Vulnerabilites related to AjaXplorer - AjaXplorer
Vulnerability from fkie_nvd
Published
2012-03-22 10:17
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple directory traversal vulnerabilities in the Get Template feature in plugins/gui.ajax/class.AJXP_ClientDriver.php in AjaXplorer 3.2.x before 3.2.5 and 4.0.x before 4.0.4 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) pluginName or (2) pluginPath parameter in a get_template action. NOTE: some of these details are obtained from third party information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ajaxplorer | ajaxplorer | 3.2 | |
| ajaxplorer | ajaxplorer | 3.2.1 | |
| ajaxplorer | ajaxplorer | 3.2.2 | |
| ajaxplorer | ajaxplorer | 3.2.3 | |
| ajaxplorer | ajaxplorer | 3.2.4 | |
| ajaxplorer | ajaxplorer | 4.0 | |
| ajaxplorer | ajaxplorer | 4.0.1 | |
| ajaxplorer | ajaxplorer | 4.0.2 | |
| ajaxplorer | ajaxplorer | 4.0.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3AB14FF4-0CF0-4ACF-BA85-59196A259BAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FA399184-3366-48E8-90F8-0BDF255DB2CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FD6997D4-21C7-459F-8CB1-31E98C44BC91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "08354E81-1FF5-4CEF-8B5B-A3B3C514F03B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CC4FFE75-9BBE-4C9F-A7E5-350AC7701ECD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "514ED912-D7FB-46CD-999C-4099D37DBF21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9ACB6977-00FC-49D4-ACAA-E5BDF51E2533",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AF45470B-525A-4716-B3C7-E75A33E89466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0ABE4444-20F2-43D8-83BC-12839AA40AF3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in the Get Template feature in plugins/gui.ajax/class.AJXP_ClientDriver.php in AjaXplorer 3.2.x before 3.2.5 and 4.0.x before 4.0.4 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) pluginName or (2) pluginPath parameter in a get_template action. NOTE: some of these details are obtained from third party information."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de salto de directorio en la funcionalidad Get Template en plugins/gui.ajax/class.AJXP_ClientDriver.php en AjaXplorer v3.2.x antes de v3.2.5 y v4.0.x antes de v4.0.4 permiten a atacantes remotos incluir y ejecutar archivos locales a trav\u00e9s de un .. (punto punto) en los par\u00e1metros (1) pluginName o (2) pluginPath en una acci\u00f3n get_template. NOTA: algunos de estos detalles han sido obtenidos de informaci\u00f3n de terceros."
}
],
"id": "CVE-2012-1839",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-03-22T10:17:10.923",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://ajaxplorer.info/ajaxplorer-4-0-4/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48226"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/504019"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/79810"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/52298"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73671"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://ajaxplorer.info/ajaxplorer-4-0-4/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48226"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/504019"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/79810"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/52298"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73671"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-11-14 20:55
Modified
2025-04-11 00:51
Severity ?
Summary
Directory traversal vulnerability in plugins/editor.zoho/agent/save_zoho.php in the Zoho plugin in Pydio (formerly AjaXplorer) before 5.0.4 allows remote attackers to read or delete arbitrary files via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "749AF946-4365-4F44-B7F1-40078F967ED3",
"versionEndIncluding": "5.0.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4C9B8E9F-8B96-4772-A85B-EA9627A936C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D05FAAAF-FFE2-43FC-8540-9A6FD442FEA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7BC21F4F-F8DB-4C93-A50E-3368BAD1D25E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "25D9757C-A57E-4055-ACFE-A05AA7974BBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BCDAE4D9-9B4F-4DBE-A6D9-FCF834385786",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1143B0E5-E295-4FB2-97C3-9050D4657B54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FA105880-BD2F-49F7-A075-DE82A1CD2AE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:2.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5DF81994-870E-4B13-BD4C-075AD817D482",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:2.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F5BD079C-588C-4871-9DAD-D6B5D9F8DD77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5714ADF6-AE3D-4673-80A4-B0B85D4F28D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4F41BF0E-36A9-4112-B684-C230B34E9089",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B6716313-262B-4CAA-9CBB-16058310F57E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E59657D9-1B5E-4424-BA56-47B20060E090",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6D6EA2C3-05B5-4553-88C8-8D4525365037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "89DE9891-BAAB-4013-88BD-A74ED1F4CB9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3AB14FF4-0CF0-4ACF-BA85-59196A259BAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FA399184-3366-48E8-90F8-0BDF255DB2CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FD6997D4-21C7-459F-8CB1-31E98C44BC91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "08354E81-1FF5-4CEF-8B5B-A3B3C514F03B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CC4FFE75-9BBE-4C9F-A7E