CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2018-19040 – Media File Manager <= 1.4.2 - Directory Traversal to Directory Listing
https://notcve.org/view.php?id=CVE-2018-19040
The Media File Manager plugin 1.4.2 for WordPress allows directory listing via a ../ directory traversal in the dir parameter of an mrelocator_getdir action to the wp-admin/admin-ajax.php URI. El plugin Media File Manager 1.4.2 para WordPress permite el listado de directorios mediante un salto de directorio por ../ en el parámetro dir de una acción mrelocator_getdir en el URI wp-admin/admin-ajax.php. The Media File Manager plugin up to and including version 1.4.2 for WordPress allows directory listing via a ../ directory traversal in the dir parameter of an mrelocator_getdir action to the wp-admin/admin-ajax.php URI • https://www.exploit-db.com/exploits/45809 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2018-19043 – Media File Manager <= 1.4.2 - Directory Traversal to Arbitrary File Read
https://notcve.org/view.php?id=CVE-2018-19043
The Media File Manager plugin 1.4.2 for WordPress allows arbitrary file renaming (specifying a "from" and "to" filename) via a ../ directory traversal in the dir parameter of an mrelocator_rename action to the wp-admin/admin-ajax.php URI. El plugin Media File Manager 1.4.2 para WordPress permite renombrar archivos arbitrarios (especificando un nombre de archivo "from" y "to") mediante un salto de directorio por ../ en el parámetro dir de una acción mrelocator_rename en el URI wp-admin/admin-ajax.php. The Media File Manager plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 1.4.2 via the dir parameter. This allows attackers to read the contents of arbitrary files on the server, which can contain sensitive information. • https://www.exploit-db.com/exploits/45809 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 34%CPEs: 1EXPL: 3CVE-2018-9059 – Easy File Sharing Web Server 7.2 - 'UserID' Remote Buffer Overflow (DEP Bypass)
https://notcve.org/view.php?id=CVE-2018-9059
Stack-based buffer overflow in Easy File Sharing (EFS) Web Server 7.2 allows remote attackers to execute arbitrary code via a malicious login request to forum.ghp. NOTE: this may overlap CVE-2014-3791. Desbordamiento de búfer basado en pila en Easy File Sharing (EFS) Web Server 7.2 permite que atacantes remotos ejecuten código arbitrario mediante un inicio de sesión malicioso en forum.ghp. NOTA: podría solaparse con CVE-2014-3791. Easy File Sharing Web Server version 7.2 suffers from a buffer overflow vulnerability. • https://www.exploit-db.com/exploits/44522 https://www.exploit-db.com/exploits/44485 https://github.com/manojcode/easy-file-share-7.2-exploit-CVE-2018-9059 http://packetstormsecurity.com/files/147246/Easy-File-Sharing-Web-Server-7.2-Buffer-Overflow.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-17831
https://notcve.org/view.php?id=CVE-2017-17831
GitHub Git LFS before 2.1.1 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, located on a "url =" line in a .lfsconfig file within a repository. GitHub Git LFS en versiones anteriores a la 2.1.1 permite que los atacantes remotos ejecuten comandos arbitrarios mediante una URL ssh con un carácter guión inicial en el nombre del host, que se encuentra en una línea "url =" en un archivo .lfsconfig dentro de un repositorio. • http://blog.recurity-labs.com/2017-08-10/scm-vulns http://www.securityfocus.com/bid/102926 https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2018-01-24-942834324.html https://github.com/git-lfs/git-lfs/pull/2242 https://github.com/git-lfs/git-lfs/releases/tag/v2.1.1 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1000249
https://notcve.org/view.php?id=CVE-2017-1000249
An issue in file() was introduced in commit 9611f31313a93aa036389c5f3b15eea53510d4d1 (Oct 2016) lets an attacker overwrite a fixed 20 bytes stack buffer with a specially crafted .notes section in an ELF binary. This was fixed in commit 35c94dc6acc418f1ad7f6241a6680e5327495793 (Aug 2017). Se introdujo un fallo en la función file() en un commit con ID 9611f31313a93aa036389c5f3b15eea53510d4d1 (octubre 2016) que permite a un atacante sobrescribir un búfer de pila fijo de 20 bytes con una sección .notes especialmente manipulada en un archivo binario ELF. Esto se solucionó en el commit con ID 35c94dc6acc418f1ad7f6241a6680e5327495793 (agosto 2017). • http://www.debian.org/security/2017/dsa-3965 https://github.com/file/file/commit/35c94dc6acc418f1ad7f6241a6680e5327495793 https://github.com/file/file/commit/9611f31313a93aa036389c5f3b15eea53510d4d https://security.gentoo.org/glsa/201710-02 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •