Fariskhi Vidyan

12 exploits Active since Aug 2018
CVE-2018-15495 WRITEUP HIGH WRITEUP
Tecrail Responsive Filemanager < 9.13.3 - Path Traversal
/filemanager/upload.php in Responsive FileManager before 9.13.3 allows Directory Traversal and SSRF because the url parameter is used directly in a curl_exec call, as demonstrated by a file:///etc/passwd value.
CVSS 7.5
CVE-2018-20795 EXPLOITDB HIGH text WORKING POC
Tecrail Responsive Filemanager - Path Traversal
tecrail Responsive FileManager 9.13.4 allows remote attackers to read arbitrary files via path traversal with the path parameter, through the copy_cut action in ajax_calls.php and the paste_clipboard action in execute.php.
CVSS 7.5
CVE-2018-20794 EXPLOITDB HIGH text WORKING POC
Tecrail Responsive Filemanager - Path Traversal
tecrail Responsive FileManager 9.13.4 allows remote attackers to write to an arbitrary image file (jpg/jpeg/png) via path traversal with the path parameter, through the save_img action in ajax_calls.php.
CVSS 7.5
CVE-2018-20793 EXPLOITDB HIGH text WORKING POC
Tecrail Responsive Filemanager - Path Traversal
tecrail Responsive FileManager 9.13.4 allows remote attackers to write to an arbitrary file as a consequence of a paths[0] path traversal mitigation bypass, through the create_file action in execute.php.
CVSS 7.5
CVE-2018-20792 EXPLOITDB HIGH text WORKING POC
Tecrail Responsive Filemanager - Path Traversal
tecrail Responsive FileManager 9.13.4 allows remote attackers to read arbitrary file via path traversal with the path parameter, through the get_file action in ajax_calls.php.
CVSS 7.5
CVE-2018-20791 EXPLOITDB MEDIUM text WORKING POC
Tecrail Responsive Filemanager - XSS
tecrail Responsive FileManager 9.13.4 allows XSS via a media file upload with an XSS payload in the name, because of mishandling of the media_preview action.
CVSS 6.1
CVE-2018-20790 EXPLOITDB HIGH text WORKING POC
Tecrail Responsive Filemanager - Path Traversal
tecrail Responsive FileManager 9.13.4 allows remote attackers to delete an arbitrary file as a consequence of a paths[0] path traversal mitigation bypass through the delete_file action in execute.php.
CVSS 7.5
CVE-2018-20789 EXPLOITDB HIGH text WORKING POC
Tecrail Responsive Filemanager - Path Traversal
tecrail Responsive FileManager 9.13.4 allows remote attackers to delete an arbitrary directory as a consequence of a paths[0] path traversal mitigation bypass through the delete_folder action in execute.php.
CVSS 7.5
CVE-2018-19125 EXPLOITDB HIGH php WORKING POC
PrestaShop <1.6.1.23, <1.7.4.4 - Path Traversal
PrestaShop 1.6.x before 1.6.1.23 and 1.7.x before 1.7.4.4 allows remote attackers to delete an image directory.
CVSS 7.5
CVE-2018-19126 EXPLOITDB CRITICAL php WORKING POC
Prestashop < 1.6.1.23 - Unrestricted File Upload
PrestaShop 1.6.x before 1.6.1.23 and 1.7.x before 1.7.4.4 allows remote attackers to execute arbitrary code via a file upload.
CVSS 9.8
CVE-2018-1000888 EXPLOITDB HIGH text WORKING POC
PEAR Archive_Tar <1.4.3 - Code Injection
PEAR Archive_Tar version 1.4.3 and earlier contains a CWE-502, CWE-915 vulnerability in the Archive_Tar class. There are several file operations with `$v_header['filename']` as parameter (such as file_exists, is_file, is_dir, etc). When extract is called without a specific prefix path, we can trigger unserialization by crafting a tar file with `phar://[path_to_malicious_phar_file]` as path. Object injection can be used to trigger destruct in the loaded PHP classes, e.g. the Archive_Tar class itself. With Archive_Tar object injection, arbitrary file deletion can occur because `@unlink($this->_temp_tarname)` is called. If another class with useful gadget is loaded, it may possible to cause remote code execution that can result in files being deleted or possibly modified. This vulnerability appears to have been fixed in 1.4.4.
CVSS 8.8
CVE-2019-3810 EXPLOITDB MEDIUM text WORKING POC
Moodle < 3.1.15 - XSS
A flaw was found in moodle versions 3.6 to 3.6.1, 3.5 to 3.5.3, 3.4 to 3.4.6, 3.1 to 3.1.15 and earlier unsupported versions. The /userpix/ page did not escape users' full names, which are included as text when hovering over profile images. Note this page is not linked to by default and its access is restricted.
CVSS 6.1