Bugada Andrea

Php Advanced Transfer Manager

10 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5

CVE-2007-2659

  • EPSS 4.97%
  • Veröffentlicht 14.05.2007 23:19:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Directory traversal vulnerability in index.php in PHP Advanced Transfer Manager (phpATM) 1.30 allows remote attackers to read arbitrary files and obtain script source code via a .. (dot dot) in the directory parameter in a downloadfile action.

7.5

CVE-2006-4749

  • EPSS 1.61%
  • Veröffentlicht 13.09.2006 22:07:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Multiple PHP remote file inclusion vulnerabilities in PHP Advanced Transfer Manager (phpATM) 1.20 allow remote attackers to execute arbitrary PHP code via the include_location parameter in (1) activate.php, (2) configure.php, (3) fileop.php, (4) geti...

7.5

CVE-2006-4594

Exploit
  • EPSS 4.95%
  • Veröffentlicht 06.09.2006 22:04:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Multiple PHP remote file inclusion vulnerabilities in PHP Advanced Transfer Manager (phpAtm) 1.21 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the include_location parameter in (1) confirm.php or (2) login.php. NOTE:...

5

CVE-2006-1209

Exploit
  • EPSS 8.49%
  • Veröffentlicht 14.03.2006 01:06:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

PHP Advanced Transfer Manager 1.00 through 1.30 stores sensitive information, including password hashes, under the web root with insufficient access control, which allows remote attackers to download each password hash via a direct request for a user...

5

CVE-2005-2997

Exploit
  • EPSS 0.25%
  • Veröffentlicht 20.09.2005 22:03:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Multiple directory traversal vulnerabilities in PHP Advanced Transfer Manager 1.30 allow remote attackers to read arbitrary files via ".." sequences in (1) the currentdir parameter to txt.php, or the current_dir parameter to (2) htm.php or (3) html.p...

7.5

CVE-2005-2998

Exploit
  • EPSS 0.76%
  • Veröffentlicht 20.09.2005 22:03:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

PHP Advanced Transfer Manager 1.30 has a default password for the administrator user, which allows remote attackers to upload and execute arbitrary PHP files.

5

CVE-2005-2999

  • EPSS 0.35%
  • Veröffentlicht 20.09.2005 22:03:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

PHP Advanced Transfer Manager 1.30 allows remote attackers to obtain sensitive PHP configuration information via a direct request to test.php.

4.3

CVE-2005-3000

Exploit
  • EPSS 0.35%
  • Veröffentlicht 20.09.2005 22:03:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Multiple cross-site scripting (XSS) vulnerabilities in viewers/txt.php in PHP Advanced Transfer Manager 1.30 allow remote attackers to inject arbitrary web script or HTML via the (1) font, (2) normalfontcolor, or (3) mess[31] parameters.

7.5

CVE-2005-1681

  • EPSS 4.01%
  • Veröffentlicht 20.05.2005 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

PHP remote file inclusion vulnerability in common.php in phpATM 1.21, and possibly earlier versions, allows remote attackers to execute arbitrary PHP code via a URL in the include_location parameter to index.php.

7.5

CVE-2005-1604

Exploit
  • EPSS 7.81%
  • Veröffentlicht 16.05.2005 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

PHP Advanced Transfer Manager (phpATM) 1.21 allows remote attackers to upload arbitrary files via filenames containing multiple file extensions, as demonstrated using a filename ending in "php.ns", which allows execution of arbitrary PHP code.