CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-35173
https://notcve.org/view.php?id=CVE-2020-35173
30 Dec 2020 — The Amaze File Manager application before 3.4.2 for Android does not properly restrict intents for controlling the FTP server (aka services.ftpservice.FTPReceiver.ACTION_START_FTPSERVER and services.ftpservice.FTPReceiver.ACTION_STOP_FTPSERVER). La aplicación Amaze File Manager versiones anteriores a 3.4.2 para Android, no restringe apropiadamente intenciones para controlar el servidor FTP (también se conoce como services.ftpservice.FTPReceiver.ACTION_START_FTPSERVER y services.ftpservice.FTPReceiver.ACTION... • https://github.com/TeamAmaze/AmazeFileManager/compare/v3.4.1...v3.4.2 •
CVSS: 10.0EPSS: 94%CPEs: 1EXPL: 24CVE-2020-27955 – Git git-lfs Remote Code Execution
https://notcve.org/view.php?id=CVE-2020-27955
05 Nov 2020 — Git LFS 2.12.0 allows Remote Code Execution. Git LFS versión 2.12.0, permite una ejecución de código remota • https://packetstorm.news/files/id/164180 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2020-24807
https://notcve.org/view.php?id=CVE-2020-24807
06 Oct 2020 — The socket.io-file package through 2.0.31 for Node.js relies on client-side validation of file types, which allows remote attackers to execute arbitrary code by uploading an executable file via a modified JSON name field. NOTE: This vulnerability only affects products that are no longer supported by the maintainer El paquete socket.io-file hasta versión 2.0.31 para Node.js se basa en la comprobación del lado del cliente de los tipos de archivos, lo que permite a atacantes remotos ejecutar código arbitrario ... • https://github.com/advisories/GHSA-6495-8jvh-f28x • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-15779
https://notcve.org/view.php?id=CVE-2020-15779
15 Jul 2020 — A Path Traversal issue was discovered in the socket.io-file package through 2.0.31 for Node.js. The socket.io-file::createFile message uses path.join with ../ in the name option, and the uploadDir and rename options determine the path. Se detectó un problema de Salto de Ruta en el paquete socket.io-file versiones hasta 2.0.31 para Node.js. El mensaje de socket.io-file::createFile usa path.join con ../ en la opción de nombre, y las opciones uploadDir y rename determinan la ruta • https://github.com/advisories/GHSA-9h4g-27m8-qjrg • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2020-12103
https://notcve.org/view.php?id=CVE-2020-12103
28 Apr 2020 — In Tiny File Manager 2.4.1 there is a vulnerability in the ajax file backup copy functionality which allows authenticated users to create backup copies of files (with .bak extension) outside the scope in the same directory in which they are stored. En Tiny File Manager 2.4.1 existe una vulnerabilidad en la funcionalidad de copia de respaldo de archivos ajax que permite a los usuarios autenticados crear copias de respaldo de archivos (con extensión .bak) fuera del alcance en el mismo directorio en el que est... • https://cyberaz0r.info/2020/04/tiny-file-manager-multiple-vulnerabilities • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2020-12102
https://notcve.org/view.php?id=CVE-2020-12102
28 Apr 2020 — In Tiny File Manager 2.4.1, there is a Path Traversal vulnerability in the ajax recursive directory listing functionality. This allows authenticated users to enumerate directories and files on the filesystem (outside of the application scope). En Tiny File Manager versión 2.4.1, hay una vulnerabilidad de Salto de Ruta en la funcionalidad de listado de directorio recursivo de ajax. Esto permite a los usuarios autenticados enumerar directorios y archivos en el sistema de archivos (fuera del alcance de la apli... • https://cyberaz0r.info/2020/04/tiny-file-manager-multiple-vulnerabilities • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-12128
https://notcve.org/view.php?id=CVE-2020-12128
23 Apr 2020 — DONG JOO CHO File Transfer iFamily 2.1 allows directory traversal related to the ./etc/ path. DONG JOO CHO File Transfer iFamily versión 2.1 permite salto de directorio relacionado con la ruta ./etc/. • https://www.vulnerability-lab.com/get_content.php?id=2199 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7998
https://notcve.org/view.php?id=CVE-2020-7998
28 Jan 2020 — An arbitrary file upload vulnerability has been discovered in the Super File Explorer app 1.0.1 for iOS. The vulnerability is located in the developer path that is accessible and hidden next to the root path. By default, there is no password set for the FTP or Web UI service. Se ha detectado una vulnerabilidad de carga de archivo arbitraria en la aplicación Super File Explorer versión 1.0.1 para iOS. La vulnerabilidad se presenta en la ruta del desarrollador que es accesible y oculta al lado de la ruta root... • https://apps.apple.com/us/app/super-file-explorer-file-viewer-file-manager/id1101973946 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-16790 – Remote Code Execution in Tiny File Manager
https://notcve.org/view.php?id=CVE-2019-16790
30 Dec 2019 — In Tiny File Manager before 2.3.9, there is a remote code execution via Upload from URL and Edit/Rename files. Only authenticated users are impacted. En Tiny File Manager versiones anteriores a la versión 2.3.9, Hay una ejecución de código remota por medio Upload desde URL y Edit/Rename files. Solo los usuarios autenticados están afectados. • https://github.com/prasathmani/tinyfilemanager/commit/9a499734c5084e3c2eb505f100d50baac1793bd8 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 1CVE-2019-18218 – file: heap-based buffer overflow in cdf_read_property_info in cdf.c
https://notcve.org/view.php?id=CVE-2019-18218
21 Oct 2019 — cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write). La función cdf_read_property_info en el archivo cdf.c en file versiones hasta 5.37, no restringe el número de elementos CDF_VECTOR, lo que permite un desbordamiento del búfer en la región heap de la memoria (escritura fuera de límites de 4 bytes). Red Hat Advanced Cluster Management for Kubernetes 2.2.10 images Red Hat Advanced Clus... • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00044.html • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •