PT-2021-24297 · Unknown · Metersphere

Name of the Vulnerable Software and Affected Versions: Metersphere version 1.15.4 Description: An arbitrary file read issue was found, allowing authenticated users to read any file on the server via the file download function. Recommendations: For Metersphere version 1.15.4, consider restricting...

Deskpro 跨站脚本漏洞

Deskpro is a suite of helpdesk software from Deskpro UK. The software includes a customer relationship management component, among other things, and provides features such as email, live chat, and voice. A security vulnerability exists in Deskpro cloud and on-premise Deskpro versions 2021.1.6 and...

CVE-2021-32527

Path traversal vulnerability in QSAN Storage Manager allows remote unauthenticated attackers to download arbitrary files thru injecting file path in download function. Suggest contacting with QSAN and refer to recommendations in QSAN Document...

Path traversal

Path traversal vulnerability in QSAN Storage Manager allows remote unauthenticated attackers to download arbitrary files thru injecting file path in download function. Suggest contacting with QSAN and refer to recommendations in QSAN Document...

CVE-2021-32527 QSAN Storage Manager - Path Traversal-2

Path traversal vulnerability in QSAN Storage Manager allows remote unauthenticated attackers to download arbitrary files thru injecting file path in download function. Suggest contacting with QSAN and refer to recommendations in QSAN Document...

CVE-2021-27132

SerComm AG Combo VD625 AGSOT2.1.0 devices allow CRLF injection for HTTP header injection in the download function via the Content-Disposition header...

CVE-2021-27132

The CVE-2021-27132 issue affects Sercomm VD625 Smart Modems (firmware AGSOT_2.1.0). The vulnerability is a CRLF injection in the Content-Disposition header during the download function, enabling header manipulation that could enable session hijacking, cross-site scripting, or cache poisoning as d...

CVE-2021-27132

SerComm AG Combo VD625 AGSOT2.1.0 devices allow CRLF injection for HTTP header injection in the download function via the Content-Disposition header...

CVE-2021-22857

The CGE page with download function contains a Directory Traversal vulnerability. Attackers can use this loophole to download system files arbitrarily...

CVE-2021-22857

The CGE page with download function contains a Directory Traversal vulnerability. Attackers can use this loophole to download system files arbitrarily...

Directory traversal

The CGE page with download function contains a Directory Traversal vulnerability. Attackers can use this loophole to download system files arbitrarily...

python-pip: directory traversal in _download_http_url() function in src/pip/_internal/download.py

A flaw was found in the pip package installer for Python when downloading or installing a remote package via a specified URL. Improper validation of the "Content-Disposition" HTTP response header makes a path traversal attack possible, leading to an arbitrary file overwrite. This flaw allows an...

Nextcloud: Bypass hide download Nextcloud Share

Summary Hello everyone, accidentally browsing through nextcloud, I have found a small vulnerability on nextcloud server. This vulnerability allow download the file when the download function has been hidden Here is the error details. If anything is wrong please respond to me. Thanks you...

CVE-2019-1877 Cisco Enterprise Chat and Email Attachment Download Vulnerability

A vulnerability in the HTTP API of Cisco Enterprise Chat and Email could allow an unauthenticated, remote attacker to download files attached through chat sessions. The vulnerability is due to insufficient authentication mechanisms on the file download function of the API. An attacker could explo...

Arbitrary File Read Vulnerability in Isthmus Electronic Document Security Management System

Electronic document security management system abbreviation: CDG is an electronic document security protection software. An arbitrary file read vulnerability exists in the IZP Electronic Document Security Management System. The download function somewhere in Yisetong Electronic Document Security...

CVE-2018-11495

OpenCart through 3.0.2.0 allows directory traversal in the editDownload function in admin\model\catalog\download.php via admin/index.php?route=catalog/download/edit, related to the downloadid. For example, an attacker can download ../../config.php...

Sophos XG Firewall 16.05.4 MR-4 - Path Traversal

Sophos XG Firewall 16.05.4 MR-4 - Path Traversal Vulnerabilities Summary The following advisory describe two 2 vulnerabilities, a Path Traversal and a Missing Function Level Access Control, in Sophos XG Firewall 16.05.4 MR-4. Sophos XG Firewall provides “unprecedented visibility into your network...

CVE-2017-3843

A vulnerability in the file download functions for Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to download system files that should be restricted. More Information: CSCvc99446. Known Affected Releases: 11.50...

portal.polaniec.eu XSS vulnerability

Vulnerable URL: http://portal.polaniec.eu/pl/kalendarz/pobierz.ajax?jsoncallback=prompt/OPENBUGBOUNTY/...

Arbitrary File Download Vulnerability in Mixcall Seat Management System record_download Function

Mixcall seat management system is based on B/S architecture, the management personnel can directly log into the Mixcall seat management center through the computer, and view the detailed situation related to the seat personnel's voice services. An arbitrary file download vulnerability exists in t...