8 matches found
CVE-2016-20081
WordPress Plugin HB Audio Gallery Lite 1.0.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the filepath parameter. Attackers can send requests to the audio-download.php endpoint with directory traversal sequences to acces...
EUVD-2016-10893
WordPress Plugin HB Audio Gallery Lite 1.0.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the filepath parameter. Attackers can send requests to the audio-download.php endpoint with directory traversal sequences to acces...
CVE-2016-20081 WordPress Plugin HB Audio Gallery Lite 1.0.0 Path Traversal File Download
WordPress Plugin HB Audio Gallery Lite 1.0.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the filepath parameter. Attackers can send requests to the audio-download.php endpoint with directory traversal sequences to acces...
CVE-2016-20081
HB Audio Gallery Lite 1.0.0 (WordPress) has a path traversal in audio-download.php via the file_path parameter that allows unauthenticated access to arbitrary files outside the gallery directory (e.g., wp-config.php). Root cause: inadequate validation of the file_path input. The connected documen...
Malicious code in mp3-do-wnload-file-to-day-60280-lay-down-and-love-it-live-yfkc2-lppmhd (npm)
The package mp3-do-wnload-file-to-day-60280-lay-down-and-love-it-live-yfkc2-lppmhd was found to contain malicious code...
MAL-2025-26789 Malicious code in mp3-do-wnload-file-to-day-13796-flick-the-vs-isfeh-rasowi (npm)
The package mp3-do-wnload-file-to-day-13796-flick-the-vs-isfeh-rasowi was found to contain malicious code...
Beers with Talos, Ep. #114: And then there were two...
Beers with Talos BWT Podcast episode No. 114 is now available. Download this episode and subscribe to Beers with Talos: Apple Podcasts Google Podcasts Spotify StitcherRecorded Dec. 9, 2021. If iTunes and Google Play aren't your thing, click here. We joked... This is only the beginning! Please vis...
Command Execution Vulnerability in Xiaodu Route AV Version
Xiaodu Router is a smart router product launched by Baidu, which can transmit cloud data at will and support remote download of audio and video resources. Xiaodu Router AV version has a command execution vulnerability, which can be exploited by attackers to obtain server control privileges...