RSS   Podatności dla 'Extplorer'   RSS

2018-10-07
 
CVE-2012-6710

CWE-287
 
 
ext_find_user in eXtplorer through 2.1.2 allows remote attackers to bypass authentication via a password[]= (aka an empty array) in an action=login request to index.php.

 
2017-08-09
 
CVE-2017-12756

 
 
Command inject in transfer from another server in extplorer 2.1.9 and prior allows attacker to inject command via the userfile[0] parameter.

 
2017-04-24
 
CVE-2016-4313

CWE-22
 
 
Directory traversal vulnerability in unzip/extract feature in eXtplorer 2.1.9 allows remote attackers to execute arbitrary files via a .. (dot dot) in an archive file.

 
2015-10-15
 
CVE-2015-5660

 
 
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

 
2015-03-18
 
CVE-2015-0896

 
 
Multiple cross-site scripting (XSS) vulnerabilities in eXtplorer before 2.1.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

 
2014-03-25
 
CVE-2013-5951

 
 
Multiple cross-site scripting (XSS) vulnerabilities in eXtplorer 2.1.3, when used as a component for Joomla!, allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) application.js.php in scripts/ or (2) admin.php, (3) copy_move.php, (4) functions.php, (5) header.php, or (6) upload.php in include/.

 
2012-08-07
 
CVE-2012-3454

CWE-264
 
 
eXtplorer 2.1.0b6 uses world writable permissions for the /var/lib/extplorer/ftp_tmp directory, which allows local users to delete or overwrite arbitrary files.

 
2012-07-12
 
CVE-2012-3362

CWE-352
 
 
Cross-site request forgery (CSRF) vulnerability in eXtplorer 2.1 RC3 and earlier allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via an adduser admin action.

 

 >>> Vendor: Extplorer 2 Produkty
Com extplorer
Extplorer

Copyright 2024, cxsecurity.com

 

Back to Top