5-350AC7701ECD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "642C57C5-9442-4497-827D-3DADBC427080",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4FE8026C-D902-4009-9DBF-8DF74A755727",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4230D03A-9192-42DD-9EDB-CED5CC974CDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C5CC29EA-42E9-465C-B1D0-A9262BAB997E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3DDE2900-5D3F-4389-8B2F-64A8D0E132B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "514ED912-D7FB-46CD-999C-4099D37DBF21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9ACB6977-00FC-49D4-ACAA-E5BDF51E2533",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AF45470B-525A-4716-B3C7-E75A33E89466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0ABE4444-20F2-43D8-83BC-12839AA40AF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "50C4C675-E933-4282-8301-FB39B9222F68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C0BA12F9-9F0A-4BA7-8697-710AC4959149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D0FF8CD1-0EA4-4A6F-95DD-2DDB9844A3C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F205E235-1831-41FB-8055-18FDB95204CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8866C26C-EF22-41AA-9826-5D7F9382DA02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7E6B0759-661B-4217-9918-23AFED8213E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EAAC397B-F1CA-49D0-89BD-9C03FB4D57BB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in plugins/editor.zoho/agent/save_zoho.php in the Zoho plugin in Pydio (formerly AjaXplorer) before 5.0.4 allows remote attackers to read or delete arbitrary files via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de recorrido de directorio en plugins/editor.zoho/agent/save_zoho.php del plugin de Zoho Pydio (formalmente AjaXplorer) anterior a la versi\u00f3n 5.0.4 permite a atacantes remotos leer o eliminar archivos arbitrarios a trav\u00e9s de vectores sin especificar."
}
],
"id": "CVE-2013-6226",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 7.8,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-11-14T20:55:05.137",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0043.html"
},
{
"source": "cve@mitre.org",
"url": "http://pyd.io/pydio-core-5-0-4"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"URL Repurposed"
],
"url": "http://www.redfsec.com/CVE-2013-6226"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/63647"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88667"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0043.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://pyd.io/pydio-core-5-0-4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"URL Repurposed"
],
"url": "http://www.redfsec.com/CVE-2013-6226"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/63647"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88667"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-11-05 21:55
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple directory traversal vulnerabilities in index.php in AjaXplorer 5.0.2 and earlier allow remote authenticated users to read arbitrary files via a ../%00 (dot dot backslash encoded null byte) in the file parameter in a (1) download or (2) get_content action, or (3) upload arbitrary files via a ../%00 (dot dot backslash encoded null byte) in the dir parameter in an upload action.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C58198A4-09F0-488E-AB59-30AF073DC7F7",
"versionEndIncluding": "5.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4C9B8E9F-8B96-4772-A85B-EA9627A936C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D05FAAAF-FFE2-43FC-8540-9A6FD442FEA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7BC21F4F-F8DB-4C93-A50E-3368BAD1D25E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "25D9757C-A57E-4055-ACFE-A05AA7974BBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BCDAE4D9-9B4F-4DBE-A6D9-FCF834385786",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1143B0E5-E295-4FB2-97C3-9050D4657B54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FA105880-BD2F-49F7-A075-DE82A1CD2AE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:2.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5DF81994-870E-4B13-BD4C-075AD817D482",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:2.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F5BD079C-588C-4871-9DAD-D6B5D9F8DD77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5714ADF6-AE3D-4673-80A4-B0B85D4F28D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4F41BF0E-36A9-4112-B684-C230B34E9089",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B6716313-262B-4CAA-9CBB-16058310F57E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E59657D9-1B5E-4424-BA56-47B20060E090",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6D6EA2C3-05B5-4553-88C8-8D4525365037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "89DE9891-BAAB-4013-88BD-A74ED1F4CB9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3AB14FF4-0CF0-4ACF-BA85-59196A259BAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FA399184-3366-48E8-90F8-0BDF255DB2CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FD6997D4-21C7-459F-8CB1-31E98C44BC91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "08354E81-1FF5-4CEF-8B5B-A3B3C514F03B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CC4FFE75-9BBE-4C9F-A7E5-350AC7701ECD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "642C57C5-9442-4497-827D-3DADBC427080",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4FE8026C-D902-4009-9DBF-8DF74A755727",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4230D03A-9192-42DD-9EDB-CED5CC974CDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C5CC29EA-42E9-465C-B1D0-A9262BAB997E