Fariskhi Vidyan

12 exploits Active since Aug 2018
CVE-2018-15495 WRITEUP HIGH WRITEUP
Responsive FileManager < 9.13.3 - Path Traversal and Server-Side Request Forgery via URL Parameter
/filemanager/upload.php in Responsive FileManager before 9.13.3 allows Directory Traversal and SSRF because the url parameter is used directly in a curl_exec call, as demonstrated by a file:///etc/passwd value.
CVSS 7.5
CVE-2018-20795 EXPLOITDB HIGH text WORKING POC
tecrail Responsive FileManager 9.13.4 - Path Traversal via Path Parameter
tecrail Responsive FileManager 9.13.4 allows remote attackers to read arbitrary files via path traversal with the path parameter, through the copy_cut action in ajax_calls.php and the paste_clipboard action in execute.php.
CVSS 7.5
CVE-2018-20794 EXPLOITDB HIGH text WORKING POC
tecrail Responsive FileManager 9.13.4 - Path Traversal and Arbitrary File Write via Image Save Action
tecrail Responsive FileManager 9.13.4 allows remote attackers to write to an arbitrary image file (jpg/jpeg/png) via path traversal with the path parameter, through the save_img action in ajax_calls.php.
CVSS 7.5
CVE-2018-20793 EXPLOITDB HIGH text WORKING POC
tecrail Responsive FileManager 9.13.4 - Path Traversal and Arbitrary File Write via paths[0] Bypass
tecrail Responsive FileManager 9.13.4 allows remote attackers to write to an arbitrary file as a consequence of a paths[0] path traversal mitigation bypass, through the create_file action in execute.php.
CVSS 7.5
CVE-2018-20792 EXPLOITDB HIGH text WORKING POC
tecrail Responsive FileManager 9.13.4 - Path Traversal via Path Parameter in get_file Action
tecrail Responsive FileManager 9.13.4 allows remote attackers to read arbitrary file via path traversal with the path parameter, through the get_file action in ajax_calls.php.
CVSS 7.5
CVE-2018-20791 EXPLOITDB MEDIUM text WORKING POC
tecrail Responsive FileManager 9.13.4 - Cross-Site Scripting via Media File Upload
tecrail Responsive FileManager 9.13.4 allows XSS via a media file upload with an XSS payload in the name, because of mishandling of the media_preview action.
CVSS 6.1
CVE-2018-20790 EXPLOITDB HIGH text WORKING POC
tecrail Responsive FileManager 9.13.4 - Path Traversal and Arbitrary File Deletion via paths[0] Parameter
tecrail Responsive FileManager 9.13.4 allows remote attackers to delete an arbitrary file as a consequence of a paths[0] path traversal mitigation bypass through the delete_file action in execute.php.
CVSS 7.5
CVE-2018-20789 EXPLOITDB HIGH text WORKING POC
tecrail Responsive FileManager 9.13.4 - Path Traversal & Directory Deletion via execute.php
tecrail Responsive FileManager 9.13.4 allows remote attackers to delete an arbitrary directory as a consequence of a paths[0] path traversal mitigation bypass through the delete_folder action in execute.php.
CVSS 7.5
CVE-2018-19125 EXPLOITDB HIGH php WORKING POC
PrestaShop <1.6.1.23, <1.7.4.4 - Path Traversal
PrestaShop 1.6.x before 1.6.1.23 and 1.7.x before 1.7.4.4 allows remote attackers to delete an image directory.
CVSS 7.5
CVE-2018-19126 EXPLOITDB CRITICAL php WORKING POC
PrestaShop 1.6.0.1-1.6.1.22 - Unauthenticated Arbitrary File Upload and Remote Code Execution
PrestaShop 1.6.x before 1.6.1.23 and 1.7.x before 1.7.4.4 allows remote attackers to execute arbitrary code via a file upload.
CVSS 9.8
CVE-2018-1000888 EXPLOITDB HIGH text WORKING POC
PEAR Archive_Tar <1.4.3 - Code Injection
PEAR Archive_Tar version 1.4.3 and earlier contains a CWE-502, CWE-915 vulnerability in the Archive_Tar class. There are several file operations with `$v_header['filename']` as parameter (such as file_exists, is_file, is_dir, etc). When extract is called without a specific prefix path, we can trigger unserialization by crafting a tar file with `phar://[path_to_malicious_phar_file]` as path. Object injection can be used to trigger destruct in the loaded PHP classes, e.g. the Archive_Tar class itself. With Archive_Tar object injection, arbitrary file deletion can occur because `@unlink($this->_temp_tarname)` is called. If another class with useful gadget is loaded, it may possible to cause remote code execution that can result in files being deleted or possibly modified. This vulnerability appears to have been fixed in 1.4.4.
CVSS 8.8
CVE-2019-3810 EXPLOITDB MEDIUM text WORKING POC
moodle 3.1.0-3.1.15 3.6.0-3.6.1 - Cross-Site Scripting in User Profile Image Hover Text
A flaw was found in moodle versions 3.6 to 3.6.1, 3.5 to 3.5.3, 3.4 to 3.4.6, 3.1 to 3.1.15 and earlier unsupported versions. The /userpix/ page did not escape users' full names, which are included as text when hovering over profile images. Note this page is not linked to by default and its access is restricted.
CVSS 6.1