CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2021-35505
https://notcve.org/view.php?id=CVE-2021-35505
Afian FileRun 2021.03.26 allows Remote Code Execution (by administrators) via the Check Path value for the magick binary. Afian FileRun versión 2021.03.26 permite una Ejecución de Código Remota (por parte de los administradores) por medio del valor de Check Path para el binario magick • http://blog.filerun.com https://syntegris-sec.github.io/filerun-advisory • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2021-35504
https://notcve.org/view.php?id=CVE-2021-35504
Afian FileRun 2021.03.26 allows Remote Code Execution (by administrators) via the Check Path value for the ffmpeg binary. Afian FileRun versión 2021.03.26, permite una Ejecución de Código Remota (por administradores) por medio del valor de Check Path para el binario ffmpeg • http://blog.filerun.com https://syntegris-sec.github.io/filerun-advisory • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-35503
https://notcve.org/view.php?id=CVE-2021-35503
Afian FileRun 2021.03.26 allows stored XSS via an HTTP X-Forwarded-For header that is mishandled when rendering Activity Logs. Afian FileRun versión 2021.03.26, permite un ataque de tipo XSS almacenado por medio de un encabezado HTTP X-Forwarded-For que es manejado inapropiadamente cuando se muestran los Registros de Actividad • http://blog.filerun.com https://syntegris-sec.github.io/filerun-advisory • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3CVE-2019-12905 – FileRun 2019.05.21 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-12905
FileRun 2019.05.21 allows XSS via the filename to the ?module=fileman§ion=do&page=up URI. This issue has been fixed in FileRun 2019.06.01. FileRun 21.05.2019 permite Cross-Site Scripting (XSS) mediante el filename en el URI module=fileman§ion=do&page=up. Este problema se ha solucionado en FileRun 01.06.2019. • https://www.exploit-db.com/exploits/48607 http://packetstormsecurity.com/files/158173/FileRun-2019.05.21-Cross-Site-Scripting.html https://github.com/EmreOvunc/FileRun-Vulnerabilities https://github.com/EmreOvunc/FileRun-Vulnerabilities/issues/3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 2CVE-2019-12459
https://notcve.org/view.php?id=CVE-2019-12459
FileRun 2019.05.21 allows customizables/plugins/audio_player Directory Listing. This issue has been fixed in FileRun 2019.06.01. FileRun hasta el 21-05-2019, permite lista de directorios (Directory Listing) de customizables/plugins/audio_player. Este problema se ha solucionado en FileRun 01.06.2019. • https://emreovunc.com/blog/en/FileRun-DirectoryListing-3.png https://filerun.com/changelog https://github.com/EmreOvunc/FileRun-Vulnerabilities https://github.com/EmreOvunc/FileRun-Vulnerabilities/issues/3 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •