Max CVSS 10.0 Min CVSS 4.3 Total Count5
IDCVSSSummaryLast (major) updatePublished
CVE-2018-15536 5.8
/filemanager/ajax_calls.php in tecrail Responsive FileManager before 9.13.4 does not properly validate file paths in archives, allowing for the extraction of crafted archives to overwrite arbitrary files via an extract action, aka Directory Traversal
24-08-2018 - 15:29 24-08-2018 - 15:29
CVE-2018-15535 5.0
/filemanager/ajax_calls.php in tecrail Responsive FileManager before 9.13.4 uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize get_file sequences such as ".." that can resolve
24-08-2018 - 15:29 24-08-2018 - 15:29
CVE-2017-12574 10.0
An issue was discovered on PLANEX CS-W50HD devices with firmware before 030720. A hardcoded credential "supervisor:dangerous" was injected into web authentication database "/.htpasswd" during booting process, which allows attackers to gain unauthoriz
24-08-2018 - 15:29 24-08-2018 - 15:29
CVE-2018-15528 4.3
Reflected Cross-Site Scripting exists in the Java System Solutions SSO plugin 4.0.13.1 for BMC MyIT. A remote attacker can abuse this issue to inject client-side scripts into the "select_sso()" function. The payload is triggered when the victim opens
21-08-2018 - 12:29 21-08-2018 - 12:29
CVE-2014-0114 7.5
Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "m
06-01-2017 - 21:59 30-04-2014 - 06:49
Back to Top Mark selected
Back to Top