WordPress Theme CherryFramework 3.1.4 - Backup File Download

Exploit Title: Wordpress CherryFramework Themes 3.1.4 - Backup File Download Google Dork: inurl:/wp-content/themes/CherryFramework Date: 2018-11-17 Exploit Author: b1p0l4r Vendor Homepage: http://www.cherryframework.com/ Software Link: http://www.cherryframework.com/ Version: 3.x.x 3.1.4 Tested o...

CVE-2018-1433

IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1 web handler /DownloadFile does not require authentication to read arbitrary files from the system. IBM...

CHAOS Framework v2.0 - Generate Payloads And Control Remote Windows Systems

CHAOS allow generate payloads and control remote Windows systems. Disclaimer This project was created only for learning purpose. THIS SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. YOU MAY USE THIS SOFTWARE AT YOUR OWN RISK. THE USE IS COMPLETE RESPONSIBILITY OF THE END-USER. THE...

Jtag Members Directory Arbitrary File Download Vulnerability

Joomla! is the U.S. Open Source Matters team developed a set of open source content management system CMS, the system provides RSS feeds, site search and other features . Jtag Members Directory is used in one of the member management plug-ins. An arbitrary file download vulnerability exists in...

CVE-2018-6008

Arbitrary File Download exists in the Jtag Members Directory 5.3.7 component for Joomla! via the downloadfile parameter...

CVE-2017-11511

The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the filepath parameter for the download-file URL. An unauthenticated remote attacker can use this vulnerability to download arbitrary files...

CMS4J suffers from an arbitrary file download vulnerability patch bypass vulnerability

CMS4J is a CMS system developed by Beijing Paidao Network based on JSP program. CMS4J has an arbitrary file download vulnerability patch bypass vulnerability. The vulnerability arises from the DownloadFile servlet arbitrary file download repair code to download the file filtering is not strict, c...

CVE-2015-5468

Directory traversal vulnerability in the WP e-Commerce Shop Styling plugin before 2.6 for WordPress allows remote attackers to read arbitrary files via a .. dot dot in the filename parameter to includes/download.php...

CVE-2017-7282

An issue was discovered in Unitrends Enterprise Backup before 9.1.1. The function downloadFile in api/includes/restore.php blindly accepts any filename passed to /api/restore/download as valid. This allows an authenticated attacker to read any file in the filesystem that the web server has access...

CVE-2016-9208

A vulnerability in the File Management Utility, the Download File form, and the Serviceability application of Cisco Emergency Responder could allow an authenticated, remote attacker to access files in arbitrary locations on the file system of an affected device. More Information: CSCva98951...

CVE-2016-9208

A vulnerability in the File Management Utility, the Download File form, and the Serviceability application of Cisco Emergency Responder could allow an authenticated, remote attacker to access files in arbitrary locations on the file system of an affected device. More Information: CSCva98951...

CVE-2016-9208

This CVE affects Cisco Emergency Responder: the vulnerability arises from improper sanitization of user-supplied HTTP POST parameters that describe filenames in the File Management Utility, the Download File form, and the Serviceability application. An authenticated, remote attacker could travers...

brownstone.net XSS vulnerability

Vulnerable URL: http://www.brownstone.net/download/downloadfile.asp?cat=d6" Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 6519977 VIP website status:| No Check brownstone.net SSL...

whirOA download. jsp arbitrary File Download

No description provided by source...

PHP Calendar Script 1.0 - User Credentials Disclosure

Exploit for php platform in category web applications Exploit Title: PHP calendar script Password Download File Date: 2016-07-18 Exploit Author: Meisam Monsef email protected or email protected Vendor Homepage: http://www.newsp.eu/calendarscript.php?pt=st Version: All Version Download Link :...

CVE-2016-1594

Micro Focus Novell Service Desk before 7.2 allows remote authenticated users to read arbitrary attachments via a request to a LiveTime.woa URL, as demonstrated by obtaining sensitive information via a 1 downloadLogFiles or 2 downloadFile action...

Wordpress auto-thickbox-plus plugin XSS Vulnerability

Exploit for php platform in category web applications Exploit Title: Wordpress plugin auto-thickbox-plus XSS Vulnerability Vendor or Software Link: https://wordpress.org/plugins/auto-thickbox-plus/ Google dork: inurl:/wp-content/plugins/auto-thickbox-plus The code in...

Arbitrary File Download Vulnerability in Internet Behavior Management System of Shenzhen Wheaton Information Technology Co.

Shenzhen Wheaton Information Technology Co., Ltd. Internet behavior management system is a set of monitoring system for the user's online behavior. Shenzhen Wheaton Information Technology Co., Ltd. Internet behavior management system there are arbitrary file download vulnerability, there are...

Codiad path directory traversal vulnerability

Codiad is an open source Web-based IDE application for writing and editing code online. A directory traversal vulnerability exists in Codiad components/filemanager/download.php, which allows an attacker to read the contents of arbitrary files via the path parameter...

Web File Browser 0.4bX UploadFile/DownloadFile Vulenrabilities

Exploit for php platform in category web applications + Author: TUNISIAN CYBER + Exploit Title: Web File Browser 0.4bX UploadFile/DownloadFile Vulenrabilities + Date: 14-12-2013 + Category: WebApp + Vendor: http://sourceforge.net/projects/webfilebrowser/files/webfilebrowser/ + Google Dork:...