107 matches found
TestLink 安全漏洞
TestLink is a suite of open source software from the TestLink team for managing the software testing process and providing statistical analysis. A security vulnerability exists in TestLink version v1.9.20, which stems from /lib/attachments/attachmentdownload.php containing an incorrect access...
74cms 跨站脚本漏洞
74cms is a PHP and MySQL-based online recruitment system from China Xunyi Technology. 74cmsSE version v3.5.1 contains a cross-site scripting vulnerability that originates from the path /company/downresume/total/nature lack of data validation filtering of user-supplied data and output. An attacker...
IdeaRE RefTree Path Traversal
=============================================================================== title: IdeaRE RefTree Download Path Traversal product: IdeaRE RefTree =============================================================================== EXECUTIVE SUMMARY RefTree is a web application made for managing...
CVE-2022-25606
Multiple Authenticated Stored Cross-Site Scripting XSS vulnerabilities discovered in WP-DownloadManager WordPress plugin versions = 1.68.6. Vulnerable parameters &downloadpath, &downloadpathurl, &downloadpageurl, &downloadcategories...
CVE-2022-25605
Multiple Authenticated Stored Cross-Site Scripting XSS vulnerabilities discovered in WP-DownloadManager WordPress plugin versions = 1.68.6. Vvulnerable parameters &downloadpath, &downloadpathurl, &downloadpageurl...
GHSA-R8F7-9PFQ-MJMV Improper Certificate Validation in node-sass
Certificate validation in node-sass 2.0.0 to 6.0.1 is disabled when requesting binaries even if the user is not specifying an alternative download path...
taoCMS 安全漏洞
Taocms is a micro Cms content management system in China.TaoCMS has an arbitrary file reading vulnerability that can be exploited by attackers via admin.php?action=file & ctrl=download & path=... /... /1.txt to read any file...
CVE-2021-38146
The File Download API in Wipro Holmes Orchestrator 20.4.1 20.4.102112020 allows remote attackers to read arbitrary files via absolute path traversal in the SearchString JSON field in /home/download POST data...
OpenOlat 路径遍历漏洞
OpenOLAT is a web-based e-learning platform for teaching, learning, assessment and communication, an LMS, a Learning Management System. A security vulnerability exists in OpenOlat that stems from an attacker's ability to modify the path to a requested file download in the folder component by...
DEBIAN-CVE-2020-24025
Certificate validation in node-sass 2.0.0 to 4.14.1 is disabled when requesting binaries even if the user is not specifying an alternative download path...
CVE-2020-24025
Certificate validation in node-sass 2.0.0 to 4.14.1 is disabled when requesting binaries even if the user is not specifying an alternative download path...
AZL-27653 CVE-2020-24025 affecting package reaper for versions less than 3.1.1-9
Certificate validation in node-sass 2.0.0 to 4.14.1 is disabled when requesting binaries even if the user is not specifying an alternative download path...
UBUNTU-CVE-2020-24025
Certificate validation in node-sass 2.0.0 to 4.14.1 is disabled when requesting binaries even if the user is not specifying an alternative download path...
CVE-2020-24025
Certificate validation in node-sass 2.0.0 to 4.14.1 is disabled when requesting binaries even if the user is not specifying an alternative download path...
CVE-2020-24025
Certificate validation in node-sass 2.0.0 to 4.14.1 is disabled when requesting binaries even if the user is not specifying an alternative download path...
CVE-2019-16104
Silver Peak EdgeConnect SD-WAN before 8.1.7.x has reflected XSS via the rest/json/configdb/download/ PATHINFO...
Directory Traversal Vulnerability in Xinhuo Co-ordination Office System Backend
Xinhuo Co-operation Office System is an open source and cross-platform office system. There is a directory traversal vulnerability in the background of the Xinhao Collaboration Office System, an attacker logging in to the system by modifying the file path when downloading files can traverse the...
CVE-2017-17876
Biometric Shift Employee Management System 3.0 allows remote attackers to bypass intended file-read restrictions via a user=download request with a pathname in the path parameter...
CVE-2017-17876
Biometric Shift Employee Management System 3.0 allows remote attackers to bypass intended file-read restrictions via a user=download request with a pathname in the path parameter...
Adult Script Pro SQL Injection Vulnerability
Adult Script Pro is an online multimedia website builder. The system has modules for video viewing, news and user registration. A SQL injection vulnerability exists in Adult Script Pro version 2.2.4. A remote attacker can exploit this vulnerability by sending PATHINFO to the /download URI to inje...