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3DDE2900-5D3F-4389-8B2F-64A8D0E132B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "514ED912-D7FB-46CD-999C-4099D37DBF21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9ACB6977-00FC-49D4-ACAA-E5BDF51E2533",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AF45470B-525A-4716-B3C7-E75A33E89466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0ABE4444-20F2-43D8-83BC-12839AA40AF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "50C4C675-E933-4282-8301-FB39B9222F68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C0BA12F9-9F0A-4BA7-8697-710AC4959149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D0FF8CD1-0EA4-4A6F-95DD-2DDB9844A3C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F205E235-1831-41FB-8055-18FDB95204CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8866C26C-EF22-41AA-9826-5D7F9382DA02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7E6B0759-661B-4217-9918-23AFED8213E9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in index.php in AjaXplorer 5.0.2 and earlier allow remote authenticated users to read arbitrary files via a ../%00 (dot dot backslash encoded null byte) in the file parameter in a (1) download or (2) get_content action, or (3) upload arbitrary files via a ../%00 (dot dot backslash encoded null byte) in the dir parameter in an upload action."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de salto de directorio en index.php en AjaXplorer 5.0.2 y anteriores permite a usuarios remotos autenticados leer arbitrarios a trav\u00e9s de .. / 00% (punto punto barra invertida byte nulo) en el par\u00e1metro de archivo de una descarga (1) ,una acci\u00f3n get_content (2), o (3) subir archivos arbitrarios a trav\u00e9s de .. / 00% (punto punto barra inversa codificada byte nulo) en el par\u00e1metro dir en una acci\u00f3n de subida de ficheros."
}
],
"id": "CVE-2013-5688",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-11-05T21:55:12.187",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://ajaxplorer.info/ajaxplorer-core-5-0-3/"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/97022"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2013-027.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://ajaxplorer.info/ajaxplorer-core-5-0-3/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/97022"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2013-027.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-07 14:17
Modified
2025-04-09 00:30
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in admin.php in AjaXplorer 2.3.3 and 2.3.4 allows remote attackers to hijack the authentication of administrators for requests that modify passwords via the update_user_pwd action.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ajaxplorer | ajaxplorer | 2.3.3 | |
| ajaxplorer | ajaxplorer | 2.3.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4C9B8E9F-8B96-4772-A85B-EA9627A936C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D05FAAAF-FFE2-43FC-8540-9A6FD442FEA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in admin.php in AjaXplorer 2.3.3 and 2.3.4 allows remote attackers to hijack the authentication of administrators for requests that modify passwords via the update_user_pwd action."
},
{
"lang": "es",
"value": "Vulnerabilidad de falsificaci\u00f3n de petici\u00f3n en sitios cruzados - CSRF - en el archivo admin.php en AjaXplorer v2.3.3 y v2.3.4 permitir a los atacantes remotos secuestrar la autenticaci\u00f3n de administradores para peticiones que modifiquen las contrase\u00f1as a trav\u00e9s de la acci\u00f3n update_user_pwd."
}
],
"id": "CVE-2008-6639",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-04-07T14:17:17.717",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://gmda.altervista.org/AjaXplorer-2.3.3/cka.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30383"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.osvdb.org/45656"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42694"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://gmda.altervista.org/AjaXplorer-2.3.3/cka.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30383"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.osvdb.org/45656"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42694"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-10-06 01:59
Modified
2025-04-12 10:46
Severity ?
Summary
Directory traversal vulnerability in AjaXplorer 2.0 allows remote attackers to read arbitrary files via unspecified vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN27462572/index.html | Vendor Advisory | |
| vultures@jpcert.or.jp | http://jvndb.jvn.jp/jvndb/JVNDB-2015-000147 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN27462572/index.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvndb.jvn.jp/jvndb/JVNDB-2015-000147 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ajaxplorer | ajaxplorer | 2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "77EF535E-E2C6-439E-A28F-7D2B465FC136",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in AjaXplorer 2.0 allows remote attackers to read arbitrary files via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en AjaXplorer 2.0 permite a atacantes remotos leer archivos arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2015-5650",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-10-06T01:59:26.237",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://jvn.jp/en/jp/JVN27462572/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000147"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://jvn.jp/en/jp/JVN27462572/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000147"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-03-22 10:17
Modified
2025-04-11 00:51
Severity ?
Summary
AjaXplorer 3.2.x before 3.2.5 and 4.0.x before 4.0.4 does not properly perform cookie authentication, which allows remote attackers to obtain login access by leveraging knowledge of a password hash.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ajaxplorer | ajaxplorer | 3.2 | |
| ajaxplorer | ajaxplorer | 3.2.1 | |
| ajaxplorer | ajaxplorer | 3.2.2 | |
| ajaxplorer | ajaxplorer | 3.2.3 | |
| ajaxplorer | ajaxplorer | 3.2.4 | |
| ajaxplorer | ajaxplorer | 4.0 | |
| ajaxplorer | ajaxplorer | 4.0.1 | |
| ajaxplorer | ajaxplorer | 4.0.2 | |
| ajaxplorer | ajaxplorer | 4.0.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3AB14FF4-0CF0-4ACF-BA85-59196A259BAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FA399184-3366-48E8-90F8-0BDF255DB2CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FD6997D4-21C7-459F-8CB1-31E98C44BC91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "08354E81-1FF5-4CEF-8B5B-A3B3C514F03B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CC4FFE75-9BBE-4C9F-A7E5-350AC7701ECD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "514ED912-D7FB-46CD-999C-4099D37DBF21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9ACB6977-00FC-49D4-ACAA-E5BDF51E2533",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AF45470B-525A-4716-B3C7-E75A33E89466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0ABE4444-20F2-43D8-83BC-12839AA40AF3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "AjaXplorer 3.2.x before 3.2.5 and 4.0.x before 4.0.4 does not properly perform cookie authentication, which allows remote attackers to obtain login access by leveraging knowledge of a password hash."
},
{
"lang": "es",
"value": "AjaXplorer v3.2.x antes de v3.2.5 y v4.0.x antes de v4.0.4 no realiza debidamente la autenticaci\u00f3n de cookies, lo que permite a atacantes remotos iniciar una sesi\u00f3n aprovechandose de conocer el hash de una contrase\u00f1a."
}
],
"id": "CVE-2012-1840",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-03-22T10:17:10.970",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://ajaxplorer.info/ajaxplorer-4-0-4/"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/504019"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74305"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://ajaxplorer.info/ajaxplorer-4-0-4/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/504019"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74305"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-12-27 18:59
Modified
2025-04-12 10:46
Severity ?
Summary
Unrestricted file upload vulnerability in plugins/editor.zoho/agent/save_zoho.php in the Zoho plugin in Pydio (formerly AjaXplorer) before 5.0.4 allows remote attackers to execute arbitrary code by uploading an executable file, and then accessing this file at a location specified by the format parameter of a move operation.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ajaxplorer | ajaxplorer | * | |
| pydio | pydio | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "749AF946-4365-4F44-B7F1-40078F967ED3",
"versionEndIncluding": "5.0.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pydio:pydio:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9DEB605-2AB4-4D6C-BCC9-D50F8D95C094",
"versionEndIncluding": "5.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unrestricted file upload vulnerability in plugins/editor.zoho/agent/save_zoho.php in the Zoho plugin in Pydio (formerly AjaXplorer) before 5.0.4 allows remote attackers to execute arbitrary code by uploading an executable file, and then accessing this file at a location specified by the format parameter of a move operation."
},
{
"lang": "es",
"value": "Vulnerabilidad sin restricci\u00f3n en la carga de archivos en plugins/editor.zoho/agent/save_zoho.php en el plugin Zoho en Pydio (formalmente AjaXplorer) anterior a 5.0.4 permite a atacantes remotos ejecutar c\u00f3digo arbitrario subiendo un archivo ejecutable, y luego acceder a dicho archivo en una ubicaci\u00f3n espec\u00edfica a trav\u00e9s del par\u00e1metro formato de la operaci\u00f3n mover."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/434.html\"\u003eCWE-434: Unrestricted Upload of File with Dangerous Type\u003c/a\u003e",
"id": "CVE-2013-6227",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-12-27T18:59:04.587",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://pyd.io/pydio-core-5-0-4/"
},
{
"source": "cve@mitre.org",
"tags": [
"URL Repurposed"
],
"url": "http://www.redfsec.com/CVE-2013-6227"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/46206/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://pyd.io/pydio-core-5-0-4/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"URL Repurposed"
],
"url": "http://www.redfsec.com/CVE-2013-6227"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/46206/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-09-23 18:15
Modified
2025-05-22 19:15
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
An issue was discovered in AjaXplorer 4.2.3, allows attackers to cause cross site scripting vulnerabilities via a crafted svg file upload.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://cxsecurity.com/issue/WLB-2022090059 | Exploit, Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://sourceforge.net/projects/ajaxplorer/files/ajaxplorer/stable-channel/4.2.3/ | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cxsecurity.com/issue/WLB-2022090059 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://sourceforge.net/projects/ajaxplorer/files/ajaxplorer/stable-channel/4.2.3/ | Release Notes, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ajaxplorer | ajaxplorer | 4.2.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F205E235-1831-41FB-8055-18FDB95204CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in AjaXplorer 4.2.3, allows attackers to cause cross site scripting vulnerabilities via a crafted svg file upload."
},
{
"lang": "es",
"value": "Se ha detectado un problema en AjaXplorer versi\u00f3n 4.2.3, que permite a atacantes causar vulnerabilidades de tipo Cross site scripting por medio de la descarga de un archivo svg dise\u00f1ado.\n"
}
],
"id": "CVE-2022-40358",
"lastModified": "2025-05-22T19:15:35.177",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-09-23T18:15:11.317",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://cxsecurity.com/issue/WLB-2022090059"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://sourceforge.net/projects/ajaxplorer/files/ajaxplorer/stable-channel/4.2.3/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://cxsecurity.com/issue/WLB-2022090059"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://sourceforge.net/projects/ajaxplorer/files/ajaxplorer/stable-channel/4.2.3/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
CVE-2015-5650 (GCVE-0-2015-5650)
Vulnerability from cvelistv5
Published
2015-10-03 10:00
Modified
2024-08-06 06:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Directory traversal vulnerability in AjaXplorer 2.0 allows remote attackers to read arbitrary files via unspecified vectors.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:59:03.912Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#27462572",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN27462572/index.html"
},
{
"name": "JVNDB-2015-000147",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000147"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in AjaXplorer 2.0 allows remote attackers to read arbitrary files via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-10-03T03:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#27462572",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN27462572/index.html"
},
{
"name": "JVNDB-2015-000147",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000147"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2015-5650",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in AjaXplorer 2.0 allows remote attackers to read arbitrary files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#27462572",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN27462572/index.html"
},
{
"name": "JVNDB-2015-000147",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000147"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2015-5650",
"datePublished": "2015-10-03T10:00:00",
"dateReserved": "2015-07-24T00:00:00",
"dateUpdated": "2024-08-06T06:59:03.912Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6227 (GCVE-0-2013-6227)
Vulnerability from cvelistv5
Published
2014-12-27 18:00
Modified
2024-08-06 17:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unrestricted file upload vulnerability in plugins/editor.zoho/agent/save_zoho.php in the Zoho plugin in Pydio (formerly AjaXplorer) before 5.0.4 allows remote attackers to execute arbitrary code by uploading an executable file, and then accessing this file at a location specified by the format parameter of a move operation.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:38:58.982Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "46206",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/46206/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://pyd.io/pydio-core-5-0-4/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.redfsec.com/CVE-2013-6227"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted file upload vulnerability in plugins/editor.zoho/agent/save_zoho.php in the Zoho plugin in Pydio (formerly AjaXplorer) before 5.0.4 allows remote attackers to execute arbitrary code by uploading an executable file, and then accessing this file at a location specified by the format parameter of a move operation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-19T10:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "46206",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/46206/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://pyd.io/pydio-core-5-0-4/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.redfsec.com/CVE-2013-6227"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6227",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability in plugins/editor.zoho/agent/save_zoho.php in the Zoho plugin in Pydio (formerly AjaXplorer) before 5.0.4 allows remote attackers to execute arbitrary code by uploading an executable file, and then accessing this file at a location specified by the format parameter of a move operation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "46206",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/46206/"
},
{
"name": "http://pyd.io/pydio-core-5-0-4/",
"refsource": "MISC",
"url": "http://pyd.io/pydio-core-5-0-4/"
},
{
"name": "http://www.redfsec.com/CVE-2013-6227",
"refsource": "MISC",
"url": "http://www.redfsec.com/CVE-2013-6227"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-6227",
"datePublished": "2014-12-27T18:00:00",
"dateReserved": "2013-10-21T00:00:00",
"dateUpdated": "2024-08-06T17:38:58.982Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-10013 (GCVE-0-2010-10013)
Vulnerability from cvelistv5
Published
2025-08-08 18:09
Modified
2025-08-08 19:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Summary
An unauthenticated remote command execution vulnerability exists in AjaXplorer (now known as Pydio Cells) versions prior to 2.6. The flaw resides in the checkInstall.php script within the access.ssh plugin, which fails to properly sanitize user-supplied input to the destServer GET parameter. By injecting shell metacharacters, remote attackers can execute arbitrary system commands on the server with the privileges of the web server process.
References
| ► | URL | Tags |
|---|---|---|
|
|
||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AjaXplorer | AjaXplorer |
Version: * ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2010-10013",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-08T19:01:13.014988Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-08T19:01:16.689Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/ajaxplorer_checkinstall_exec.rb"
},
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/21993"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"checkInstall.php"
],
"product": "AjaXplorer",
"vendor": "AjaXplorer",
"versions": [
{
"lessThan": "2.6",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Julien Cayssol"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unauthenticated remote command execution vulnerability exists in AjaXplorer (now known as Pydio Cells) versions prior to 2.6. The flaw resides in the \u003ccode\u003echeckInstall.php\u003c/code\u003e script within the \u003ccode\u003eaccess.ssh\u003c/code\u003e plugin, which fails to properly sanitize user-supplied input to the \u003ccode\u003edestServer\u003c/code\u003e GET parameter. By injecting shell metacharacters, remote attackers can execute arbitrary system commands on the server with the privileges of the web server process."
}
],
"value": "An unauthenticated remote command execution vulnerability exists in AjaXplorer (now known as Pydio Cells) versions prior to 2.6. The flaw resides in the checkInstall.php script within the access.ssh plugin, which fails to properly sanitize user-supplied input to the destServer GET parameter. By injecting shell metacharacters, remote attackers can execute arbitrary system commands on the server with the privileges of the web server process."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-08T18:09:40.513Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"product"
],
"url": "https://sourceforge.net/projects/ajaxplorer/"
},
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/21993"
},
{
"tags": [
"exploit"
],
"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/ajaxplorer_checkinstall_exec.rb"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.tenable.com/plugins/nessus/45489"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/ajaxplorer-unauth-rce"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "AjaXplorer \u003c 2.6 checkInstall.php Unauthenticated RCE",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2010-10013",
"datePublished": "2025-08-08T18:09:40.513Z",
"dateReserved": "2025-08-07T16:27:21.673Z",
"dateUpdated": "2025-08-08T19:01:16.689Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1839 (GCVE-0-2012-1839)
Vulnerability from cvelistv5
Published
2012-03-22 10:00
Modified
2024-08-06 19:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple directory traversal vulnerabilities in the Get Template feature in plugins/gui.ajax/class.AJXP_ClientDriver.php in AjaXplorer 3.2.x before 3.2.5 and 4.0.x before 4.0.4 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) pluginName or (2) pluginPath parameter in a get_template action. NOTE: some of these details are obtained from third party information.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:08:38.690Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "48226",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48226"
},
{
"name": "ajaxplorer-ajxpclientdriver-file-include(73671)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73671"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ajaxplorer.info/ajaxplorer-4-0-4/"
},
{
"name": "52298",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52298"
},
{
"name": "VU#504019",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/504019"
},
{
"name": "79810",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/79810"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-03-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in the Get Template feature in plugins/gui.ajax/class.AJXP_ClientDriver.php in AjaXplorer 3.2.x before 3.2.5 and 4.0.x before 4.0.4 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) pluginName or (2) pluginPath parameter in a get_template action. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-10T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "48226",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48226"
},
{
"name": "ajaxplorer-ajxpclientdriver-file-include(73671)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73671"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ajaxplorer.info/ajaxplorer-4-0-4/"
},
{
"name": "52298",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52298"
},
{
"name": "VU#504019",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/504019"
},
{
"name": "79810",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/79810"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1839",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in the Get Template feature in plugins/gui.ajax/class.AJXP_ClientDriver.php in AjaXplorer 3.2.x before 3.2.5 and 4.0.x before 4.0.4 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) pluginName or (2) pluginPath parameter in a get_template action. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "48226",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48226"
},
{
"name": "ajaxplorer-ajxpclientdriver-file-include(73671)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73671"
},
{
"name": "http://ajaxplorer.info/ajaxplorer-4-0-4/",
"refsource": "CONFIRM",
"url": "http://ajaxplorer.info/ajaxplorer-4-0-4/"
},
{
"name": "52298",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52298"
},
{
"name": "VU#504019",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/504019"
},
{
"name": "79810",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/79810"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1839",
"datePublished": "2012-03-22T10:00:00",
"dateReserved": "2012-03-21T00:00:00",
"dateUpdated": "2024-08-06T19:08:38.690Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6226 (GCVE-0-2013-6226)
Vulnerability from cvelistv5
Published
2013-11-14 20:00
Modified
2024-08-06 17:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Directory traversal vulnerability in plugins/editor.zoho/agent/save_zoho.php in the Zoho plugin in Pydio (formerly AjaXplorer) before 5.0.4 allows remote attackers to read or delete arbitrary files via unspecified vectors.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:38:58.899Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.redfsec.com/CVE-2013-6226"
},
{
"name": "20131110 Vulnerability in Pydio/AjaXplorer \u003c= 5.0.3",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0043.html"
},
{
"name": "ajaxplorer-zoho-cve20136226-dir-traversal(88667)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88667"
},
{
"name": "63647",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/63647"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pyd.io/pydio-core-5-0-4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in plugins/editor.zoho/agent/save_zoho.php in the Zoho plugin in Pydio (formerly AjaXplorer) before 5.0.4 allows remote attackers to read or delete arbitrary files via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.redfsec.com/CVE-2013-6226"
},
{
"name": "20131110 Vulnerability in Pydio/AjaXplorer \u003c= 5.0.3",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0043.html"
},
{
"name": "ajaxplorer-zoho-cve20136226-dir-traversal(88667)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88667"
},
{
"name": "63647",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/63647"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pyd.io/pydio-core-5-0-4"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6226",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in plugins/editor.zoho/agent/save_zoho.php in the Zoho plugin in Pydio (formerly AjaXplorer) before 5.0.4 allows remote attackers to read or delete arbitrary files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.redfsec.com/CVE-2013-6226",
"refsource": "MISC",
"url": "http://www.redfsec.com/CVE-2013-6226"
},
{
"name": "20131110 Vulnerability in Pydio/AjaXplorer \u003c= 5.0.3",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0043.html"
},
{
"name": "ajaxplorer-zoho-cve20136226-dir-traversal(88667)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88667"
},
{
"name": "63647",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/63647"
},
{
"name": "http://pyd.io/pydio-core-5-0-4",
"refsource": "CONFIRM",
"url": "http://pyd.io/pydio-core-5-0-4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-6226",
"datePublished": "2013-11-14T20:00:00",
"dateReserved": "2013-10-21T00:00:00",
"dateUpdated": "2024-08-06T17:38:58.899Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6639 (GCVE-0-2008-6639)
Vulnerability from cvelistv5
Published
2009-04-07 10:00
Modified
2024-08-07 11:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site request forgery (CSRF) vulnerability in admin.php in AjaXplorer 2.3.3 and 2.3.4 allows remote attackers to hijack the authentication of administrators for requests that modify passwords via the update_user_pwd action.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:34:47.253Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ajaxplorer-admin-csrf(42694)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42694"
},
{
"name": "45656",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/45656"
},
{
"name": "30383",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30383"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://gmda.altervista.org/AjaXplorer-2.3.3/cka.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-05-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in admin.php in AjaXplorer 2.3.3 and 2.3.4 allows remote attackers to hijack the authentication of administrators for requests that modify passwords via the update_user_pwd action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ajaxplorer-admin-csrf(42694)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42694"
},
{
"name": "45656",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/45656"
},
{
"name": "30383",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30383"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://gmda.altervista.org/AjaXplorer-2.3.3/cka.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6639",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in admin.php in AjaXplorer 2.3.3 and 2.3.4 allows remote attackers to hijack the authentication of administrators for requests that modify passwords via the update_user_pwd action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ajaxplorer-admin-csrf(42694)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42694"
},
{
"name": "45656",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/45656"
},
{
"name": "30383",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30383"
},
{
"name": "http://gmda.altervista.org/AjaXplorer-2.3.3/cka.txt",
"refsource": "MISC",
"url": "http://gmda.altervista.org/AjaXplorer-2.3.3/cka.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6639",
"datePublished": "2009-04-07T10:00:00",
"dateReserved": "2009-04-06T00:00:00",
"dateUpdated": "2024-08-07T11:34:47.253Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-40358 (GCVE-0-2022-40358)
Vulnerability from cvelistv5
Published
2022-09-23 17:21
Modified
2025-05-22 18:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in AjaXplorer 4.2.3, allows attackers to cause cross site scripting vulnerabilities via a crafted svg file upload.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:21:45.650Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sourceforge.net/projects/ajaxplorer/files/ajaxplorer/stable-channel/4.2.3/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cxsecurity.com/issue/WLB-2022090059"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-40358",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-22T18:43:02.691307Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T18:43:20.725Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in AjaXplorer 4.2.3, allows attackers to cause cross site scripting vulnerabilities via a crafted svg file upload."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-23T17:21:40.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sourceforge.net/projects/ajaxplorer/files/ajaxplorer/stable-channel/4.2.3/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cxsecurity.com/issue/WLB-2022090059"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-40358",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in AjaXplorer 4.2.3, allows attackers to cause cross site scripting vulnerabilities via a crafted svg file upload."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sourceforge.net/projects/ajaxplorer/files/ajaxplorer/stable-channel/4.2.3/",
