112 matches found
Linux Distros Unpatched Vulnerability : CVE-2019-7333
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Reflected Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Exportfile'...
CVE-2025-52237
An issue in the component /stl/actions/download?filePath of SSCMS v7.3.1 allows attackers to execute a directory traversal...
CVE-2025-52237
An issue in the component /stl/actions/download?filePath of SSCMS v7.3.1 allows attackers to execute a directory traversal...
CVE-2025-49303 WordPress Frontend Admin by DynamiApps plugin <= 3.28.7 - Arbitrary File Download Vulnerability
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Shabti Kaplan Frontend Admin by DynamiApps acf-frontend-form-element allows Path Traversal.This issue affects Frontend Admin by DynamiApps: from n/a through = 3.28.7...
H3C SecCenter SMP-E1114P02 路径遍历漏洞
H3C SecCenter SMP-E1114P02 is a security management platform from China's Xinhua San H3C. A path traversal vulnerability exists in H3C SecCenter SMP-E1114P02 20250513 and earlier versions, which stems from path traversal due to incorrect operation of the parameter Name in the file...
PT-2025-5875 · Unknown · Goldpankit Eva-Server
Name of the Vulnerable Software and Affected Versions: GoldPanKit eva-server version 4.1.0 Description: A vulnerability has been identified that affects the path parameter of the "/api/resource/local/download" endpoint. Manipulation of this path parameter can lead to arbitrary file download...
GetSimple CMS 安全漏洞
GetSimple CMS is a content management system from GetSimple CMS open source. A security vulnerability exists in GetSimple CMS version 3.3.19, which originates from the download address of a plugin in the backend management system, and can enable server-side request forgery attacks...
SUSE CVE-2024-54132
The GitHub CLI is GitHub's official command line tool. A security vulnerability has been identified in GitHub CLI that could create or overwrite files in unintended directories when users download a malicious GitHub Actions workflow artifact through gh run download. This vulnerability stems from ...
DEBIAN-CVE-2024-54132
The GitHub CLI is GitHub’s official command line tool. A security vulnerability has been identified in GitHub CLI that could create or overwrite files in unintended directories when users download a malicious GitHub Actions workflow artifact through gh run download. This vulnerability stems from ...
UBUNTU-CVE-2024-54132
The GitHub CLI is GitHub’s official command line tool. A security vulnerability has been identified in GitHub CLI that could create or overwrite files in unintended directories when users download a malicious GitHub Actions workflow artifact through gh run download. This vulnerability stems from ...
CVE-2024-48735
Directory Traversal in /SASStudio/sasexec/sessions/sessionID/workspace/InternalPath in SAS Studio 9.4 allows remote attacker to access internal files by manipulating default path during file download. NOTE: this is disputed by the vendor because these filesystem paths are allowed for authorized...
SAS Studio 安全漏洞
SAS Studio is a Web browser-based programming environment from SAS. A security vulnerability exists in SAS Studio version 9.4. A remote attacker could exploit the vulnerability to access internal files by manipulating the default path during file download...
PT-2024-33195 · Sas · Sas Studio
Name of the Vulnerable Software and Affected Versions: SAS Studio version 9.4 Description: The issue allows a remote attacker to access internal files by manipulating the default path during file download through the /SASStudio/sasexec/sessions/sessionID/workspace/InternalPath endpoint, using...
Command Injection
Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Command Injection via the flashgot API and the download process. An attacker can execute arbitrary code by manipulating the download path to target the...
CVE-2024-2318 ZKTeco ZKBio Media Service Port 9999 download path traversal
A vulnerability was found in ZKTeco ZKBio Media 2.0.0x642024-01-29-1028. It has been classified as problematic. Affected is an unknown function of the file /pro/common/download of the component Service Port 9999. The manipulation of the argument fileName with the input ../../../../zkbiomedia.sql...
Rebuild Information Disclosure Vulnerability
Rebuild is a highly customizable enterprise management system. An information disclosure vulnerability exists in Rebuild 3.5.5 and earlier versions, which stems from a security issue in the QiniuCloud.getStorageFile function in /filex/proxy-download, which leads to information disclosure via the...
PT-2024-16113 · Rebuild · Rebuild
Name of the Vulnerable Software and Affected Versions: Rebuild versions up to 3.5.5 Description: A problematic vulnerability was found in Rebuild. The getStorageFile function of the file /filex/proxy-download is affected. The manipulation of the url argument leads to cross-site scripting. The...
Rebuild Cross-Site Scripting Vulnerability
Rebuild is a highly customizable enterprise management system. A cross-site scripting vulnerability exists in Rebuild version 3.5.5, which stems from a cross-site scripting vulnerability in the url parameter of the getStorageFile function of file /filex/proxy-download...
Cross site scripting
An issue was discovered in Webmin 2.021. The download functionality allows an attacker to exploit a Cross-Site Scripting XSS vulnerability. By providing a crafted download path containing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the...
go-bbs 代码问题漏洞
go-bbs is a switchable template BBS social blogging system based on Beego development. A security vulnerability exists in go-bbs v1, which was discovered via component/api/v1/download and contains an arbitrary file download vulnerability...