CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2020-12102
https://notcve.org/view.php?id=CVE-2020-12102
In Tiny File Manager 2.4.1, there is a Path Traversal vulnerability in the ajax recursive directory listing functionality. This allows authenticated users to enumerate directories and files on the filesystem (outside of the application scope). En Tiny File Manager versión 2.4.1, hay una vulnerabilidad de Salto de Ruta en la funcionalidad de listado de directorio recursivo de ajax. Esto permite a los usuarios autenticados enumerar directorios y archivos en el sistema de archivos (fuera del alcance de la aplicación). • https://cyberaz0r.info/2020/04/tiny-file-manager-multiple-vulnerabilities https://github.com/prasathmani/tinyfilemanager/commit/a0c595a8e11e55a43eeaa68e1a3ce76365f29d06 https://github.com/prasathmani/tinyfilemanager/issues/357 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-12128
https://notcve.org/view.php?id=CVE-2020-12128
DONG JOO CHO File Transfer iFamily 2.1 allows directory traversal related to the ./etc/ path. DONG JOO CHO File Transfer iFamily versión 2.1 permite salto de directorio relacionado con la ruta ./etc/. • https://www.vulnerability-lab.com/get_content.php?id=2199 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7998
https://notcve.org/view.php?id=CVE-2020-7998
An arbitrary file upload vulnerability has been discovered in the Super File Explorer app 1.0.1 for iOS. The vulnerability is located in the developer path that is accessible and hidden next to the root path. By default, there is no password set for the FTP or Web UI service. Se ha detectado una vulnerabilidad de carga de archivo arbitraria en la aplicación Super File Explorer versión 1.0.1 para iOS. La vulnerabilidad se presenta en la ruta del desarrollador que es accesible y oculta al lado de la ruta root. • https://apps.apple.com/us/app/super-file-explorer-file-viewer-file-manager/id1101973946 https://gist.github.com/adeshkolte/9e60b2483d2f20d1951beac0fc917c6f • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-16790 – Remote Code Execution in Tiny File Manager
https://notcve.org/view.php?id=CVE-2019-16790
In Tiny File Manager before 2.3.9, there is a remote code execution via Upload from URL and Edit/Rename files. Only authenticated users are impacted. En Tiny File Manager versiones anteriores a la versión 2.3.9, Hay una ejecución de código remota por medio Upload desde URL y Edit/Rename files. Solo los usuarios autenticados están afectados. • https://github.com/prasathmani/tinyfilemanager/commit/9a499734c5084e3c2eb505f100d50baac1793bd8 https://github.com/prasathmani/tinyfilemanager/security/advisories/GHSA-w72h-v37j-rrwr • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 1CVE-2019-18218 – file: heap-based buffer overflow in cdf_read_property_info in cdf.c
https://notcve.org/view.php?id=CVE-2019-18218
cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write). La función cdf_read_property_info en el archivo cdf.c en file versiones hasta 5.37, no restringe el número de elementos CDF_VECTOR, lo que permite un desbordamiento del búfer en la región heap de la memoria (escritura fuera de límites de 4 bytes). • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00044.html https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16780 https://github.com/file/file/commit/46a8443f76cec4b41ec736eca396984c74664f84 https://lists.debian.org/debian-lts-announce/2019/10/msg00032.html https://lists.debian.org/debian-lts-announce/2021/07/msg00008.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV6PFCEYHYALMTT45QE2U5C5TEJZQPXJ https://lists.fedoraproject.org/archives/list/p • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •