Lucene search
K

106 matches found

Prion
Prion
added 2020/02/10 1:15 p.m.16 views

Sql injection

paymentmanage.ajax.php and various manage.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.4 directly insert values from the sSortDir0 parameter into a SQL string. This allows an attacker to inject their own SQL and manipulate the query, typically extracting data from the database, aka SQL...

6.8CVSS7.3AI score0.01089EPSS
Exploits2References4Affected Software1
Prion
Prion
added 2020/02/10 1:15 p.m.17 views

Default credentials

MFScripts YetiShare v3.5.2 through v4.5.4 might allow an attacker to reset a password by using a leaked hash the hash never expires until used...

5CVSS9.4AI score0.01569EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2020/02/10 12:20 p.m.52 views

CVE-2019-20060

The CVE-2019-20060 issue affects MFScripts YetiShare, specifically versions 3.5.2 through 4.5.4. The root cause is that sensitive information is placed in the Referer header, which can be leaked to third parties. This exposure can reveal password-reset hashes, file-delete links, and other sensiti...

7.5CVSS7.4AI score0.01446EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2020/02/10 12:20 p.m.34 views

CVE-2019-20060

MFScripts YetiShare v3.5.2 through v4.5.4 places sensitive information in the Referer header. If this leaks, then third parties may discover password-reset hashes, file-delete links, or other sensitive information...

7.5AI score0.01446EPSS
Exploits0References3
Cvelist
Cvelist
added 2020/02/10 12:19 p.m.29 views

CVE-2019-20061

The user-introduction email in MFScripts YetiShare v3.5.2 through v4.5.4 may leak the system-picked password if this email is sent in cleartext. In other words, the user is not allowed to choose their own initial password...

7.5AI score0.009EPSS
Exploits0References3
CVE
CVE
added 2020/02/10 12:19 p.m.55 views

CVE-2019-20061

The CVE describes a vulnerability in MFScripts YetiShare (versions 3.5.2–4.5.4) where the user introduction email may disclose the system-generated initial password if sent in cleartext. Root cause: the initial password is not user-chosen, and sending it in plaintext enables leakage. Impact noted...

7.5CVSS7.5AI score0.009EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2020/02/10 12:17 p.m.23 views

CVE-2019-20062

MFScripts YetiShare v3.5.2 through v4.5.4 might allow an attacker to reset a password by using a leaked hash the hash never expires until used...

9.5AI score0.01569EPSS
Exploits0References3
CVE
CVE
added 2020/02/10 12:17 p.m.73 views

CVE-2019-20062

The CVE-2019-20062 vulnerability affects MFScripts YetiShare versions 3.5.2 through 4.5.4, where an attacker can reset a user password by leveraging a leaked hash that does not expire until used. The available connected documents (Red Hat advisory and NVD listing) confirm the affected product ran...

9.8CVSS9.3AI score0.01569EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2020/02/10 12:13 p.m.55 views

CVE-2019-20059

CVE-2019-20059 affects MFScripts YetiShare versions 3.5.2 through 4.5.4. The vulnerability arises because payment_manage.ajax.php and various *_manage.ajax.php directly insert values from the sSortDir_0 parameter into a SQL string, enabling SQL injection and potential data extraction. This issue ...

8.8CVSS7.3AI score0.00937EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2020/02/10 12:13 p.m.18 views

CVE-2019-20059

paymentmanage.ajax.php and various manage.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.4 directly insert values from the sSortDir0 parameter into a SQL string. This allows an attacker to inject their own SQL and manipulate the query, typically extracting data from the database, aka SQL...

7.7AI score0.00937EPSS
Exploits1References4
CNVD
CNVD
added 2019/12/31 12:0 a.m.3 views

MFScripts YetiShare SQL Injection Vulnerability

Mellow Fish YetiShare is a PHP-based file hosting web system script from Mellow Fish UK. A SQL injection vulnerability exists in the translationmanagetext.ajax.php and multiple manage.ajax.php files in Mellow Fish YetiShare versions 3.5.2 through 4.5.3. The vulnerability stems from a lack of...

7.2CVSS8.2AI score0.01089EPSS
Exploits1References1
CNVD
CNVD
added 2019/12/31 12:0 a.m.4 views

Unspecified Vulnerability in Mellow Fish YetiShare

Mellow Fish YetiShare is a PHP-based file hosting web system script from Mellow Fish UK. A security vulnerability exists in the accountforgotpassword.ajax.php file in Mellow Fish YetiShare versions 3.5.2 through 4.5.3. An attacker can exploit the vulnerability to enumerate user accounts by guessi...

