Php Advanced Transfer Manager Security Vulnerabilities and Issues — Php Advanced Transfer Manager CVE List

Bugada AndreaPhp Advanced Transfer Manager

10 matches found

CVE•added 2005/09/20 4:0 a.m.•49 views

CVE-2005-3000

CVE-2005-3000 affects PHP Advanced Transfer Manager 1.30, with XSS vulnerabilities in viewers/txt.php. The vulnerability allows remote attackers to inject arbitrary script/HTML via the font, normalfontcolor, or mess[31] parameters, potentially affecting users who load the affected page. Root caus...

4.3CVSS6.1AI score0.00992EPSS

Web

CVE•added 2006/03/14 1:0 a.m.•49 views

CVE-2006-1209

The CVE concerns PHP Advanced Transfer Manager (versions 1.00–1.30). The root cause is insufficient access control that stores sensitive data (including password hashes) under the web root. This enables remote attackers to retrieve password hashes by directly requesting a users/[USERNAME] file. C...

5CVSS6.9AI score0.03315EPSS

Web

CVE•added 2006/09/06 10:0 p.m.•49 views

CVE-2006-4594

Affected product/versions: PHP Advanced Transfer Manager (phpATM) 1.21 and earlier. Vulnerability: Multiple remote PHP file inclusion via the include_location parameter in (1) confirm.php and (2) login.php, allowing remote code execution. The index.php vector is already covered by CVE-2005-1681. ...

7.5CVSS7.7AI score0.02425EPSS

CVE•added 2005/09/20 4:0 a.m.•48 views

CVE-2005-2997

CVE-2005-2997 affects PHP Advanced Transfer Manager 1.30. The vulnerability is a directory traversal flaw allowing remote attackers to read arbitrary files via .. sequences in the following parameters: currentdir to txt.php, current_dir to htm.php, or current_dir to html.php. This results in pote...

5CVSS7.4AI score0.01549EPSS

CVE•added 2006/09/13 10:0 p.m.•48 views

CVE-2006-4749

CVE-2006-4749 describes multiple PHP remote file inclusion vulnerabilities in PHP Advanced Transfer Manager (phpATM) 1.20 and earlier. The flaw allows remote attackers to execute arbitrary PHP code via the include_location parameter in files including activate.php, configure.php, fileop.php, geti...

7.5CVSS7.6AI score0.02132EPSS

CVE•added 2005/09/20 4:0 a.m.•45 views

CVE-2005-2998

CVE-2005-2998 affects PHP Advanced Transfer Manager 1.30. The vulnerability involves a default administrator password that allows remote attackers to upload and execute arbitrary PHP files. Impact is described overall as partial confidentiality, integrity, and availability. No explicit remediatio...

7.5CVSS8AI score0.01449EPSS

CVE•added 2005/09/20 4:0 a.m.•45 views

CVE-2005-2999

Technical details about CVE-2005-2999 are not publicly provided in the supplied documents. Monitor for updates from official advisories for affected products, impact, and remediation.

5CVSS6.7AI score0.01181EPSS

CVE•added 2005/05/16 4:0 a.m.•43 views

CVE-2005-1604

CVE-2005-1604 affects PHP Advanced Transfer Manager (phpATM) 1.21. The vulnerability allows remote attackers to upload arbitrary files by crafting a filename with multiple extensions (e.g., ending in php.ns), enabling execution of arbitrary PHP code on the server. Connected sources corroborate a ...

7.5CVSS7.1AI score0.05097EPSS

CVE•added 2005/05/25 4:0 a.m.•41 views

CVE-2005-1681

CVE-2005-1681 affects phpATM 1.21 (and possibly earlier) where a PHP remote file inclusion flaw in common.php allows an attacker to execute arbitrary PHP code via a URL in the include_location parameter to index.php. The vulnerability (root cause: include_location-driven RFI in index.php) enables...

7.5CVSS7.7AI score0.06562EPSS

CVE•added 2007/05/14 11:0 p.m.•40 views

CVE-2007-2659

CVE-2007-2659 describes a directory traversal vulnerability in PHP Advanced Transfer Manager (phpATM) v1.30. The flaw is in the index.php file, in the downloadfile action, where an attacker can manipulate the directory parameter using ".." to access arbitrary files, potentially exposing script so...

5CVSS6.9AI score0.06697EPSS