11 matches found
CVE-2025-15433
The Shared Files WordPress plugin before 1.7.58 allows users with a role as low as Contributor to download any file on the web server such as wp-config.php via a path traversal vector...
CVE-2016-20023
In CKSource CKFinder before 2.5.0.1 for ASP.NET, authenticated users could download any file from the server if the correct path to a file was provided...
The vulnerability of the File Extension Handler component in the Mozilla Firefox browser allows a hacker to load any file they desire.
The vulnerability of the File Extension Handler component in the Mozilla Firefox browser is related to the ability to download files of a malicious nature without limitation. Exploiting this vulnerability allows an attacker to download any file at will...
IBM Security Guardium 安全漏洞
IBM Security Guardium is a suite of platforms from International Business Machines IBM that provide data protection capabilities. The platform includes features such as custom UI, report management and streamlined audit process building. IBM Security Guardium has an information disclosure...
PT-2024-32832 · Markus · Markus
Name of the Vulnerable Software and Affected Versions: MarkUs versions prior to 2.4.8 Description: The issue affects MarkUs, a web application for the submission and grading of student assignments. It is vulnerable to path traversal, allowing authenticated instructors to download any file on the...
CVE-2024-37179
SAP BusinessObjects Business Intelligence Platform allows an authenticated user to send a specially crafted request to the Web Intelligence Reporting Server to download any file from the machine hosting the service, causing high impact on confidentiality of the application...
Hongdian H8922 路径遍历漏洞
The Hongdian H8922 is a router from the Chinese company Hongdian. A path traversal vulnerability exists in the Hongdian H8922 3.0.5 devices. The vulnerability allows remote attackers to download any file from the device with minimal privileges...
CVE-2020-5356
Dell PowerProtect Data Manager PPDM versions prior to 19.4 and Dell PowerProtect X400 versions prior to 3.2 contain an improper authorization vulnerability. A remote authenticated malicious user may download any file from the affected PowerProtect virtual machines...
CVE-2018-9072
In versions prior to 5.5, LXCI for VMware allows an authenticated user to download any system file due to insufficient input sanitization during file downloads...
UBUNTU-CVE-2018-1135
An issue was discovered in Moodle 3.x. Students who posted on forums and exported the posts to portfolios can download any stored Moodle file by changing the download URL...
CVE-2017-6614
A vulnerability in the file-download feature of the web user interface for Cisco FindIT Network Probe Software 1.0.0 could allow an authenticated, remote attacker to download and view any system file by using the affected software. The vulnerability is due to the absence of role-based access...