5.3CVSS6.8AI score0.00993EPSS
Exploits0References1
CNVD
CNVD
added 2019/12/31 12:0 a.m.3 views

Mellow Fish YetiShare SQL Injection Vulnerability

Mellow Fish YetiShare is a PHP-based file hosting web system script from Mellow Fish UK. A SQL injection vulnerability exists in the accountmovefileinfolder.ajax.php file in Mellow Fish YetiShare version 3.5.2. The vulnerability stems from a database-based application that lacks validation of...

8.8CVSS8.2AI score0.01104EPSS
Exploits1References1
CNVD
CNVD
added 2019/12/31 12:0 a.m.2 views

Mellow Fish YetiShare Cross-Site Scripting Vulnerability

Mellow Fish YetiShare is a PHP-based file hosting web system script from Mellow Fish UK. A security vulnerability exists in Mellow Fish YetiShare versions 3.5.2 through 4.5.3, which stems from the program not setting the HttpOnly flag on session cookies. An attacker can exploit the vulnerability ...

6.1CVSS6.8AI score0.00608EPSS
Exploits0References1
CNVD
CNVD
added 2019/12/31 12:0 a.m.3 views

Mellow Fish YetiShare Information Disclosure Vulnerability (CNVD-2020-04700)

Mellow Fish YetiShare is a PHP-based file hosting web system script from Mellow Fish UK. An information disclosure vulnerability exists in Mellow Fish YetiShare versions 3.5.2 through 4.5.3, which stems from the program failing to set the Secure flag on session cookies, and can be exploited by an...

7.5CVSS6.3AI score0.00666EPSS
Exploits0References1
CNVD
CNVD
added 2019/12/31 12:0 a.m.3 views

Mellow Fish YetiShare Information Disclosure Vulnerability

Mellow Fish YetiShare is a PHP-based file hosting web system script from Mellow Fish UK. A security vulnerability exists in the accountforgotpassword.ajax.php file in Mellow Fish YetiShare versions 3.5.2 through 4.5.3. An attacker can exploit the vulnerability to enumerate user accounts by guessi...

5.3CVSS6.8AI score0.00993EPSS
Exploits0References1
CNVD
CNVD
added 2019/12/31 12:0 a.m.5 views

Unspecified Vulnerability in Mellow Fish YetiShare (CNVD-2020-00226)

Mellow Fish YetiShare is a PHP-based file hosting web system script from Mellow Fish UK. A security vulnerability exists in the class.userpeer.php file in Mellow Fish YetiShare versions 3.5.2 through 4.5.3, which stems from the program using an insecure method to create a password reset hash. An...

9.1CVSS7AI score0.00767EPSS
Exploits1References1
CNVD
CNVD
added 2019/12/31 12:0 a.m.2 views

Mellow Fish YetiShare Cross-Site Request Forgery Vulnerability

Mellow Fish YetiShare is a PHP-based file hosting web system script from Mellow Fish UK. A security vulnerability exists in Mellow Fish YetiShare versions 3.5.2 through 4.5.3, which stems from the program not setting the SameSite flag on session cookies. An attacker can exploit this vulnerability...

8.8CVSS6.8AI score0.00452EPSS
Exploits0References1
CNVD
CNVD
added 2019/12/31 12:0 a.m.4 views

MFScripts YetiShare Cross-Site Scripting Vulnerability

Mellow Fish YetiShare is a PHP-based file hosting web system script from Mellow Fish UK. A cross-site scripting vulnerability exists in the getallfileserverpaths.ajax.php file in Mellow Fish YetiShare versions 3.5.2 through 4.5.3. The vulnerability stems from a lack of proper validation of...

6.1CVSS6.4AI score0.0071EPSS
Exploits1References1
NVD
NVD
added 2019/12/30 6:15 p.m.22 views

CVE-2019-19805

accountforgotpassword.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.3 takes a different amount of time to return depending on whether an email address is configured for the account name provided. This can be used by an attacker to enumerate accounts by guessing email addresses...

5.3CVSS5.2AI score0.00993EPSS
Exploits0References1
Rows per page
Query Builder