Lucene search
K

107 matches found

CNNVD
CNNVD
added 2022/09/16 12:0 a.m.5 views

TestLink 安全漏洞

TestLink is a suite of open source software from the TestLink team for managing the software testing process and providing statistical analysis. A security vulnerability exists in TestLink version v1.9.20, which stems from /lib/attachments/attachmentdownload.php containing an incorrect access...

7.2CVSS7.1AI score0.01084EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/06/23 12:0 a.m.4 views

74cms 跨站脚本漏洞

74cms is a PHP and MySQL-based online recruitment system from China Xunyi Technology. 74cmsSE version v3.5.1 contains a cross-site scripting vulnerability that originates from the path /company/downresume/total/nature lack of data validation filtering of user-supplied data and output. An attacker...

6.1CVSS5.6AI score0.00632EPSS
Exploits1References2
Packet Storm
Packet Storm
added 2022/03/31 12:0 a.m.273 views

IdeaRE RefTree Path Traversal

=============================================================================== title: IdeaRE RefTree Download Path Traversal product: IdeaRE RefTree =============================================================================== EXECUTIVE SUMMARY RefTree is a web application made for managing...

0.3AI score0.02823EPSS
Exploits2
OSV
OSV
added 2022/03/25 7:15 p.m.3 views

CVE-2022-25606

Multiple Authenticated Stored Cross-Site Scripting XSS vulnerabilities discovered in WP-DownloadManager WordPress plugin versions = 1.68.6. Vulnerable parameters &downloadpath, &downloadpathurl, &downloadpageurl, &downloadcategories...

5.4CVSS5.8AI score0.00544EPSS
Exploits0References2
OSV
OSV
added 2022/03/18 6:15 p.m.4 views

CVE-2022-25605

Multiple Authenticated Stored Cross-Site Scripting XSS vulnerabilities discovered in WP-DownloadManager WordPress plugin versions = 1.68.6. Vvulnerable parameters &downloadpath, &downloadpathurl, &downloadpageurl...

5.4CVSS5.8AI score0.00541EPSS
Exploits0References2
OSV
OSV
added 2022/02/09 10:22 p.m.354 views

GHSA-R8F7-9PFQ-MJMV Improper Certificate Validation in node-sass

Certificate validation in node-sass 2.0.0 to 6.0.1 is disabled when requesting binaries even if the user is not specifying an alternative download path...

5.3CVSS5.3AI score0.0082EPSS
Exploits0References7
CNNVD
CNNVD
added 2022/02/04 12:0 a.m.5 views

taoCMS 安全漏洞

Taocms is a micro Cms content management system in China.TaoCMS has an arbitrary file reading vulnerability that can be exploited by attackers via admin.php?action=file & ctrl=download & path=... /... /1.txt to read any file...

4.9CVSS5.8AI score0.01017EPSS
Exploits1References2
OSV
OSV
added 2021/11/22 9:15 a.m.9 views

CVE-2021-38146

The File Download API in Wipro Holmes Orchestrator 20.4.1 20.4.102112020 allows remote attackers to read arbitrary files via absolute path traversal in the SearchString JSON field in /home/download POST data...

7.5CVSS6AI score
Exploits0References2
CNNVD
CNNVD
added 2021/10/18 12:0 a.m.4 views

OpenOlat 路径遍历漏洞

OpenOLAT is a web-based e-learning platform for teaching, learning, assessment and communication, an LMS, a Learning Management System. A security vulnerability exists in OpenOlat that stems from an attacker's ability to modify the path to a requested file download in the folder component by...

7.7CVSS7.5AI score0.012EPSS
Exploits0References3
OSV
OSV
added 2021/01/11 7:15 p.m.0 views

DEBIAN-CVE-2020-24025

Certificate validation in node-sass 2.0.0 to 4.14.1 is disabled when requesting binaries even if the user is not specifying an alternative download path...

5.3CVSS7.1AI score0.0082EPSS
Exploits0References1
NVD
NVD
added 2021/01/11 7:15 p.m.15 views

CVE-2020-24025

Certificate validation in node-sass 2.0.0 to 4.14.1 is disabled when requesting binaries even if the user is not specifying an alternative download path...

5.3CVSS6.5AI score0.0082EPSS
Exploits0References1
OSV
OSV
added 2021/01/11 7:15 p.m.12 views

AZL-27653 CVE-2020-24025 affecting package reaper for versions less than 3.1.1-9

Certificate validation in node-sass 2.0.0 to 4.14.1 is disabled when requesting binaries even if the user is not specifying an alternative download path...

5.3CVSS6.7AI score0.0082EPSS
Exploits0References1
OSV
OSV
added 2021/01/11 7:15 p.m.3 views

UBUNTU-CVE-2020-24025

Certificate validation in node-sass 2.0.0 to 4.14.1 is disabled when requesting binaries even if the user is not specifying an alternative download path...

5.3CVSS7.2AI score0.0082EPSS
Exploits0References3
Cvelist
Cvelist
added 2021/01/11 6:14 p.m.23 views

CVE-2020-24025

Certificate validation in node-sass 2.0.0 to 4.14.1 is disabled when requesting binaries even if the user is not specifying an alternative download path...

5.8AI score0.0082EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2021/01/11 6:14 p.m.106 views

CVE-2020-24025

Certificate validation in node-sass 2.0.0 to 4.14.1 is disabled when requesting binaries even if the user is not specifying an alternative download path...

5.3CVSS6.7AI score0.0082EPSS
Exploits0
OSV
OSV
added 2019/09/08 5:15 p.m.6 views

CVE-2019-16104

Silver Peak EdgeConnect SD-WAN before 8.1.7.x has reflected XSS via the rest/json/configdb/download/ PATHINFO...

6.1CVSS6.4AI score0.00818EPSS
Exploits1References1
CNVD
CNVD
added 2019/03/28 12:0 a.m.3 views

Directory Traversal Vulnerability in Xinhuo Co-ordination Office System Backend

Xinhuo Co-operation Office System is an open source and cross-platform office system. There is a directory traversal vulnerability in the background of the Xinhao Collaboration Office System, an attacker logging in to the system by modifying the file path when downloading files can traverse the...

6.9AI score
Exploits0
OSV
OSV
added 2017/12/27 5:8 p.m.2 views

CVE-2017-17876

Biometric Shift Employee Management System 3.0 allows remote attackers to bypass intended file-read restrictions via a user=download request with a pathname in the path parameter...

7.5CVSS5.8AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2017/12/27 5:8 p.m.2 views

CVE-2017-17876

Biometric Shift Employee Management System 3.0 allows remote attackers to bypass intended file-read restrictions via a user=download request with a pathname in the path parameter...

7.5CVSS5.6AI score0.09542EPSS
Exploits5References2
CNVD
CNVD
added 2017/11/03 12:0 a.m.6 views

Adult Script Pro SQL Injection Vulnerability

Adult Script Pro is an online multimedia website builder. The system has modules for video viewing, news and user registration. A SQL injection vulnerability exists in Adult Script Pro version 2.2.4. A remote attacker can exploit this vulnerability by sending PATHINFO to the /download URI to inje...

9.8CVSS8.2AI score0.02066EPSS
Exploits4References1
Rows per page
Query Builder