RSS   Vulnerabilities for 'Web file explorer'   RSS

2009-05-01
 
CVE-2009-1495

CWE-264
 

 
Web File Explorer 3.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for data/db.mdb.

 
2009-04-17
 
CVE-2009-1323

CWE-89
 

 
SQL injection vulnerability in body.asp in Web File Explorer 3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.

 
2009-04-16
 
CVE-2009-1314

CWE-noinfo
 

 
body.asp in Web File Explorer 3.1 allows remote attackers to create arbitrary files and execute arbitrary code via the savefile action with a file parameter containing a filename that has an executable extension.

 


Copyright 2024, cxsecurity.com

 

Back to Top