422 matches found
Appnitro MachForm Path Traversal Vulnerability
Appnitro MachForm is a tool for creating responsive forms in web pages from Appnitro Software Indonesia. A path traversal vulnerability exists in Appnitro MachForm versions prior to 4.2.3. The vulnerability can be exploited to access arbitrary files on the system by sending the 'q' parameter to t...
CVE-2018-12042
Roxy Fileman through v1.4.5 has Directory traversal via the php/download.php f parameter...
Directory traversal
Roxy Fileman through v1.4.5 has Directory traversal via the php/download.php f parameter...
CVE-2018-12042
Roxy Fileman through v1.4.5 has Directory traversal via the php/download.php f parameter...
Sql injection
An issue was discovered in Appnitro MachForm before 4.2.3. There is a download.php SQL injection via the q parameter...
CVE-2018-6409
An issue was discovered in Appnitro MachForm before 4.2.3. The module in charge of serving stored files gets the path from the database. Modifying the name of the file to serve on the corresponding apform table leads to a path traversal vulnerability via the download.php q parameter...
CVE-2018-6409
Summary: CVE-2018-6409 affects Appnitro MachForm
CVE-2018-6410
An issue was discovered in Appnitro MachForm before 4.2.3. There is a download.php SQL injection via the q parameter...
freeroms.com XSS vulnerability
Open Bug Bounty ID: OBB-618719 Description| Value ---|--- Affected Website:| freeroms.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
WP Background Takeover <= 4.1.4 - Directory Traversal
Allows for an attacker to browse files via the download.php file PoC http://target.com/wp-content/plugins/wpsite-background-takeover/exports/download.php?filename=../../../../wp-config.php...
ConverTo Video Downloader&Converter File Download Vulnerability
ConverTo Video Downloader&Converter is an online video download system. A security vulnerability exists in ConverTo Video Downloader&Converter version 1.4.1. The vulnerability can be exploited to download arbitrary files by sending a 'token' parameter to the download.php file...
CVE-2017-15956
ConverTo Video Downloader & Converter 1.4.1 allows Arbitrary File Download via the token parameter to download.php...
vibieffe.com XSS vulnerability
Open Bug Bounty ID: OBB-338525 Description| Value ---|--- Affected Website:| vibieffe.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
skymetweather.com XSS vulnerability
Vulnerable URL: http://www.skymetweather.com/download.php?filename=prompt/OPENBUGBOUNTY/...
CVE-2017-1002004
Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/download.php user input isn't sanitized via the id variable before adding it to the end of an SQL query...
CVE-2017-13780
The EyesOfNetwork web interface aka eonweb 5.1-0 allows directory traversal attacks for reading arbitrary files via the module/adminconf/download.php file parameter...
Dzzoffice v1.3.1 Arbitrary File Download Vulnerability in Multiple Pages
DzzOffice is an open source cloud storage management tool. Dzzoffice v1.3.1 Arbitrary file download vulnerability exists in the 'pdfviewer.php', 'view.php', 'download.php' and 'attachment.php' pages, which can be exploited by attackers to obtain sensitive information...
Synology Photo Station Directory Traversal Vulnerability (CNVD-2017-06921)
Synology Photo Station is a solution for sharing pictures, videos and blogs over the Internet from Synology, a Chinese company. A directory traversal vulnerability exists in the download.php file in Synology Photo Station versions prior to 6.5.3-3226. A remote attacker can exploit the vulnerabili...
CVE-2016-10331
Directory traversal vulnerability in download.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to read arbitrary files via a full pathname in the id parameter...
GeoMoose <=2.9.2 /php/download.php parameter ext arbitrary file read vulnerability
No description provided by source...