Path Traversal

github.com/flipped-aurora/gin-vue-admin is vulnerable to Path Traversal. A remote unauthenticated attacker is able to gain access to unauthorized data, resulting in disclosure of sensitive information via the download module...

CVE-2022-47762

In gin-vue-admin 2.5.5, the download module has a Path Traversal vulnerability...

CVE-2022-47762

In gin-vue-admin 2.5.5, the download module has a Path Traversal vulnerability...

Path traversal

In gin-vue-admin 2.5.5, the download module has a Path Traversal vulnerability...

PT-2023-15478 · Unknown · Gin-Vue-Admin

Name of the Vulnerable Software and Affected Versions: gin-vue-admin versions prior to 2.5.5 Description: The issue concerns a Path Traversal vulnerability in the download module. Recommendations: For versions prior to 2.5.5, update to version 2.5.5 or later to resolve the issue...

CVE-2022-47762

In gin-vue-admin 2.5.5, the download module has a Path Traversal vulnerability...

Air Transfer 跨站脚本漏洞

Air Transfer is a file transfer application by Junsik Choi, a private developer. A security vulnerability exists in Air Transfer version 1.0.14/1.2.1, which stems from an insecure design of the validation of the path parameter located in the list and download modules and allows execution of...

CVE-2020-23061

Dropouts Technologies LLP Super Backup v2.0.5 was discovered to contain an issue in the path parameter of the list and download module which allows attackers to perform a directory traversal via a change to the path variable to request the local list command...

CVE-2020-23042

Dropouts Technologies LLP Super Backup v2.0.5 was discovered to contain a cross-site scripting XSS vulnerability in the path parameter of the list and download module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted GET request...

Directory traversal

Dropouts Technologies LLP Super Backup v2.0.5 was discovered to contain an issue in the path parameter of the list and download module which allows attackers to perform a directory traversal via a change to the path variable to request the local list command...

UC Browser is the presence of man in the middle attacks(MITM)vulnerability that could impact more than a billion devices-vulnerability warning-the black bar safety net

Researchers find UC Browser in the presence of a vulnerable functional block can be exploited by attackers to perform MiTM attacks. Because the UC Browser using the HTTP Protocol to communicate with the server, the transmission information is not encrypted, so the would be attacker hook request...

Webmin 1.900 Upload Execution

Webmin 1.900 allows authenticated users with “Upload and Download” module access to upload cgi files to a webroot subdirectory and the uploaded files can be executed by sending requests to the web server. Recent assessments: jrobles-r7 at May 09, 2019 5:57pm UTC reported: Details Webmin 1.900...

Updated webmin packages fix security vulnerability

The webmin package has been updated to version 1.840, which fixes a cross-site scripting XSS issue, an issue due to improper escaping in the download module, and has other bug fixes and enhancements. See the upstream release announcements and change log for details...

PHP-NUKE version <= 6.9 - 'cid' SQL Injection Remote Exploit

No description provided by source. !/usr/bin/perl -w use IO::Socket; THIS CODE PUBLIC NOW = \ \ / | \ | / | / / \ | | \ | /\ \ / || /// | / / / / based on 'cid' sql injection vuln in Download module, more info about this vuln u can see here: http://rst.void.ru/texts/advisory10.htm work only...

Sql injection

SQL injection vulnerability in the download module in Free Simple Software 1.0 allows remote attackers to execute arbitrary SQL commands via the downloadsid parameter in a downloadnow action to index.php...

CVE-2010-4298

SQL injection vulnerability in the download module in Free Simple Software 1.0 allows remote attackers to execute arbitrary SQL commands via the downloadsid parameter in a downloadnow action to index.php...

CVE-2010-4298

The CVE-2010-4298 issue affects the Free Simple Software 1.0 download module, where the SQL injection flaw can be triggered via the downloads_id parameter in a download_now action to index.php. The connected Seebug entry provides a PoC exploit demonstrating how a UNION SELECT can extract sensitiv...

Free Simple Software - SQL Injection

'Free Simple Software' SQL Injection Vulnerability CVE-2010-4298 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- A vulnerability exists in the 'Free Simple Software' download module which allows for a 'UNION SELECT' to easily expose the application...

Free Simple Software SQL Injection

'Free Simple Software' SQL Injection Vulnerability CVE-2010-4298 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- A vulnerability exists in the 'Free Simple Software' download module which allows for a 'UNION SELECT' to easily expose the application...

Eurologon CMS Db credentials disclosure / files download

--------------------------------------------------------------- / | | / | / |/ | | |/ | | / | | | | | |/ | | // | || | ||| /| / / | |||| /| / / --------------------------------------------------------------- Http://www.inj3ct-it.org Staffatinj3ct-itdotorg...