PierreAdams

3 exploits Active since Mar 2020
CVE-2020-10567 NOMISEC CRITICAL WORKING POC
Responsive Filemanager <9.14.0 - Code Injection
An issue was discovered in Responsive Filemanager through 9.14.0. In the ajax_calls.php file in the save_img action in the name parameter, there is no validation of what kind of extension is sent. This makes it possible to execute PHP code if a legitimate JPEG image contains this code in the EXIF data, and the .php extension is used in the name parameter. (A potential fast patch is to disable the save_img action in the config file.)
4 stars
CVSS 9.8
CVE-2020-10567 NOMISEC CRITICAL WORKING POC
Responsive Filemanager <9.14.0 - Code Injection
An issue was discovered in Responsive Filemanager through 9.14.0. In the ajax_calls.php file in the save_img action in the name parameter, there is no validation of what kind of extension is sent. This makes it possible to execute PHP code if a legitimate JPEG image contains this code in the EXIF data, and the .php extension is used in the name parameter. (A potential fast patch is to disable the save_img action in the config file.)
CVSS 9.8
CVE-2020-1056 NOMISEC HIGH WORKING POC
Microsoft Edge - Privilege Escalation
An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain.In a web-based attack scenario, an attacker could host a website that is used to attempt to exploit the vulnerability, aka 'Microsoft Edge Elevation of Privilege Vulnerability'.
CVSS 8.1