"refsource": "MISC",
"url": "https://sourceforge.net/projects/ajaxplorer/files/ajaxplorer/stable-channel/4.2.3/"
},
{
"name": "https://cxsecurity.com/issue/WLB-2022090059",
"refsource": "MISC",
"url": "https://cxsecurity.com/issue/WLB-2022090059"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-40358",
"datePublished": "2022-09-23T17:21:40.000Z",
"dateReserved": "2022-09-11T00:00:00.000Z",
"dateUpdated": "2025-05-22T18:43:20.725Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1840 (GCVE-0-2012-1840)
Vulnerability from cvelistv5
Published
2012-03-22 10:00
Modified
2024-08-06 19:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
AjaXplorer 3.2.x before 3.2.5 and 4.0.x before 4.0.4 does not properly perform cookie authentication, which allows remote attackers to obtain login access by leveraging knowledge of a password hash.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:08:38.692Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ajaxplorer.info/ajaxplorer-4-0-4/"
},
{
"name": "ajaxplorer-cookie-info-disc(74305)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74305"
},
{
"name": "VU#504019",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/504019"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-03-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "AjaXplorer 3.2.x before 3.2.5 and 4.0.x before 4.0.4 does not properly perform cookie authentication, which allows remote attackers to obtain login access by leveraging knowledge of a password hash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-09T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ajaxplorer.info/ajaxplorer-4-0-4/"
},
{
"name": "ajaxplorer-cookie-info-disc(74305)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74305"
},
{
"name": "VU#504019",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/504019"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1840",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "AjaXplorer 3.2.x before 3.2.5 and 4.0.x before 4.0.4 does not properly perform cookie authentication, which allows remote attackers to obtain login access by leveraging knowledge of a password hash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ajaxplorer.info/ajaxplorer-4-0-4/",
"refsource": "CONFIRM",
"url": "http://ajaxplorer.info/ajaxplorer-4-0-4/"
},
{
"name": "ajaxplorer-cookie-info-disc(74305)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74305"
},
{
"name": "VU#504019",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/504019"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1840",
"datePublished": "2012-03-22T10:00:00",
"dateReserved": "2012-03-21T00:00:00",
"dateUpdated": "2024-08-06T19:08:38.692Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-5688 (GCVE-0-2013-5688)
Vulnerability from cvelistv5
Published
2013-11-05 21:00
Modified
2024-09-17 03:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple directory traversal vulnerabilities in index.php in AjaXplorer 5.0.2 and earlier allow remote authenticated users to read arbitrary files via a ../%00 (dot dot backslash encoded null byte) in the file parameter in a (1) download or (2) get_content action, or (3) upload arbitrary files via a ../%00 (dot dot backslash encoded null byte) in the dir parameter in an upload action.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:22:29.582Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ajaxplorer.info/ajaxplorer-core-5-0-3/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2013-027.txt"
},
{
"name": "97022",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/97022"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in index.php in AjaXplorer 5.0.2 and earlier allow remote authenticated users to read arbitrary files via a ../%00 (dot dot backslash encoded null byte) in the file parameter in a (1) download or (2) get_content action, or (3) upload arbitrary files via a ../%00 (dot dot backslash encoded null byte) in the dir parameter in an upload action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-11-05T21:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ajaxplorer.info/ajaxplorer-core-5-0-3/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2013-027.txt"
},
{
"name": "97022",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/97022"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5688",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in index.php in AjaXplorer 5.0.2 and earlier allow remote authenticated users to read arbitrary files via a ../%00 (dot dot backslash encoded null byte) in the file parameter in a (1) download or (2) get_content action, or (3) upload arbitrary files via a ../%00 (dot dot backslash encoded null byte) in the dir parameter in an upload action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ajaxplorer.info/ajaxplorer-core-5-0-3/",
"refsource": "CONFIRM",
"url": "http://ajaxplorer.info/ajaxplorer-core-5-0-3/"
},
{
"name": "https://www.trustwave.com/spiderlabs/advisories/TWSL2013-027.txt",
"refsource": "MISC",
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2013-027.txt"
},
{
"name": "97022",
"refsource": "OSVDB",
"url": "http://osvdb.org/97022"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5688",
"datePublished": "2013-11-05T21:00:00Z",
"dateReserved": "2013-09-03T00:00:00Z",
"dateUpdated": "2024-09-17T03:03:27.190Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}