Page 2 of 11 results (0.014 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

An issue was discovered in dialog.php in tecrail Responsive FileManager 9.8.1. A reflected XSS vulnerability allows remote attackers to inject arbitrary web script or HTML. Se ha descubierto un problema en dialog.php en tecrail Responsive FileManager 9.8.1. Una vulnerabilidad Cross-Site Scripting (XSS) reflejado permite que atacantes remotos inyecten scripts web o HTLM arbitrarios. Responsive Filemanager version 9.8.1 suffers from a cross site scripting vulnerability. • https://seclists.org/bugtraq/2018/Oct/26 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

An issue was discovered in dialog.php in tecrail Responsive FileManager 9.8.1. Attackers can access the file manager interface that provides them with the ability to upload and delete files. Se ha descubierto un problema en dialog.php en tecrail Responsive FileManager 9.8.1. Los atacantes pueden acceder a la interfaz del gestor de archivos que les otorga la capacidad de subir y eliminar archivos. Responsive Filemanager version 9.8.1 suffers from an authentication bypass vulnerability. • https://seclists.org/bugtraq/2018/Oct/25 • CWE-287: Improper Authentication •

CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 2

/filemanager/ajax_calls.php in tecrail Responsive FileManager before 9.13.4 does not properly validate file paths in archives, allowing for the extraction of crafted archives to overwrite arbitrary files via an extract action, aka Directory Traversal. /filemanager/ajax_calls.php en tecrail Responsive FileManager en versiones anteriores a la 9.13.4 no valida correctamente las rutas de archivo en los archivos, lo que permite la extracción de archivos manipulados para sobrescribir archivos arbitrarios mediante una acción "extract". Esto también se conoce como salto de directorio. Responsive FileManager version 9.13.4 suffers from multiple path traversal vulnerabilities. • https://www.exploit-db.com/exploits/45271 http://seclists.org/fulldisclosure/2018/Aug/34 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.5EPSS: 96%CPEs: 1EXPL: 2

/filemanager/ajax_calls.php in tecrail Responsive FileManager before 9.13.4 uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize get_file sequences such as ".." that can resolve to a location that is outside of that directory, aka Directory Traversal. /filemanager/ajax_calls.php en tecrail Responsive FileManager en versiones anteriores a la 9.13.4 emplea entradas externas para construir un nombre de ruta que debería estar en un directorio restringido, pero no neutraliza correctamente las secuencias get_file como ".." que pueden resolverse en una ubicación fuera de ese directorio. Esto también se conoce como salto de directorio. Responsive FileManager version 9.13.4 suffers from multiple path traversal vulnerabilities. • https://www.exploit-db.com/exploits/45271 http://seclists.org/fulldisclosure/2018/Aug/34 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

/filemanager/upload.php in Responsive FileManager before 9.13.3 allows Directory Traversal and SSRF because the url parameter is used directly in a curl_exec call, as demonstrated by a file:///etc/passwd value. /filemanager/upload.php en Responsive FileManager en versiones anteriores a la 9.13.3 permite un salto de directorio y SSRF porque el parámetro url se usa directamente en una llamada curl_exec, tal y como queda demostrado con un valor en file:///etc/passwd. • http://seclists.org/fulldisclosure/2018/Aug/9 https://github.com/trippo/ResponsiveFilemanager/blob/master/changelog.txt • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •