The File Manager Pro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tb' parameter in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
6.1CVSS
6.4AI Score
0.0004EPSS
The socket.io-file package through 2.0.31 for Node.js relies on client-side validation of file types, which allows remote attackers to execute arbitrary code by uploading an executable file via a modified JSON name field. NOTE: This vulnerability only affects products that are no longer supported.....
7.8CVSS
7.9AI Score
0.009EPSS
In Tiny File Manager 2.4.1 there is a vulnerability in the ajax file backup copy functionality which allows authenticated users to create backup copies of files (with .bak extension) outside the scope in the same directory in which they are...
7.7CVSS
7.3AI Score
0.001EPSS
A vulnerability was found in Dooblou WiFi File Explorer 1.13.3. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument search/order/download/mode leads to cross site scripting. The attack can be launched remotely. The...
5.4CVSS
5.2AI Score
0.001EPSS
In Tiny File Manager 2.4.1, there is a Path Traversal vulnerability in the ajax recursive directory listing functionality. This allows authenticated users to enumerate directories and files on the filesystem (outside of the application...
7.7CVSS
7.3AI Score
0.002EPSS
A vulnerability, which was classified as problematic, was found in SourceCodester File Tracker Manager System 1.0. This affects an unknown part of the file normal/borrow1.php. The manipulation of the argument id with the input 1">alert(1111) leads to cross site scripting. It is possible to...
6.1CVSS
6AI Score
0.001EPSS
A vulnerability has been found in SourceCodester File Tracker Manager System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /file_manager/admin/save_user.php of the component POST Parameter Handler. The manipulation of the argument firstname leads to cross...
5.4CVSS
5.2AI Score
0.001EPSS
A vulnerability was found in SourceCodester File Tracker Manager System 1.0. It has been classified as critical. Affected is an unknown function of the file /file_manager/login.php of the component POST Parameter Handler. The manipulation of the argument username leads to sql injection. It is...
9.8CVSS
9.7AI Score
0.001EPSS
A vulnerability classified as critical was found in SourceCodester File Tracker Manager System 1.0. This vulnerability affects unknown code of the file register/update_password.php of the component POST Parameter Handler. The manipulation of the argument new_password leads to sql injection. The...
9.8CVSS
9.8AI Score
0.002EPSS
A vulnerability classified as problematic was found in EFS Easy File Sharing FTP 2.0. Affected by this vulnerability is an unknown functionality. The manipulation of the argument username leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public.....
7.5CVSS
7.5AI Score
0.002EPSS
A vulnerability classified as problematic has been found in EFS Easy File Sharing FTP 3.6. This affects an unknown part of the component Login. The manipulation of the argument password leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to...
7.5CVSS
7.5AI Score
0.0005EPSS
A vulnerability was found in Webile 1.0.1. It has been classified as problematic. Affected is an unknown function of the component HTTP POST Request Handler. The manipulation of the argument new_file_name/c leads to cross site scripting. It is possible to launch the attack remotely. The exploit...
5.4CVSS
5.3AI Score
0.001EPSS
File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: "File" is the name of an Open Source...
5.5CVSS
5.7AI Score
0.001EPSS
The File Manager and File Manager Pro plugins for WordPress are vulnerable to Directory Traversal in versions up to, and including version 7.2.1 (free version) and 8.3.4 (Pro version) via the target parameter in the mk_file_folder_manager_action_callback_shortcode function. This makes it possible.....
9.9CVSS
8.9AI Score
0.0004EPSS
The File Manager Pro plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 8.3.4 via the mk_check_filemanager_php_syntax AJAX function. This makes it possible for authenticated attackers, with subscriber access and above, to execute code on the server....
8.8CVSS
8.5AI Score
0.001EPSS
In Audio File Library (aka audiofile) 0.3.6, there exists one NULL pointer dereference bug in ulaw2linear_buf in G711.cpp in libmodules.a that allows an attacker to cause a denial of service via a crafted...
6.5CVSS
6AI Score
0.001EPSS
In autofile Audio File Library 0.3.6, there exists one memory leak vulnerability in printfileinfo, in printinfo.c, which allows an attacker to leak sensitive information via a crafted file. The printfileinfo function calls the copyrightstring function to get data, however, it dosn't use zero bytes....
6.5CVSS
5.9AI Score
0.003EPSS
Deserialization of Untrusted Data vulnerability in File Manager by Bit Form Team File Manager – 100% Free & Open Source File Manager Plugin for WordPress | Bit File Manager.This issue affects File Manager – 100% Free & Open Source File Manager Plugin for WordPress | Bit File Manager: from n/a...
7.2CVSS
7AI Score
0.001EPSS
The File Away WordPress plugin through 3.9.9.0.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting...
