Php Advanced Transfer Manager Security Vulnerabilities and Issues — Php Advanced Transfer Manager CVE List

Lucene search

Bugada AndreaPhp Advanced Transfer Manager

10 matches found

CVE•added 2005/09/20 10:3 p.m.•39 views

CVE-2005-3000

Multiple cross-site scripting (XSS) vulnerabilities in viewers/txt.php in PHP Advanced Transfer Manager 1.30 allow remote attackers to inject arbitrary web script or HTML via the (1) font, (2) normalfontcolor, or (3) mess[31] parameters.

4.3CVSS6.1AI score0.00351EPSS

CVE•added 2005/09/20 10:3 p.m.•38 views

CVE-2005-2997

Multiple directory traversal vulnerabilities in PHP Advanced Transfer Manager 1.30 allow remote attackers to read arbitrary files via ".." sequences in (1) the currentdir parameter to txt.php, or the current_dir parameter to (2) htm.php or (3) html.php.

5CVSS7.4AI score0.00248EPSS

CVE•added 2006/03/14 1:6 a.m.•38 views

CVE-2006-1209

PHP Advanced Transfer Manager 1.00 through 1.30 stores sensitive information, including password hashes, under the web root with insufficient access control, which allows remote attackers to download each password hash via a direct request for a users/[USERNAME] file.

5CVSS6.9AI score0.08486EPSS

CVE•added 2006/09/06 10:4 p.m.•37 views

CVE-2006-4594

Multiple PHP remote file inclusion vulnerabilities in PHP Advanced Transfer Manager (phpAtm) 1.21 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the include_location parameter in (1) confirm.php or (2) login.php. NOTE: the include_location parameter to index.php is al...

7.5CVSS7.7AI score0.03079EPSS

CVE•added 2005/09/20 10:3 p.m.•35 views

CVE-2005-2998

PHP Advanced Transfer Manager 1.30 has a default password for the administrator user, which allows remote attackers to upload and execute arbitrary PHP files.

7.5CVSS8AI score0.00763EPSS

CVE•added 2005/05/16 4:0 a.m.•34 views

CVE-2005-1604

PHP Advanced Transfer Manager (phpATM) 1.21 allows remote attackers to upload arbitrary files via filenames containing multiple file extensions, as demonstrated using a filename ending in "php.ns", which allows execution of arbitrary PHP code.

7.5CVSS7.1AI score0.07806EPSS

CVE•added 2005/09/20 10:3 p.m.•34 views

CVE-2005-2999

PHP Advanced Transfer Manager 1.30 allows remote attackers to obtain sensitive PHP configuration information via a direct request to test.php.

5CVSS6.7AI score0.00346EPSS

CVE•added 2006/09/13 10:7 p.m.•32 views

CVE-2006-4749

Multiple PHP remote file inclusion vulnerabilities in PHP Advanced Transfer Manager (phpATM) 1.20 allow remote attackers to execute arbitrary PHP code via the include_location parameter in (1) activate.php, (2) configure.php, (3) fileop.php, (4) getimg.php, (5) ipblocked.php, (6) register.php, (7) ...

7.5CVSS7.6AI score0.03079EPSS

CVE•added 2005/05/25 4:0 a.m.•29 views

CVE-2005-1681

PHP remote file inclusion vulnerability in common.php in phpATM 1.21, and possibly earlier versions, allows remote attackers to execute arbitrary PHP code via a URL in the include_location parameter to index.php.

7.5CVSS7.7AI score0.025EPSS

CVE•added 2007/05/14 11:19 p.m.•28 views

CVE-2007-2659

Directory traversal vulnerability in index.php in PHP Advanced Transfer Manager (phpATM) 1.30 allows remote attackers to read arbitrary files and obtain script source code via a .. (dot dot) in the directory parameter in a downloadfile action.

5CVSS6.9AI score0.03874EPSS