NotCVE - vendor:"Tecrail"

Page 4 of 20 results (0.004 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

CVE-2018-18061 – Responsive Filemanager 9.8.1 Authentication Bypass

https://notcve.org/view.php?id=CVE-2018-18061

An issue was discovered in dialog.php in tecrail Responsive FileManager 9.8.1. Attackers can access the file manager interface that provides them with the ability to upload and delete files. Se ha descubierto un problema en dialog.php en tecrail Responsive FileManager 9.8.1. Los atacantes pueden acceder a la interfaz del gestor de archivos que les otorga la capacidad de subir y eliminar archivos. Responsive Filemanager version 9.8.1 suffers from an authentication bypass vulnerability. • https://seclists.org/bugtraq/2018/Oct/25 • CWE-287: Improper Authentication •

CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 2

CVE-2018-15536 – Responsive FileManager < 9.13.4 - Directory Traversal

https://notcve.org/view.php?id=CVE-2018-15536

/filemanager/ajax_calls.php in tecrail Responsive FileManager before 9.13.4 does not properly validate file paths in archives, allowing for the extraction of crafted archives to overwrite arbitrary files via an extract action, aka Directory Traversal. /filemanager/ajax_calls.php en tecrail Responsive FileManager en versiones anteriores a la 9.13.4 no valida correctamente las rutas de archivo en los archivos, lo que permite la extracción de archivos manipulados para sobrescribir archivos arbitrarios mediante una acción "extract". Esto también se conoce como salto de directorio. Responsive FileManager version 9.13.4 suffers from multiple path traversal vulnerabilities. • https://www.exploit-db.com/exploits/45271 http://seclists.org/fulldisclosure/2018/Aug/34 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.5EPSS: 96%CPEs: 1EXPL: 2

CVE-2018-15535 – Responsive FileManager < 9.13.4 - Directory Traversal

https://notcve.org/view.php?id=CVE-2018-15535

/filemanager/ajax_calls.php in tecrail Responsive FileManager before 9.13.4 uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize get_file sequences such as ".." that can resolve to a location that is outside of that directory, aka Directory Traversal. /filemanager/ajax_calls.php en tecrail Responsive FileManager en versiones anteriores a la 9.13.4 emplea entradas externas para construir un nombre de ruta que debería estar en un directorio restringido, pero no neutraliza correctamente las secuencias get_file como ".." que pueden resolverse en una ubicación fuera de ese directorio. Esto también se conoce como salto de directorio. Responsive FileManager version 9.13.4 suffers from multiple path traversal vulnerabilities. • https://www.exploit-db.com/exploits/45271 http://seclists.org/fulldisclosure/2018/Aug/34 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

CVE-2018-15495

https://notcve.org/view.php?id=CVE-2018-15495

/filemanager/upload.php in Responsive FileManager before 9.13.3 allows Directory Traversal and SSRF because the url parameter is used directly in a curl_exec call, as demonstrated by a file:///etc/passwd value. /filemanager/upload.php en Responsive FileManager en versiones anteriores a la 9.13.3 permite un salto de directorio y SSRF porque el parámetro url se usa directamente en una llamada curl_exec, tal y como queda demostrado con un valor en file:///etc/passwd. • http://seclists.org/fulldisclosure/2018/Aug/9 https://github.com/trippo/ResponsiveFilemanager/blob/master/changelog.txt • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 9.8EPSS: 96%CPEs: 1EXPL: 2

CVE-2018-14728 – Responsive Filemanager 9.13.1 - Server-Side Request Forgery

https://notcve.org/view.php?id=CVE-2018-14728

upload.php in Responsive FileManager 9.13.1 allows SSRF via the url parameter. upload.php en Responsive FileManager 9.13.1 permite Server-Side Request Forgery (SSRF) mediante el parámetro url. Responsive Filemanager version 9.13.1 suffers from a server-side request forgery vulnerability. • https://www.exploit-db.com/exploits/45103 http://packetstormsecurity.com/files/148742/Responsive-Filemanager-9.13.1-Server-Side-Request-Forgery.html • CWE-918: Server-Side Request Forgery (SSRF) •

1 2 3 4