RSS   Vulnerabilities for 'Roxy fileman'   RSS

2019-12-16
 
CVE-2019-19731

CWE-22
 

 
Roxy Fileman 1.4.5 for .NET is vulnerable to path traversal. A remote attacker can write uploaded files to arbitrary locations via the RENAMEFILE action. This can be leveraged for code execution by uploading a specially crafted Windows shortcut file and writing the file to the Startup folder (because an incomplete blacklist of file extensions allows Windows shortcut files to be uploaded).

 
2019-04-09
 
CVE-2019-7174

CWE-20
 

 
Roxy Fileman 1.4.5 allows attackers to execute renamefile.php (aka Rename File), createdir.php (aka Create Directory), fileslist.php (aka Echo File List), and movefile.php (aka Move File) operations.

 
2019-03-21
 
CVE-2018-20526

CWE-434
 

 
Roxy Fileman 1.4.5 allows unrestricted file upload in upload.php.

 
 
CVE-2018-20525

CWE-22
 

 
Roxy Fileman 1.4.5 allows Directory Traversal in copydir.php, copyfile.php, and fileslist.php.

 
2018-06-07
 
CVE-2018-12042

CWE-22
 

 
Roxy Fileman through v1.4.5 has Directory traversal via the php/download.php f parameter.

 


Copyright 2024, cxsecurity.com

 

Back to Top