Page 4 of 136 results (0.008 seconds)

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in N-Media Frontend File Manager.This issue affects Frontend File Manager: from n/a through 22.7. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en N-Media Frontend File Manager. Este problema afecta a Frontend File Manager: desde n/a hasta 22.7. The Frontend File Manager Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 22.7 via the user upload functionality. This makes it possible for unauthenticated attackers to access user-uploaded files. • https://patchstack.com/database/vulnerability/nmedia-user-file-uploader/wordpress-frontend-file-manager-plugin-plugin-22-7-sensitive-data-exposure-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

A vulnerability classified as problematic has been found in EFS Easy File Sharing FTP 3.6. This affects an unknown part of the component Login. The manipulation of the argument password leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://0day.today/exploit/39249 https://vuldb.com/?ctiid.251559 https://vuldb.com/?id.251559 • CWE-404: Improper Resource Shutdown or Release •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 3

A vulnerability classified as problematic was found in EFS Easy File Sharing FTP 2.0. Affected by this vulnerability is an unknown functionality. The manipulation of the argument username leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://0day.today/exploit/description/39218 https://packetstormsecurity.com/files/176377/Easy-File-Sharing-FTP-Server-2.0-Denial-Of-Service.html https://vuldb.com/?ctiid.251479 https://vuldb.com/?id.251479 https://www.youtube.com/watch?v=Rcl6VWg_bPY • CWE-404: Improper Resource Shutdown or Release •

CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 0

The Media File Renamer: Rename Files (Manual, Auto & AI) plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 5.7.7. This makes it possible for authenticated attackers, with administrator access and above, to execute code on the server by renaming files containing PHP code. • CWE-73: External Control of File Name or Path •

CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1

Missing Authorization vulnerability in Mitchell Bennis Simple File List.This issue affects Simple File List: from n/a through 6.1.9. Vulnerabilidad de falta de autorización en Mitchell Bennis Simple File List. Este problema afecta a Simple File List: desde n/a hasta 6.1.9. The Simple File List plugin for WordPress is vulnerable to arbitrary file deletion in versions up to, and including, 6.1.9. This is due to insufficient controls on files passed to a deletion function. • https://github.com/codeb0ss/CVE-2023-44227-PoC https://patchstack.com/database/vulnerability/simple-file-list/wordpress-simple-file-list-plugin-6-1-8-arbitrary-file-deletion?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-862: Missing Authorization •