CVE-2019-25098 – soerennb eXtplorer Archive archive.php path traversal
https://notcve.org/view.php?id=CVE-2019-25098
A vulnerability was found in soerennb eXtplorer up to 2.1.12. It has been classified as critical. This affects an unknown part of the file include/archive.php of the component Archive Handler. The manipulation leads to path traversal. Upgrading to version 2.1.13 is able to address this issue. • https://github.com/soerennb/extplorer/commit/b8fcb888f4ff5e171c16797a4b075c6c6f50bf46 https://github.com/soerennb/extplorer/releases/tag/v2.1.13 https://vuldb.com/?ctiid.217437 https://vuldb.com/?id.217437 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2019-25097 – soerennb eXtplorer Directory Content path traversal
https://notcve.org/view.php?id=CVE-2019-25097
A vulnerability was found in soerennb eXtplorer up to 2.1.12 and classified as critical. Affected by this issue is some unknown functionality of the component Directory Content Handler. The manipulation leads to path traversal. Upgrading to version 2.1.13 is able to address this issue. The name of the patch is b8fcb888f4ff5e171c16797a4b075c6c6f50bf46. • https://github.com/soerennb/extplorer/commit/b8fcb888f4ff5e171c16797a4b075c6c6f50bf46 https://github.com/soerennb/extplorer/releases/tag/v2.1.13 https://vuldb.com/?ctiid.217436 https://vuldb.com/?id.217436 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2019-25096 – soerennb eXtplorer cross site scripting
https://notcve.org/view.php?id=CVE-2019-25096
A vulnerability has been found in soerennb eXtplorer up to 2.1.12 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 2.1.13 is able to address this issue. • https://github.com/soerennb/extplorer/commit/b8fcb888f4ff5e171c16797a4b075c6c6f50bf46 https://github.com/soerennb/extplorer/releases/tag/v2.1.13 https://vuldb.com/?ctiid.217435 https://vuldb.com/?id.217435 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-12756
https://notcve.org/view.php?id=CVE-2017-12756
Command inject in transfer from another server in extplorer 2.1.9 and prior allows attacker to inject command via the userfile[0] parameter. Una inyección de comandos en transferencias desde otro servidor en extplorer en se versiones 2.1.9 y anteriores permite que un atacante inyecte comandos a través del parámetro userfile[0]. • http://extplorer.net/news/21 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2016-4313 – eXtplorer 2.1.9 - '.ZIP' Directory Traversal
https://notcve.org/view.php?id=CVE-2016-4313
Directory traversal vulnerability in unzip/extract feature in eXtplorer 2.1.9 allows remote attackers to execute arbitrary files via a .. (dot dot) in an archive file. Vulnerabilidad de salto de directorio en la funcionalidad unzip/extract de eXtplorer 2.1.9 permite a atacantes remotos ejecutar archivos arbitrarios a través de un .. (punto punto) en un archivo. eXtplorer version 2.1.9 suffers from a traversal vulnerability. • https://www.exploit-db.com/exploits/39816 http://hyp3rlinx.altervista.org/advisories/EXTPLORER-ARCHIVE-PATH-TRAVERSAL.txt http://packetstormsecurity.com/files/137031/eXtplorer-2.1.9-Path-Traversal.html http://www.securityfocus.com/archive/1/538386/100/0/threaded http://www.securityfocus.com/bid/98069 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •