Lucene search
K

422 matches found

NVD
NVD
added 2019/05/09 6:29 p.m.21 views

CVE-2017-12761

http://codecanyon.net/user/Endober WebFile Explorer 1.0 is affected by: SQL Injection. The impact is: Arbitrary File Download remote. The component is: $file = $GET'id' in download.php. The attack vector is:...

7.5CVSS7.8AI score0.02533EPSS
Exploits1References4
Prion
Prion
added 2019/05/09 6:29 p.m.10 views

Sql injection

http://codecanyon.net/user/Endober WebFile Explorer 1.0 is affected by: SQL Injection. The impact is: Arbitrary File Download remote. The component is: $file = $GET'id' in download.php. The attack vector is:...

5CVSS7.8AI score0.02533EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2019/05/09 5:6 p.m.28 views

CVE-2017-12761

http://codecanyon.net/user/Endober WebFile Explorer 1.0 is affected by: SQL Injection. The impact is: Arbitrary File Download remote. The component is: $file = $GET'id' in download.php. The attack vector is:...

7.8AI score0.02533EPSS
Exploits1References4
CVE
CVE
added 2019/04/30 7:39 p.m.44 views

CVE-2019-11611

DoorGets 7.0 is affected by a sensitive information disclosure in /fileman/php/download.php. A remote unauthenticated attacker can exploit this to obtain server‑sensitive information. The connected records corroborate the issue but do not provide the root cause details, affected versions beyond 7...

7.5CVSS7.2AI score0.03869EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2019/02/04 7:29 p.m.25 views

CVE-2019-7332

Reflected Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'eid' aka Event ID parameter value in the view download download.php because proper filtration is omitted...

6.1CVSS5.9AI score0.009EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2019/02/04 7:29 p.m.27 views

CVE-2019-7332

Reflected Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'eid' aka Event ID parameter value in the view download download.php because proper filtration is omitted...

6.1CVSS7AI score0.009EPSS
Exploits1References3
Prion
Prion
added 2019/02/04 7:29 p.m.20 views

Cross site scripting

Reflected Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'eid' aka Event ID parameter value in the view download download.php because proper filtration is omitted...

4.3CVSS6AI score0.009EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2019/02/04 7:29 p.m.3 views

UBUNTU-CVE-2019-7333

Reflected Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Exportfile' parameter value in the view download download.php because proper filtration is omitted...

6.1CVSS7AI score0.00873EPSS
Exploits1References3
Exploit DB
Exploit DB
added 2019/01/16 12:0 a.m.56 views

doorGets CMS 7.0 - Arbitrary File Download

Exploit Title: doorGets CMS 7.0 - Arbitrary File Download Dork: N/A Date: 2019-01-16 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.doorgets.com/ Software Link: https://netix.dl.sourceforge.net/project/doorgets-cms/doorGets%20CMS%20V7/doorGetsCMSV7.0.zip Version: 7.0 Category: Webapps...

7AI score
Exploits0
Openbugbounty
Openbugbounty
added 2018/11/09 4:52 p.m.9 views

sendtransfer.com XSS vulnerability

Open Bug Bounty ID: OBB-696544 Description| Value ---|--- Affected Website:| sendtransfer.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Exploits0
NVD
NVD
added 2018/10/29 12:29 p.m.28 views

CVE-2016-10732

ProjectSend formerly cFTP r582 allows authentication bypass via a direct request for users.php, home.php, edit-file.php?fileid=1, or process-zip-download.php, or adduserform parameters to users-add.php...

9.8CVSS9.6AI score0.01855EPSS
Exploits0References1
Prion
Prion
added 2018/10/29 12:29 p.m.15 views

Directory traversal

ProjectSend formerly cFTP r582 allows directory traversal via file=../ in the process-zip-download.php query string...

7.5CVSS7.1AI score0.02131EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2018/10/29 12:29 p.m.10 views

Sql injection

ProjectSend formerly cFTP r582 allows SQL injection via manage-files.php with the request parameter status, manage-files.php with the request parameter files, clients.php with the request parameter selectedclients, clients.php with the request parameter status, process-zip-download.php with the...

7.5CVSS8.3AI score0.01421EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2018/10/28 3:0 a.m.44 views

CVE-2016-10731

CVE-2016-10731 affects ProjectSend (formerly cFTP) r582 and enables SQL injection via multiple PHP endpoints: manage-files.php (status, files), clients.php (selected_clients, status), process-zip-download.php (file), or home-log.php (action). Root cause: input parameters are used in SQL queries w...

9.8CVSS9.9AI score0.01421EPSS
Exploits0References1Affected Software1
0day.today
0day.today
added 2018/10/15 12:0 a.m.102 views

FLIR AX8 Thermal Camera 1.32.16 - Arbitrary File Disclosure Vulnerability

Exploit for hardware platform in category web applications Exploit Title: FLIR AX8 Thermal Camera 1.32.16 - Arbitrary File Disclosure Auhor: Gjoko 'LiquidWorm' Krstic Date: 2018-10-14 Vendor: FLIR Systems, Inc. Product web page: https://www.flir.com Affected version: Firmware: 1.32.16, 1.17.13 OS...

7.1AI score
Exploits0
0day.today
0day.today
added 2018/09/24 12:0 a.m.54 views

Joomla CW Article Attachments 1.0.6 - id SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Joomla! CW Article Attachments 1.0.6 - 'id' SQL Injection Exploit Author: Haboob Team Software Link: https://extensions.joomla.org/extension/cw-article-attachments/ Version: below 1.0.6 CVE : CVE-2018-14592...

0.03113EPSS
Exploits5
Packet Storm
Packet Storm
added 2018/09/24 12:0 a.m.51 views

Joomla CW Article Attachments 1.0.6 SQL Injection

Exploit Title: Joomla! CW Article Attachments 1.0.6 - 'id' SQL Injection Date: 2018-09-20 Exploit Author: Haboob Team Software Link: https://extensions.joomla.org/extension/cw-article-attachments/ Version: below 1.0.6 CVE : CVE-2018-14592...

0.3AI score0.03113EPSS
Exploits5
Prion
Prion
added 2018/09/20 8:29 p.m.23 views

Sql injection

The CWJoomla CW Article Attachments PRO extension before 2.0.7 and CW Article Attachments FREE extension before 1.0.6 for Joomla! allow SQL Injection within download.php...

7.5CVSS9.9AI score0.03113EPSS
Exploits5References2Affected Software2
NVD
NVD
added 2018/09/20 8:29 p.m.27 views

CVE-2018-14592

The CWJoomla CW Article Attachments PRO extension before 2.0.7 and CW Article Attachments FREE extension before 1.0.6 for Joomla! allow SQL Injection within download.php...

9.8CVSS10AI score0.03113EPSS
Exploits5References2
Cvelist
Cvelist
added 2018/09/20 8:0 p.m.33 views

CVE-2018-14592

The CWJoomla CW Article Attachments PRO extension before 2.0.7 and CW Article Attachments FREE extension before 1.0.6 for Joomla! allow SQL Injection within download.php...

10AI score0.03113EPSS
Exploits5References2
Rows per page
Query Builder