Lucene search
K

422 matches found

Openbugbounty
Openbugbounty
added 2016/04/03 10:19 p.m.12 views

lsgalilei.org XSS vulnerability

Vulnerable URL: https://www.lsgalilei.org/elearning/claroline/backends/download.php?url=aHR0cDovL2cuZTxzdmcgb25sb2FkPWFsZXJ0KCJYU1NQT1NFRCIpPg===true=INGDIP Details: Description| Value ---|--- Patched:| No Latest check for patch:| 26.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicl...

6.3AI score
Exploits0
seebug.org
seebug.org
added 2016/03/22 12:0 a.m.14 views

Wordpress RedSteel Theme-download.php任意文件下载漏洞

No description provided by source...

7.1AI score
Exploits0
CNVD
CNVD
added 2016/03/02 12:0 a.m.1 views

Reflected Cross-Site Scripting Vulnerability in MetInfo Version 5.3.3

MetInfo is an enterprise website management system with PHP Mysql architecture. A reflective cross-site scripting vulnerability exists in MetInfo version 5.3.3. An attacker can exploit the vulnerability to conduct cross-site scripting attacks. The vulnerability exists in the following pages:...

6.3AI score
Exploits0
seebug.org
seebug.org
added 2016/01/29 12:0 a.m.25 views

Joomla 插件fsave v2.0 download.php 任意文件下载漏洞

No description provided by source...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2016/01/18 12:0 a.m.27 views

Joomla Fsave 2.0 Local File Disclosure

. | | / | | \ \ | | \ / | |\ / / /\ \ / \ | Y / ^ / / || / / / / /\ /\ \ \ \ | / \ / / \ | \ \ / // / \ / / / / Joomla = fsave Plugin Local File Disclosure Vulnerability My + Author : KnocKout Contact : [email protected] Skype : [email protected] HomePage : http://milw00rm.com -...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2016/01/13 12:0 a.m.37 views

Netentsec ASG网康应用安全网关在commonpluginDownload.php存在任意文件下载漏洞

0x01漏洞简介 Netentsec ASG网康应用安全网关在/commonplugin/Download.php存在任意文件下载漏洞。远程攻击者可以利用参数licensefile 或者 reqfile 结合..下载任意文件。如果下载文件是SvrLicense.license表示该漏洞已经修复,如果下载文件为自己包含的文件,说明该漏洞仍然存在。 0x02漏洞分析 查看问题代码如下: obstart""; header"Expires: Sat, 01 Jan 2000 00:00:00 GMT"; header"Last-Modified: ".gmdate"D, d M Y...

7.1AI score
Exploits0
Openbugbounty
Openbugbounty
added 2015/12/02 2:5 p.m.19 views

moteko.net XSS vulnerability

Vulnerable URL: http://www.moteko.net/portal/download.php?client=%22%3E%3Csvg/onload=prompt%28/XSSPOSED/%29%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 26.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculat...

6.3AI score
Exploits0
0day.today
0day.today
added 2015/11/18 12:0 a.m.78 views

LineNity WP Premium Theme Local File Inclusion Vulnerability

LineNity WP premium theme suffers from a local file inclusion vulnerability. Document Title: =============== LineNity WP Premium Theme - File Include Vulnerability Product & Service Introduction: =============================== Linenity wordpress theme is a that features a clean and flexible desi...

6.8AI score
Exploits0
Openbugbounty
Openbugbounty
added 2015/10/23 8:27 a.m.4 views

rmdown.com XSS vulnerability

Open Bug Bounty ID: OBB-94419 Description| Value ---|--- Affected Website:| rmdown.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat Sheet...

6.4AI score
Exploits0
seebug.org
seebug.org
added 2015/10/16 12:0 a.m.13 views

GDL 4.2 download.php&main.php SQL Injection vulnerability

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/10/02 12:0 a.m.27 views

WordPress DB-Backup Plugin 4.5 /download.php 任意文件下载漏洞

No description provided by source...

7.1AI score
Exploits0
Prion
Prion
added 2015/09/15 6:59 p.m.14 views

Path traversal

Absolute path traversal vulnerability in lib/download.php in the IBS Mappro plugin before 1.0 for WordPress allows remote attackers to read arbitrary files via a full pathname in the file parameter...

7.8CVSS7.2AI score0.03263EPSS
Exploits2References3Affected Software1
CVE
CVE
added 2015/09/15 6:0 p.m.59 views

CVE-2015-5472

CVE-2015-5472 affects the WordPress IBS Mappro plugin (prior to version 1.0). A flaw in lib/download.php allows an attacker to perform absolute path traversal by supplying a full pathname in the file parameter, enabling reading of arbitrary files on the server. The vulnerability is confirmed acro...

7.8CVSS9.1AI score0.03263EPSS
Exploits2References3Affected Software1
wpexploit
wpexploit
added 2015/08/06 12:0 a.m.19 views

MP3-jPlayer <= 2.4.2 - Full Path Disclosure

The download.php code allows arbitrary users to disclose path information on WordPress sites with this plugin installed. 120 $info = " 121 Get: " . $mp3 . " 122 Sent: " . $sent . " 123 File: " . $file . " 124 Open: " . $SERVER'DOCUMENTROOT' . $fp . " 125 Root: " . $rooturl . " 126 pID: "...

5CVSS1.4AI score0.02093EPSS
Exploits1References1
Exploit DB
Exploit DB
added 2015/07/13 12:0 a.m.30 views

WordPress Plugin Swim Team 1.44.10777 - Arbitrary File Download

Title: Remote file download vulnerability in Wordpress Plugin wp-swimteam v1.44.10777 Author: Larry W. Cashdollar, @larry0 Date: 2015-07-02 Download Site: https://wordpress.org/plugins/wp-swimteam Vendor: Mike Walsh www.MichaelWalsh.org Vendor Notified: 2015-07-02, fixed in v1.45beta3 Vendor...

7.4AI score
Exploits0
Patchstack
Patchstack
added 2015/07/10 12:0 a.m.26 views

WordPress IBS Mappro Plugin <= 0.9 - Absolute Path Traversal

This vulnerability is in lib/download.php. It allows an attacker to read arbitrary files via a full pathname in the "file" parameter. Solution Update the plugin...

7.8CVSS5.7AI score0.03263EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2015/07/03 12:0 a.m.19 views

Swim Team <= v1.44.10777 - Local File Inclusion

The code in ./wp-swimteam/include/user/download.php doesn't sanitize user input from downloading sensitive system files. PoC $ curl "http://www.vapidlabs.com/wp-content/plugins/wp-swimteam/include/user/download.php?file=/etc/passwd=/etc/passwd=text/html=1=/usr/share/wordpress"...

5CVSS0.32714EPSS
Exploits2References3Affected Software1
wpexploit
wpexploit
added 2015/07/02 12:0 a.m.17 views

MDC YouTube Downloader <= 2.1.0 - Local File Inclusion

The MDC YouTube Downloader WordPress plugin was affected by a Local File Inclusion security vulnerability. http://www.example.com/wp-content/plugins/mdc-youtube-downloader/includes/download.php?file=/etc/passwd...

5CVSS7.5AI score0.10148EPSS
Exploits2References3
CNVD
CNVD
added 2015/06/03 12:0 a.m.2 views

WordPress Estrutura-Basica theme 'download.php' arbitrary file download vulnerability

WordPress is the WordPress Software Foundation's suite of blogging platforms developed using the PHP language, which supports personal blog sites on servers running PHP and MySQL.Estrutura-Basica is one of the basic structure themes. An arbitrary file download vulnerability exists in the WordPres...

6.9AI score
Exploits0References1
Packet Storm
Packet Storm
added 2015/05/25 12:0 a.m.24 views

WordPress Estrutura-Basica File Disclosure

: Exploit Title : Wordpress estrutura-basica Themes Local File Download Vulnerability : Exploit Author : FullSecurity.org : Vendor Homepage : http://wordpress.org : Date: 2015-13-09 : Tested On : Kali linux : Exploit :...

7AI score
Exploits0
Rows per page
Query Builder