Lucene search

Allen Disk Security Vulnerabilities

cve

CVE-2017-9307

SSRF vulnerability in remotedownload.php in Allen Disk 1.6 allows remote authenticated users to conduct port scans and access intranet servers via a crafted file...

6.5CVSS

7AI Score

0.001EPSS

2017-05-31 04:29 AM

cve

CVE-2017-9249

Cross-site scripting (XSS) vulnerability in Allen Disk 1.6 allows remote authenticated users to inject arbitrary web script or HTML persistently by uploading a crafted HTML file. The attack vector is the content of this file, and the filename must be specified in the PATH_INFO to...

5.4CVSS

5.8AI Score

0.001EPSS

2017-05-28 08:29 PM

cve

CVE-2017-9091

/admin/loginc.php in Allen Disk 1.6 doesn't check if isset($_SESSION['captcha']['code']) == 1, which leads to CAPTCHA bypass by emptying...

7.5CVSS

6.8AI Score

0.001EPSS

2017-05-19 06:29 PM

cve

CVE-2017-9090

reg.php in Allen Disk 1.6 doesn't check if isset($_SESSION['captcha']['code'])==1, which makes it possible to bypass the CAPTCHA via an empty...

7.5CVSS

7.2AI Score

0.001EPSS

2017-05-19 06:29 PM

cve

CVE-2017-8848

Allen Disk 1.6 has CSRF in setpass.php with an impact of changing a...

6.5CVSS

7.4AI Score

0.001EPSS

2017-05-08 05:29 PM

cve

CVE-2017-8832

Allen Disk 1.6 has XSS in the id parameter to...

6.1CVSS

6.4AI Score

0.001EPSS

2017-05-08 06:29 AM