exploits5References1
OSV
OSV
added 2018/08/24 7:29 p.m.13 views

CVE-2018-15536

/filemanager/ajaxcalls.php in tecrail Responsive FileManager before 9.13.4 does not properly validate file paths in archives, allowing for the extraction of crafted archives to overwrite arbitrary files via an extract action, aka Directory Traversal...

5.5CVSS6.9AI score
Exploits0References2
NVD
NVD
added 2018/08/24 7:29 p.m.16 views

CVE-2018-15536

/filemanager/ajaxcalls.php in tecrail Responsive FileManager before 9.13.4 does not properly validate file paths in archives, allowing for the extraction of crafted archives to overwrite arbitrary files via an extract action, aka Directory Traversal...

5.8CVSS5.5AI score0.0641EPSS
Exploits5References2
NVD
NVD
added 2018/08/24 7:29 p.m.18 views

CVE-2018-15535

/filemanager/ajaxcalls.php in tecrail Responsive FileManager before 9.13.4 uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize getfile sequences such as ".." that can resolve to a location that is outside of that directory,...

7.5CVSS7.4AI score0.45242EPSS
Exploits5References2
OSV
OSV
added 2018/08/24 7:29 p.m.18 views

CVE-2018-15535

/filemanager/ajaxcalls.php in tecrail Responsive FileManager before 9.13.4 uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize getfile sequences such as ".." that can resolve to a location that is outside of that directory,...

7.5CVSS6.6AI score
Exploits0References2
Prion
Prion
added 2018/08/24 7:29 p.m.16 views

Directory traversal

/filemanager/ajaxcalls.php in tecrail Responsive FileManager before 9.13.4 uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize getfile sequences such as ".." that can resolve to a location that is outside of that directory,...

5CVSS7.3AI score0.45242EPSS
Exploits5References2Affected Software1
Cvelist
Cvelist
added 2018/08/24 7:0 p.m.20 views

CVE-2018-15536

/filemanager/ajaxcalls.php in tecrail Responsive FileManager before 9.13.4 does not properly validate file paths in archives, allowing for the extraction of crafted archives to overwrite arbitrary files via an extract action, aka Directory Traversal...

6.2AI score0.0641EPSS
Exploits5References2
Cvelist
Cvelist
added 2018/08/24 7:0 p.m.20 views

CVE-2018-15535

/filemanager/ajaxcalls.php in tecrail Responsive FileManager before 9.13.4 uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize getfile sequences such as ".." that can resolve to a location that is outside of that directory,...

7.4AI score0.45242EPSS
Exploits5References2
CVE
CVE
added 2018/08/24 7:0 p.m.75 views

CVE-2018-15536

CVE-2018-15536 affects tecrail Responsive FileManager prior to 9.13.4. The /filemanager/ajax_calls.php file does not properly validate file paths in archives, permitting a crafted archive extraction that overwrites arbitrary files (directory traversal). Public disclosures and exploits reference p...

5.8CVSS5.8AI score0.0641EPSS
Exploits5References2Affected Software1
Rows per page
Query Builder