107 matches found
CVE-2017-15959
Adult Script Pro 2.2.4 allows SQL Injection via the PATHINFO to a /download URI, a different vulnerability than CVE-2007-6576...
S-CMS V3.0 build20170601 has an arbitrary file download vulnerability
S-CMS is a corporate website building system developed by Zibo Shining Network Technology Co. S-CMS V3.0 build20170601 '/admin/download.asp' page has an arbitrary file download vulnerability, allowing attackers to exploit the vulnerability to download database information...
CVE-2017-6564
On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices, the Guest user, which contains the lowest privileges, can post to the idSourceFileName parameter found within the /download directory. This ability allows for an attacker to download sensitive system files from the host machine such as...
Arbitrary File Download Vulnerability in ShowDownloadFile Function of Tibco Call Center System
The core of Tibco's call center system is a communication-based system for internal and external corporate communication. An arbitrary file download vulnerability exists in the showDownloadFile function of the ITS Call Center System. The vulnerability file is:...
chromium-browser: android downloaded file path restriction bypass
The download implementation in Google Chrome before 50.0.2661.75 on Android allows remote attackers to bypass intended pathname restrictions via unspecified vectors...
Zip Attachments <= 1.1.4 - Arbitrary File Download
The zip-attachments plugin allows arbitrary file downloads because it does not check the download path of the requested file. PoC http://www.example.com/wp-content/plugins/zip-attachments/download.php?zafile=../../../../../etc/passwdfilename=passwd...
Windows Object Packager Insecure Execution
Added: 01/24/2012 CVE: CVE-2012-0009 BID: 51297 OSVDB: 78212 Background Windows Object Packager is a tool that can be used to create a package that can be inserted into a file. Problem A vulnerability exists in the way the Windows Object Packager registers and implements packages stored on networ...