RSS   Vulnerabilities for 'Dm filemanager'   RSS

2009-07-09
 
CVE-2009-2399

 

 
PHP remote file inclusion vulnerability in dm-albums/template/album.php in DM FileManager 3.9.4, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the SECURITY_FILE parameter.

 
2009-06-09
 
CVE-2009-2025

CWE-264
 

 
admin/login.php in DM FileManager 3.9.2 allows remote attackers to bypass authentication and gain administrative access by setting the (1) USER, (2) GROUPID, (3) GROUP, and (4) USERID cookies to certain values.

 
2009-05-20
 
CVE-2009-1741

CWE-89
 

 
Multiple SQL injection vulnerabilities in login.php in DM FileManager 3.9.2, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields.

 

 >>> Vendor: Dutchmonkey 2 Products
Dm filemanager
Dm album


Copyright 2024, cxsecurity.com

 

Back to Top