CVE-2026-2147

A weakness has been identified in Tenda AC21 16.03.08.16. This impacts an unknown function of the file /cgi-bin/DownloadLog of the component Web Management Interface. Executing a manipulation can lead to information disclosure. The attack may be performed from remote. The exploit has been made...

CVE-2026-2147 Tenda AC21 Web Management DownloadLog information disclosure

A weakness has been identified in Tenda AC21 16.03.08.16. This impacts an unknown function of the file /cgi-bin/DownloadLog of the component Web Management Interface. Executing a manipulation can lead to information disclosure. The attack may be performed from remote. The exploit has been made...

EUVD-2019-6896

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2016-10201

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cross-site scripting XSS vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the format parameter in...

WordPress plugin MIPL WC Multisite Sync 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...

CVE-2024-8352

The Social Web Suite – Social Media Auto Post, Social Media Auto Publish plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 4.1.11 via the downloadlog function. This makes it possible for unauthenticated attackers to read the contents of arbitrary file...

PT-2024-38966 · WordPress · Social Web Suite – Social Media Auto Post

Name of the Vulnerable Software and Affected Versions: The Social Web Suite – Social Media Auto Post, Social Media Auto Publish plugin for WordPress versions up to, and including, 4.1.11 Description: The issue concerns a Directory Traversal vulnerability, which allows unauthenticated attackers to...

CVE-2023-5494

A vulnerability was found in Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928 and classified as critical. Affected by this issue is some unknown functionality of the file /log/download.php. The manipulation of the argument file leads to os command...

CVE-2021-40095

An issue was discovered in SquaredUp for SCOM 5.2.1.6654. The Download Log feature in System / Maintenance was susceptible to a local file inclusion vulnerability when processing remote input in the log files downloaded by an authenticated administrator user, leading to the ability to read...

Design/Logic Flaw

An issue was discovered in SquaredUp for SCOM 5.2.1.6654. The Download Log feature in System / Maintenance was susceptible to a local file inclusion vulnerability when processing remote input in the log files downloaded by an authenticated administrator user, leading to the ability to read...

CVE-2019-19454

An arbitrary file download was found in the "Download Log" functionality of Wowza Streaming Engine = 4.x.x. This issue was resolved in Wowza Streaming Engine 4.8.0...

CVE-2019-19454

An arbitrary file download was found in the "Download Log" functionality of Wowza Streaming Engine = 4.x.x. This issue was resolved in Wowza Streaming Engine 4.8.0...

CVE-2019-19454

An arbitrary file download was found in the "Download Log" functionality of Wowza Streaming Engine = 4.x.x. This issue was resolved in Wowza Streaming Engine 4.8.0...

CVE-2016-10201

Cross-site scripting XSS vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the format parameter in a download log request to index.php...

CVE-2016-10201

Cross-site scripting XSS vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the format parameter in a download log request to index.php...

CVE-2016-10201

Cross-site scripting XSS vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the format parameter in a download log request to index.php...

OwnCloud 'Download Log' Functionality Cross-Site Scripting Vulnerability

OwnCloud is a free and open source personal cloud storage solution from German company OwnCloud. The solution offers file management, music storage, calendars and more. A cross-site scripting vulnerability exists in OwnCloud 'Download Log' Functionality due to the program failing to properly filt...

Log pollution can potentially lead to local HTML injection - ownCloud

The "download log" functionality in the admin screen is delivering the log in JSON format to the end-user. The file was delivered with an attachment disposition forcing the browser to download the document. However, Firefox running on Microsoft Windows would offer the user to open the data in the...

Server: Log pollution can potentially lead to local HTML injection

The "download log" functionality in the admin screen is delivering the log in JSON format to the end-user. The file was delivered with an attachment disposition forcing the browser to download the document. However, Firefox running on Microsoft Windows would offer the user to open the data in the...

CVE-2016-1594

Micro Focus Novell Service Desk before 7.2 allows remote authenticated users to read arbitrary attachments via a request to a LiveTime.woa URL, as demonstrated by obtaining sensitive information via a 1 downloadLogFiles or 2 downloadFile action...