Lucene search
K

107 matches found

OSV
OSV
added 2017/10/29 6:29 a.m.5 views

CVE-2017-15959

Adult Script Pro 2.2.4 allows SQL Injection via the PATHINFO to a /download URI, a different vulnerability than CVE-2007-6576...

9.8CVSS5.8AI score0.02066EPSS
Exploits4References2
CNVD
CNVD
added 2017/06/07 12:0 a.m.4 views

S-CMS V3.0 build20170601 has an arbitrary file download vulnerability

S-CMS is a corporate website building system developed by Zibo Shining Network Technology Co. S-CMS V3.0 build20170601 '/admin/download.asp' page has an arbitrary file download vulnerability, allowing attackers to exploit the vulnerability to download database information...

7AI score
Exploits0
OSV
OSV
added 2017/05/01 7:59 p.m.1 views

CVE-2017-6564

On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices, the Guest user, which contains the lowest privileges, can post to the idSourceFileName parameter found within the /download directory. This ability allows for an attacker to download sensitive system files from the host machine such as...

6.5CVSS5.8AI score0.00815EPSS
Exploits0References2
CNVD
CNVD
added 2016/11/01 12:0 a.m.3 views

Arbitrary File Download Vulnerability in ShowDownloadFile Function of Tibco Call Center System

The core of Tibco's call center system is a communication-based system for internal and external corporate communication. An arbitrary file download vulnerability exists in the showDownloadFile function of the ITS Call Center System. The vulnerability file is:...

7AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2016/04/18 7:25 a.m.5 views

chromium-browser: android downloaded file path restriction bypass

The download implementation in Google Chrome before 50.0.2661.75 on Android allows remote attackers to bypass intended pathname restrictions via unspecified vectors...

7.5CVSS7.4AI score0.01462EPSS
Exploits0References5
WPVulnDB
WPVulnDB
added 2015/06/12 12:0 a.m.14 views

Zip Attachments <= 1.1.4 - Arbitrary File Download

The zip-attachments plugin allows arbitrary file downloads because it does not check the download path of the requested file. PoC http://www.example.com/wp-content/plugins/zip-attachments/download.php?zafile=../../../../../etc/passwdfilename=passwd...

5CVSS0.6AI score0.15646EPSS
Exploits2References1Affected Software1
Saint
Saint
added 2012/01/24 12:0 a.m.47 views

Windows Object Packager Insecure Execution

Added: 01/24/2012 CVE: CVE-2012-0009 BID: 51297 OSVDB: 78212 Background Windows Object Packager is a tool that can be used to create a package that can be inserted into a file. Problem A vulnerability exists in the way the Windows Object Packager registers and implements packages stored on networ...

9.3CVSS5.9AI score0.20561EPSS
Exploits4
Rows per page
Query Builder