3 matches found
CVE-2025-35059
Newforma Info Exchange NIX '/DownloadWeb/hyperlinkredirect.aspx' provides an unauthenticated URL redirect via the 'nhl' parameter...
CVE-2025-35052
Newforma Info Exchange NIX uses a hard-coded key to encrypt certain query parameters. Some encrypted parameter values can specify paths to download files, potentially bypassing authentication and authorization, for example, the 'qs' parameter used in '/DownloadWeb/download.aspx'. This key is shar...
CVE-2017-1000490
Mautic versions 1.0.0 - 2.11.0 are vulnerable to allowing any authorized Mautic user session must be logged into Mautic to use the Filemanager to download any file from the server that the web user has access to...