5.4CVSS
5.4AI Score
0.0005EPSS
The Simple File Downloader WordPress plugin through 1.0.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
5.4CVSS
5.3AI Score
0.001EPSS
Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to access the application's internal files. This is possible because the application is vulnerable to broken access...
6.5CVSS
6.5AI Score
0.003EPSS
9.8CVSS
9.4AI Score
0.002EPSS
Tiny File Manager version 2.4.8 executes the code of files uploaded by users of the application, instead of just returning them for download. This is possible because the application is vulnerable to insecure file...
9.8CVSS
9.4AI Score
0.003EPSS
Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to persuade users to perform unintended actions within the application. This is possible because the application is vulnerable to...
8.8CVSS
8.6AI Score
0.002EPSS
cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds...
7.8CVSS
8AI Score
0.001EPSS
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Sebastian Krysmanski Upload File Type Settings plugin <= 1.1...
5.9CVSS
4.8AI Score
0.0005EPSS
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Bruno "Aesqe" Babic File Gallery plugin <= 1.8.5.3...
6.5CVSS
5.2AI Score
0.0005EPSS
A cross-site scripting (XSS) vulnerability in File Management Project 1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field under the Edit User...
6.1CVSS
5.8AI Score
0.001EPSS
crud-file-server node module before 0.9.0 suffers from a Path Traversal vulnerability due to incorrect validation of url, which allows a malicious user to read content of any file with known...
7.5CVSS
7.2AI Score
0.002EPSS
A path traversal vulnerability in <= v0.2.6 of http-file-server npm module allows attackers to list files in arbitrary...
5.3CVSS
5.2AI Score
0.001EPSS
Cross-site scripting (XSS) vulnerability in http-file-server (all versions) allows an attacker with access to the server file system to execute arbitrary JavaScript code in victim's...
5.4CVSS
5.4AI Score
0.001EPSS
crud-file-server node module before 0.8.0 suffers from a Cross-Site Scripting vulnerability to a lack of validation of file...
6.1CVSS
5.9AI Score
0.001EPSS
Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a...
5.5AI Score
0.058EPSS
The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF...
8.8AI Score
0.016EPSS
The cdf_count_chain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate sector-count data, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF...
8.9AI Score
0.007EPSS
The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service (application crash) via a crafted stream offset in a...
8.9AI Score
0.007EPSS
softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE...
5.6AI Score
0.959EPSS
An issue was discovered in the file-type package before 16.5.4 and 17.x before 17.1.3 for Node.js. A malformed MKV file could cause the file type detector to get caught in an infinite loop. This would make the application become unresponsive and could be used to cause a DoS...
5.5CVSS
5.1AI Score
0.001EPSS
An issue in the authentication mechanism in Nong Ge File Explorer v1.4 unauthenticated allows to access sensitive...
4.6CVSS
4.9AI Score
0.001EPSS
A heap-based buffer overflow vulnerability in the function ok_jpg_decode_block_progressive() at ok_jpg.c:1054 of ok-file-formats through 2020-06-26 allows attackers to cause a Denial of Service (DOS) via a crafted jpeg...
6.5CVSS
6.4AI Score
0.001EPSS
A path traversal vulnerability exists in simple-file-manager before 2017-04-26, affecting index.php (the sole "Simple PHP File Manager"...
9.8CVSS
9.4AI Score
0.002EPSS
HScripts PHP File Browser Script v1.0 allows Directory Traversal via the index.php path...
5.3CVSS
5.4AI Score
0.002EPSS
ok-file-formats through 2018-10-16 has a heap-based buffer overflow in the ok_csv_decode2 function in...
8.8CVSS
8.8AI Score
0.002EPSS
ok-file-formats through 2018-10-16 has a heap-based buffer over-read in the ok_mo_decode2 function in...
8.8CVSS
8.7AI Score
0.002EPSS
Cross-site request forgery (CSRF) vulnerability in the WordPress File Upload plugin (wp-file-upload) before 2.4.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings via unspecified vectors. NOTE: some of these details are...
7.4AI Score
0.001EPSS
The Stage File Proxy module 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to cause a denial of service (file operations performance degradation and failure) via a large number of...
6.9AI Score
0.004EPSS
The Wildog/flask-file-server repository through 2020-02-20 on GitHub allows absolute path traversal because the Flask send_file function is used...
9.3CVSS
9.3AI Score
0.002EPSS
Cross Site Scripting (XSS) vulnerability in sourcecodester School File Management System 1.0 via the Firtstname parameter to the Update Account form in...
6.1CVSS
5.9AI Score
0.001EPSS
Cross Site Scripting (XSS) vulnerability in sourcecodester School File Management System 1.0 via the Lastname parameter to the Update Account form in...
5.4CVSS
5.2AI Score
0.001EPSS
ok-file-formats master 2021-9-12 is affected by a buffer overflow in ok_jpg_convert_data_unit_grayscale and...
7.8CVSS
7.8AI Score
0.001EPSS