Lucene search
K

2685 matches found

NVD
NVD
added 2026/06/09 1:16 p.m.14 views

CVE-2017-20250

Mac Photo Gallery 3.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the albid parameter. Attackers can send requests to macdownload.php with directory traversal sequences to access sensitive files like wp-load.php outside...

8.7CVSS0.00641EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/09 11:48 a.m.11 views

EUVD-2017-18976

Mac Photo Gallery 3.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the albid parameter. Attackers can send requests to macdownload.php with directory traversal sequences to access sensitive files like wp-load.php outside...

8.7CVSS5.6AI score0.00641EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/09 11:48 a.m.30 views

CVE-2017-20250 WordPress Plugin Mac Photo Gallery 3.0 Arbitrary File Download

Mac Photo Gallery 3.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the albid parameter. Attackers can send requests to macdownload.php with directory traversal sequences to access sensitive files like wp-load.php outside...

8.7CVSS0.00641EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/09 11:48 a.m.16 views

CVE-2017-20250 WordPress Plugin Mac Photo Gallery 3.0 Arbitrary File Download

Mac Photo Gallery 3.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the albid parameter. Attackers can send requests to macdownload.php with directory traversal sequences to access sensitive files like wp-load.php outside...

8.7CVSS5.6AI score0.00641EPSS
Exploits0References3
CVE
CVE
added 2026/06/09 11:48 a.m.22 views

CVE-2017-20250

CVE-2017-20250 affects WordPress plugin Mac Photo Gallery 3.0 through a path traversal vulnerability in macdownload.php that allows unauthenticated attackers to download arbitrary files (e.g., wp-load.php) by manipulating the albid parameter. Reported impact includes potential high confidentialit...

8.7CVSS5.6AI score0.00641EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.14 views

PT-2026-47773

Mac Photo Gallery 3.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the albid parameter. Attackers can send requests to macdownload.php with directory traversal sequences to access sensitive files like wp-load.php outside...

8.7CVSS5.6AI score0.00641EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.18 views

Apptha Mac Photo Gallery 路径遍历漏洞

Apptha Mac Photo Gallery is a PHP-based website image display system developed by Apptha Corporation. Version 3.0 of Apptha Mac Photo Gallery has a path traversal vulnerability. This vulnerability stems from improper handling of the albid parameter, allowing unauthenticated attackers to download...

8.7CVSS5.5AI score0.00641EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.9 views

Apptha Slider Gallery 路径遍历漏洞

Apptha Slider Gallery is a website image carousel and gallery display plugin provided by Apptha Corporation. Version 1.0 of Apptha Slider Gallery contains a path traversal vulnerability. This vulnerability stems from improper handling of the imgname parameter, which may allow unauthenticated...

8.7CVSS5.5AI score0.00641EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/08 1:11 p.m.11 views

WordPress WPC Product Options for WooCommerce plugin <= 3.2.1 - Arbitrary File Download vulnerability

Arbitrary File Download vulnerability discovered by Mitchell in WordPress Plugin WPC Product Options for WooCommerce versions = 3.2.1...

7.5CVSS5.4AI score0.00362EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:29 p.m.14 views

CVE-2026-20081

Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker to download arbitrary files from an affected system. To exploit these vulnerabilities, the attacker must have valid administrative credentials. These vulnerabilities are due to improper sanitization o...

6.5CVSS5.8AI score0.00388EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/04 3:10 p.m.8 views

WordPress WP Media folder Addon plugin <= 4.0.1 - Arbitrary File Download vulnerability

Arbitrary File Download vulnerability discovered by 0xd4rk5id3 in WordPress Plugin WP Media folder Addon versions = 4.0.1...

7.5CVSS5.5AI score0.00467EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/06/04 2:16 p.m.9 views

CVE-2019-25727

WordPress Plugin ad manager wd 1.0.11 contains an arbitrary file download vulnerability that allows unauthenticated attackers to download sensitive files by manipulating the path parameter. Attackers can send GET requests to the edit.php endpoint with export=exportcsv and a malicious path paramet...

9.8CVSS0.0046EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/04 1:22 p.m.10 views

CVE-2019-25727 WordPress Plugin ad manager wd 1.0.11 Arbitrary File Download

WordPress Plugin ad manager wd 1.0.11 contains an arbitrary file download vulnerability that allows unauthenticated attackers to download sensitive files by manipulating the path parameter. Attackers can send GET requests to the edit.php endpoint with export=exportcsv and a malicious path paramet...

9.8CVSS5.9AI score0.0046EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/04 1:22 p.m.9 views

EUVD-2019-20163

WordPress Plugin ad manager wd 1.0.11 contains an arbitrary file download vulnerability that allows unauthenticated attackers to download sensitive files by manipulating the path parameter. Attackers can send GET requests to the edit.php endpoint with export=exportcsv and a malicious path paramet...

9.8CVSS5.9AI score0.0046EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/04 1:22 p.m.6 views

CVE-2019-25727

WordPress Plugin ad manager wd 1.0.11 contains an arbitrary file download vulnerability that allows unauthenticated attackers to download sensitive files by manipulating the path parameter. Attackers can send GET requests to the edit.php endpoint with export=exportcsv and a malicious path paramet...

9.8CVSS5.9AI score0.0046EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/06/04 1:22 p.m.14 views

CVE-2019-25727

The CVE-2019-25727 entry describes an Arbitrary File Download vulnerability in WordPress Plugin ad manager wd 1.0.11. An unauthenticated attacker can target the edit.php endpoint by supplying export=export_csv and a malicious path parameter to read sensitive files accessible to the web server (e....

9.8CVSS5.9AI score0.0046EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/04 1:22 p.m.37 views

CVE-2019-25727 WordPress Plugin ad manager wd 1.0.11 Arbitrary File Download

WordPress Plugin ad manager wd 1.0.11 contains an arbitrary file download vulnerability that allows unauthenticated attackers to download sensitive files by manipulating the path parameter. Attackers can send GET requests to the edit.php endpoint with export=exportcsv and a malicious path paramet...

9.8CVSS0.0046EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.18 views

PT-2026-46197

WordPress Plugin ad manager wd 1.0.11 contains an arbitrary file download vulnerability that allows unauthenticated attackers to download sensitive files by manipulating the path parameter. Attackers can send GET requests to the edit.php endpoint with export=export csv and a malicious path...

9.8CVSS5.9AI score0.0046EPSS
Exploits0References4
CVE
CVE
added 2026/06/01 3:13 p.m.18 views

CVE-2026-42679

CVE-2026-42679 affects the WordPress plugin Classified Listing (versions

6.5CVSS5.8AI score0.00295EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/01 3:13 p.m.32 views

CVE-2026-42679 WordPress Classified Listing plugin <= 5.3.8 - Arbitrary File Download vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Mamunur Rashid Classified Listing allows Path Traversal. This issue affects Classified Listing: from n/a through 5.3.8...

6.5CVSS0.00295EPSS
Exploits0References1
Rows per page
Query Builder