es file explorer file manager vulnerabilities and exploits

5
CVSSv2
CVE-2019-11380

The master-password feature in the ES File Explorer File Manager application 4.2.0.1.3 for Android can be bypassed via a com.estrongs.android.pop.ftp.ESFtpShortcut intent, leading to remote FTP access to the entirety of local storage....

4.3
CVSSv2
CVE-2019-8345

The Help feature in the ES File Explorer File Manager application 4.1.9.7.4 for Android allows session hijacking by a Man-in-the-middle attacker on the local network because HTTPS is not used, and an attacker's web site is displayed in a WebView with no information about...

4.8
CVSSv2
CVE-2019-6447

The ES File Explorer File Manager application through 4.1.9.7.4 for Android allows remote attackers to read arbitrary files or execute applications via TCP port 59777 requests on the local Wi-Fi network. This TCP port remains open after the ES application has been launched once,...

EstrongsEs File Explorer File Manager
5
CVSSv2
CVE-2015-1876

Directory traversal vulnerability in ES File Explorer 3.2.4.1....

9.3
CVSSv2
CVE-2015-2444

Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2442....

MicrosoftInternet Explorer
4.3
CVSSv2
CVE-2014-3470

The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by...

NA
CVE-2014-3151

K-Lite CODEC version 9.x suffers from a memory corruption vulnerability....

5.8
CVSSv2
CVE-2014-1970

Directory traversal vulnerability in the ES File Explorer File Manager application before 3.0.4 for Android allows remote attackers to overwrite or create arbitrary files via unspecified vectors....

9.3
CVSSv2
CVE-2010-3329

mshtmled.dll in Microsoft Internet Explorer 7 and 8 allows remote attackers to execute arbitrary code via a crafted Microsoft Office document that causes the HtmlDlgHelper class destructor to access uninitialized memory, aka "Uninitialized Memory Corruption...

MicrosoftIe