Lucene search
K

422 matches found

NVD
NVD
added 2020/09/17 6:15 p.m.12 views

CVE-2020-25729

ZoneMinder before 1.34.21 has XSS via the connkey parameter to download.php or export.php...

6.1CVSS0.01211EPSS
Exploits0References3
Prion
Prion
added 2020/09/17 6:15 p.m.17 views

Design/Logic Flaw

ZoneMinder before 1.34.21 has XSS via the connkey parameter to download.php or export.php...

4.3CVSS5.9AI score0.01211EPSS
Exploits0References3Affected Software1
UbuntuCve
UbuntuCve
added 2020/09/17 6:15 p.m.17 views

CVE-2020-25729

ZoneMinder before 1.34.21 has XSS via the connkey parameter to download.php or export.php...

6.1CVSS6.4AI score0.01211EPSS
Exploits0References4
CVE
CVE
added 2020/09/17 5:14 p.m.79 views

CVE-2020-25729

ZoneMinder prior to 1.34.21 is affected by a cross-site scripting (XSS) vulnerability via the connkey parameter in download.php or export.php. The issue is documented across multiple sources (NVD, RH, CNVD, OSV, etc.) with the same description, indicating the vulnerability stems from unsanitized ...

6.1CVSS5.8AI score0.01211EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2020/09/17 5:14 p.m.16 views

CVE-2020-25729

ZoneMinder before 1.34.21 has XSS via the connkey parameter to download.php or export.php...

6AI score0.01211EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2020/09/17 5:14 p.m.36 views

CVE-2020-25729

ZoneMinder before 1.34.21 has XSS via the connkey parameter to download.php or export.php...

6.1CVSS6.1AI score0.01211EPSS
Exploits0
Exploit DB
Exploit DB
added 2020/05/06 12:0 a.m.177 views

MPC Sharj 3.11.1 - Arbitrary File Download

Exploit title : MPC Sharj 3.11.1 - Arbitrary File Download Exploit Author : SajjadBnd Date : 2020-05-02 Software Link : http://dl.nuller.ir/mpc-sharj-vr3.11.1betawww.nuller.ir.zip Tested on : Ubuntu 19.10 Version : 3.11.1 Beta DESCRIPTION MPC Sharj is a free open source script for creating sim ca...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/04/29 12:0 a.m.84 views

School ERP Pro 1.0 Arbitrary File Read

Exploit Title: School ERP Pro 1.0 - Arbitrary File Read Date: 2020-04-28 Author: Besim ALTINOK Vendor Homepage: http://arox.in Software Link: https://sourceforge.net/projects/school-erp-ultimate/ Version: latest version Tested on: Xampp Credit: İsmail BOZKURT CVE: N/A Vulnerable code:...

0.1AI score
Exploits0
0day.today
0day.today
added 2020/03/17 12:0 a.m.111 views

UADMIN Botnet SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: UADMIN Botnet - SQL Injection Vulnerability Exploit Author: n4pst3r Vendor Homepage: unkn0wn Software Link: unkn0wn Version: unkn0wn Tested on: Windows 10, Kali CVE : n/a Vuln-Code: download.php $link=$GET'link';...

0.2AI score
Exploits0
Exploit DB
Exploit DB
added 2020/03/17 12:0 a.m.38 views

UADMIN Botnet 1.0 - 'link' SQL Injection

Exploit Title: UADMIN Botnet 1.0 - 'link' SQL Injection Google Dork: n/a Date: 2020-03-16 Exploit Author: n4pst3r Vendor Homepage: unkn0wn Software Link: unkn0wn Version: unkn0wn Tested on: Windows 10, Kali CVE : n/a Vuln-Code: download.php $link=$GET'link'; $agent=esc$SERVER'HTTPUSERAGENT';...

7.4AI score
Exploits0
CVE
CVE
added 2020/03/12 1:3 p.m.82 views

CVE-2020-10387

CVE-2020-10387 describes a path traversal vulnerability in Chadha PHPKB Standard Multi-Language 9, exposed via the admin/download.php endpoint. The flaw allows traversal of the server file system through the GET parameter “file” (using dot-dot-slash sequences), enabling arbitrary file download. P...

4.9CVSS5AI score0.07844EPSS
Exploits5References4Affected Software1
Prion
Prion
added 2019/10/10 5:15 p.m.9 views

Directory traversal

The estrutura-basica theme through 2015-09-13 for WordPress has directory traversal via the scripts/download.php arquivo parameter...

5CVSS7.2AI score0.0366EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/10/10 4:14 p.m.16 views

CVE-2015-9473

The estrutura-basica theme through 2015-09-13 for WordPress has directory traversal via the scripts/download.php arquivo parameter...

7.7AI score0.0366EPSS
Exploits1References1
Cvelist
Cvelist
added 2019/10/10 4:8 p.m.16 views

CVE-2015-9470

The history-collection plugin through 1.1.1 for WordPress has directory traversal via the download.php var parameter...

7.8AI score0.04126EPSS
Exploits1References2
NVD
NVD
added 2019/09/26 4:15 p.m.12 views

CVE-2019-16894

download.php in inoERP 4.15 allows SQL injection through insecure deserialization...

9.8CVSS9.9AI score0.03022EPSS
Exploits1References1
Prion
Prion
added 2019/09/26 4:15 p.m.13 views

Sql injection

download.php in inoERP 4.15 allows SQL injection through insecure deserialization...

7.5CVSS9.8AI score0.03022EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/09/26 2:34 p.m.18 views

CVE-2019-16894

download.php in inoERP 4.15 allows SQL injection through insecure deserialization...

9.9AI score0.03022EPSS
Exploits1References1
CVE
CVE
added 2019/09/26 2:34 p.m.81 views

CVE-2019-16894

CVE-2019-16894 concerns inoERP 4.15, where download.php is vulnerable to SQL injection via insecure deserialization. The root cause is insecure handling of serialized data in the download path, enabling an attacker to manipulate SQL queries and potentially extract or alter data. The vulnerability...

9.8CVSS9.8AI score0.03022EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/09/20 7:34 p.m.21 views

CVE-2014-10397

The Antioch theme through 2014-09-07 for WordPress allows arbitrary file downloads via the file parameter to lib/scripts/download.php...

7.6AI score0.03208EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2019/06/05 12:0 a.m.3 views

Vulnerability of the handler/script in the “download.php” file of the information system development platform: An exploit that allows an attacker to read arbitrary files on the server.

The vulnerability in the handler/download.php script of the information system development platform exists due to insufficient checking of the POST parameter filename. Exploiting this vulnerability allows a malicious actor to read the contents of arbitrary files on the server using a specially...

7.8CVSS5.7AI score
Exploits0Affected Software1
Rows per page
Query Builder