Lucene search
K

64 matches found

Cvelist
Cvelist
added 2025/10/09 8:20 p.m.10 views

CVE-2025-35052 Newforma Info Exchange (NIX) shared hard-coded secret key

Newforma Info Exchange NIX uses a hard-coded key to encrypt certain query parameters. Some encrypted parameter values can specify paths to download files, potentially bypassing authentication and authorization, for example, the 'qs' parameter used in '/DownloadWeb/download.aspx'. This key is shar...

6.3CVSS0.00347EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2010-2346

Malware in sbrugna...

5CVSS6.4AI score0.02353EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2010-2344

Malware in sbrugna...

5CVSS6.4AI score0.03177EPSS
Exploits1References5
OpenVAS
OpenVAS
added 2025/08/27 12:0 a.m.4 views

Mahara < 23.04.9, 24.04.5 Multiple Vulnerabilities

Mahara is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mahara:mahara"; if description...

8.8CVSS7.8AI score0.00292EPSS
Exploits0References1
CVE
CVE
added 2025/06/26 1:44 a.m.27 views

CVE-2025-5588

CVE-2025-5588 : The Image Editor by Pixo WordPress plugin is vulnerable to a Stored Cross-Site Scripting (Stored XSS) via the download parameter. Affected versions are up to and including 2.3.6. The issue arises from insufficient input sanitization and output escaping, enabling an authenticated a...

6.4CVSS5.6AI score0.00225EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/22 2:49 a.m.10 views

CVE-2010-2336

index.php in Yamamah Photo Gallery 1.00 allows remote attackers to obtain the source code of executable files within the web document root via the download parameter...

5CVSS7.2AI score0.02353EPSS
Exploits1References1
OSV
OSV
added 2025/02/12 10:15 a.m.3 views

CVE-2024-13435

The Ebook Downloader plugin for WordPress is vulnerable to SQL Injection via the 'download' parameter in all versions up to, and including, 1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

7.5CVSS7.3AI score0.00435EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/02/12 12:0 a.m.5 views

PT-2025-6459 · WordPress · Ebook Downloader

Name of the Vulnerable Software and Affected Versions: Ebook Downloader plugin for WordPress versions prior to 1.1 Description: The issue is related to SQL Injection via the download parameter due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the...

7.5CVSS9.7AI score0.00435EPSS
Exploits0References8
OSV
OSV
added 2024/01/24 12:0 a.m.16 views

CVE-2023-24676

An issue found in ProcessWire 3.0.210 allows attackers to execute arbitrary code and install a reverse shell via the downloadzipurl parameter when installing a new module. NOTE: this is disputed because exploitation requires that the attacker is able to enter requests as an admin; however, a...

7.2CVSS7.2AI score0.01312EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/12/29 12:0 a.m.6 views

QR Code Generator Cross-Site Scripting Vulnerability

QR Code Generator is a QR code generator website. A cross-site scripting vulnerability exists in code-projects QR Code Generator version 1.0, which stems from the parameter file in the file /download.php?file=author.png that causes cross-site scripting...

6.1CVSS6.3AI score0.00514EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2023/09/20 2:15 p.m.4 views

CVE-2023-43206

D-LINK DWL-6610 FWv4.3.0.8B003C was discovered to contain a command injection vulnerability in the function webcertdownloadhandler. This vulnerability allows attackers to execute arbitrary commands via the certDownload parameter...

9.8CVSS7.5AI score0.02328EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/07/20 12:0 a.m.8 views

Dooblou WiFi File Explorer 跨站脚本漏洞

Dooblou WiFi File Explorer is a free WiFi file explorer from Dooblou. A cross-site scripting vulnerability exists in Dooblou WiFi File Explorer version 1.13.3, which stems from the parameter search/order/download/mode that causes cross-site scripting...

5.4CVSS4.2AI score0.00507EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2022/11/07 12:0 a.m.8 views

PT-2022-26845 · Unknown · Simple E-Learning System

Name of the Vulnerable Software and Affected Versions: Simple E-Learning System version 1.0 Description: An information disclosure issue exists in the component "vcs/downloadFiles.php?download=./search.php" of Simple E-Learning System, allowing attackers to read arbitrary files. Recommendations:...

7.5CVSS7.1AI score0.00706EPSS
Exploits1References5
CNNVD
CNNVD
added 2022/10/13 12:0 a.m.5 views

OcoMon SQL注入漏洞

OcoMon is a helpdesk system from the personal developer Rafael Foster. It is designed to manage integrated inventory control that supports tickets and computing devices. An SQL injection vulnerability exists in OcoMon version v4.0, which stems from the cod parameter in download.php being vulnerab...

9.8CVSS8.5AI score0.00752EPSS
Exploits1References2
OSV
OSV
added 2022/07/05 4:15 p.m.6 views

CVE-2022-34878

SQL Injection vulnerability in User Stats interface /vicidial/userstats.php of VICIdial via the filedownload parameter allows attacker to spoof identity, tamper with existing data, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and beco...

8.8CVSS5.9AI score0.03431EPSS
Exploits1References2
NVD
NVD
added 2022/02/24 3:15 p.m.23 views

CVE-2020-27467

A Directory Traversal vulnerability exits in Processwire CMS before 2.7.1 via the download parameter to index.php...

7.8CVSS0.15737EPSS
Exploits1References1
OSV
OSV
added 2022/02/24 3:15 p.m.3 views

CVE-2020-27467

A Directory Traversal vulnerability exits in Processwire CMS before 2.7.1 via the download parameter to index.php...

7.5CVSS5.8AI score0.15737EPSS
Exploits1References1
CNNVD
CNNVD
added 2022/02/24 12:0 a.m.5 views

Lfi-ProcessWire Cms 路径遍历漏洞

Ryan Cramer Design Lfi-ProcessWire Cms is a free Content Management System Cms and Framework Cmf from Ryan Cramer Design USA designed to save you time and work the way you want. A path traversal vulnerability exists in Ryan Cramer Design Lfi-ProcessWire Cms versions prior to 2.7.1, which stems fr...

7.8CVSS7.3AI score0.15737EPSS
Exploits1References2
NVD
NVD
added 2021/10/22 8:15 p.m.18 views

CVE-2020-36486

Swift File Transfer Mobile v1.1.2 and below was discovered to contain a cross-site scripting XSS vulnerability via the 'path' parameter of the 'list' and 'download' exception-handling...

6.1CVSS0.00702EPSS
Exploits1References1
OSV
OSV
added 2021/07/22 5:15 p.m.3 views

CVE-2021-26698

OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet user-generated content when a sharing link is created and the dl parameter is used...

6.1CVSS6.4AI score0.01428EPSS
Exploits2References3
Rows per page
Query Builder