CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-35173
https://notcve.org/view.php?id=CVE-2020-35173
The Amaze File Manager application before 3.4.2 for Android does not properly restrict intents for controlling the FTP server (aka services.ftpservice.FTPReceiver.ACTION_START_FTPSERVER and services.ftpservice.FTPReceiver.ACTION_STOP_FTPSERVER). La aplicación Amaze File Manager versiones anteriores a 3.4.2 para Android, no restringe apropiadamente intenciones para controlar el servidor FTP (también se conoce como services.ftpservice.FTPReceiver.ACTION_START_FTPSERVER y services.ftpservice.FTPReceiver.ACTION_STOP_FTPSERVER). • https://github.com/TeamAmaze/AmazeFileManager/compare/v3.4.1...v3.4.2 https://github.com/TeamAmaze/AmazeFileManager/pull/1815 https://play.google.com/store/apps/details?id=com.amaze.filemanager&hl=en_US&gl=US •
CVSS: 10.0EPSS: 95%CPEs: 1EXPL: 19CVE-2020-27955 – Git git-lfs Remote Code Execution
https://notcve.org/view.php?id=CVE-2020-27955
Git LFS 2.12.0 allows Remote Code Execution. Git LFS versión 2.12.0, permite una ejecución de código remota • https://github.com/ExploitBox/git-lfs-RCE-exploit-CVE-2020-27955 https://github.com/ExploitBox/git-lfs-RCE-exploit-CVE-2020-27955-Go https://github.com/r00t4dm/CVE-2020-27955 https://github.com/DeeLMind/CVE-2020-27955-LFS https://github.com/HK69s/CVE-2020-27955 https://github.com/NeoDarwin/CVE-2020-27955 https://github.com/FrostsaberX/CVE-2020-27955 https://github.com/IanSmith123/CVE-2020-27955 https://github.com/Arnoldqqq/CVE-2020-27955 https://github.com/nob0dy-3389& • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-24807
https://notcve.org/view.php?id=CVE-2020-24807
The socket.io-file package through 2.0.31 for Node.js relies on client-side validation of file types, which allows remote attackers to execute arbitrary code by uploading an executable file via a modified JSON name field. NOTE: This vulnerability only affects products that are no longer supported by the maintainer El paquete socket.io-file hasta versión 2.0.31 para Node.js se basa en la comprobación del lado del cliente de los tipos de archivos, lo que permite a atacantes remotos ejecutar código arbitrario cargando un archivo ejecutable por medio de un campo de nombre JSON modificado. NOTA: Esta vulnerabilidad solo afecta a los productos que ya no son compatibles con el mantenedor • https://github.com/advisories/GHSA-6495-8jvh-f28x https://github.com/rico345100/socket.io-file https://www.npmjs.com/advisories/1564 https://www.npmjs.com/package/socket.io-file • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-15779
https://notcve.org/view.php?id=CVE-2020-15779
A Path Traversal issue was discovered in the socket.io-file package through 2.0.31 for Node.js. The socket.io-file::createFile message uses path.join with ../ in the name option, and the uploadDir and rename options determine the path. Se detectó un problema de Salto de Ruta en el paquete socket.io-file versiones hasta 2.0.31 para Node.js. El mensaje de socket.io-file::createFile usa path.join con ../ en la opción de nombre, y las opciones uploadDir y rename determinan la ruta • https://github.com/advisories/GHSA-9h4g-27m8-qjrg https://github.com/rico345100/socket.io-file https://www.npmjs.com/advisories/1519 https://www.npmjs.com/package/socket.io-file • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2020-12103
https://notcve.org/view.php?id=CVE-2020-12103
In Tiny File Manager 2.4.1 there is a vulnerability in the ajax file backup copy functionality which allows authenticated users to create backup copies of files (with .bak extension) outside the scope in the same directory in which they are stored. En Tiny File Manager 2.4.1 existe una vulnerabilidad en la funcionalidad de copia de respaldo de archivos ajax que permite a los usuarios autenticados crear copias de respaldo de archivos (con extensión .bak) fuera del alcance en el mismo directorio en el que están almacenados. • https://cyberaz0r.info/2020/04/tiny-file-manager-multiple-vulnerabilities https://github.com/prasathmani/tinyfilemanager/commit/a0c595a8e11e55a43eeaa68e1a3ce76365f29d06 https://github.com/prasathmani/tinyfilemanager/issues/357 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •