Lucene search
K

422 matches found

CNVD
CNVD
added 2018/06/11 12:0 a.m.2 views

Appnitro MachForm Path Traversal Vulnerability

Appnitro MachForm is a tool for creating responsive forms in web pages from Appnitro Software Indonesia. A path traversal vulnerability exists in Appnitro MachForm versions prior to 4.2.3. The vulnerability can be exploited to access arbitrary files on the system by sending the 'q' parameter to t...

5.3CVSS6.9AI score0.14764EPSS
Exploits5References1
NVD
NVD
added 2018/06/07 8:29 p.m.15 views

CVE-2018-12042

Roxy Fileman through v1.4.5 has Directory traversal via the php/download.php f parameter...

7.5CVSS7.6AI score0.01794EPSS
Exploits1References1
Prion
Prion
added 2018/06/07 8:29 p.m.11 views

Directory traversal

Roxy Fileman through v1.4.5 has Directory traversal via the php/download.php f parameter...

5CVSS7.6AI score0.01794EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2018/06/07 8:0 p.m.15 views

CVE-2018-12042

Roxy Fileman through v1.4.5 has Directory traversal via the php/download.php f parameter...

7.6AI score0.01794EPSS
Exploits1References1
Prion
Prion
added 2018/05/26 10:29 p.m.15 views

Sql injection

An issue was discovered in Appnitro MachForm before 4.2.3. There is a download.php SQL injection via the q parameter...

7.5CVSS9.8AI score0.04974EPSS
Exploits5References3Affected Software1
Cvelist
Cvelist
added 2018/05/26 10:0 p.m.19 views

CVE-2018-6409

An issue was discovered in Appnitro MachForm before 4.2.3. The module in charge of serving stored files gets the path from the database. Modifying the name of the file to serve on the corresponding apform table leads to a path traversal vulnerability via the download.php q parameter...

6.8AI score0.14764EPSS
Exploits5References3
CVE
CVE
added 2018/05/26 10:0 p.m.95 views

CVE-2018-6409

Summary: CVE-2018-6409 affects Appnitro MachForm

5.3CVSS6.6AI score0.14764EPSS
Exploits5References3Affected Software1
Cvelist
Cvelist
added 2018/05/26 10:0 p.m.12 views

CVE-2018-6410

An issue was discovered in Appnitro MachForm before 4.2.3. There is a download.php SQL injection via the q parameter...

9.9AI score0.04974EPSS
Exploits5References3
Openbugbounty
Openbugbounty
added 2018/05/19 10:32 p.m.13 views

freeroms.com XSS vulnerability

Open Bug Bounty ID: OBB-618719 Description| Value ---|--- Affected Website:| freeroms.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Exploits0
WPVulnDB
WPVulnDB
added 2018/04/06 12:0 a.m.23 views

WP Background Takeover <= 4.1.4 - Directory Traversal

Allows for an attacker to browse files via the download.php file PoC http://target.com/wp-content/plugins/wpsite-background-takeover/exports/download.php?filename=../../../../wp-config.php...

5CVSS4.1AI score0.48158EPSS
Exploits4References2Affected Software1
CNVD
CNVD
added 2017/11/03 12:0 a.m.1 views

ConverTo Video Downloader&Converter File Download Vulnerability

ConverTo Video Downloader&Converter is an online video download system. A security vulnerability exists in ConverTo Video Downloader&Converter version 1.4.1. The vulnerability can be exploited to download arbitrary files by sending a 'token' parameter to the download.php file...

7.5CVSS7AI score0.04661EPSS
Exploits0References1
OSV
OSV
added 2017/10/29 6:29 a.m.1 views

CVE-2017-15956

ConverTo Video Downloader & Converter 1.4.1 allows Arbitrary File Download via the token parameter to download.php...

7.5CVSS5.8AI score0.04661EPSS
Exploits0References1
Openbugbounty
Openbugbounty
added 2017/10/15 2:44 a.m.7 views

vibieffe.com XSS vulnerability

Open Bug Bounty ID: OBB-338525 Description| Value ---|--- Affected Website:| vibieffe.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

6.3AI score
Exploits0
Openbugbounty
Openbugbounty
added 2017/09/16 5:46 a.m.9 views

skymetweather.com XSS vulnerability

Vulnerable URL: http://www.skymetweather.com/download.php?filename=prompt/OPENBUGBOUNTY/...

6.9AI score
Exploits0
OSV
OSV
added 2017/09/14 1:29 p.m.4 views

CVE-2017-1002004

Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/download.php user input isn't sanitized via the id variable before adding it to the end of an SQL query...

7.5CVSS5.8AI score0.03409EPSS
Exploits1References3
OSV
OSV
added 2017/08/30 5:29 p.m.14 views

CVE-2017-13780

The EyesOfNetwork web interface aka eonweb 5.1-0 allows directory traversal attacks for reading arbitrary files via the module/adminconf/download.php file parameter...

7.5CVSS7.1AI score
Exploits0References1
CNVD
CNVD
added 2017/08/14 12:0 a.m.2 views

Dzzoffice v1.3.1 Arbitrary File Download Vulnerability in Multiple Pages

DzzOffice is an open source cloud storage management tool. Dzzoffice v1.3.1 Arbitrary file download vulnerability exists in the 'pdfviewer.php', 'view.php', 'download.php' and 'attachment.php' pages, which can be exploited by attackers to obtain sensitive information...

6.8AI score
Exploits0
CNVD
CNVD
added 2017/05/17 12:0 a.m.2 views

Synology Photo Station Directory Traversal Vulnerability (CNVD-2017-06921)

Synology Photo Station is a solution for sharing pictures, videos and blogs over the Internet from Synology, a Chinese company. A directory traversal vulnerability exists in the download.php file in Synology Photo Station versions prior to 6.5.3-3226. A remote attacker can exploit the vulnerabili...

7.5CVSS6.9AI score0.0217EPSS
Exploits1References1
NVD
NVD
added 2017/05/12 8:29 p.m.15 views

CVE-2016-10331

Directory traversal vulnerability in download.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to read arbitrary files via a full pathname in the id parameter...

7.5CVSS7.4AI score0.0217EPSS
Exploits1References2
seebug.org
seebug.org
added 2017/04/11 12:0 a.m.16 views

GeoMoose <=2.9.2 /php/download.php parameter ext arbitrary file read vulnerability

No description provided by source...

7.1AI score
Exploits0
Rows per page
Query Builder