31 matches found
EUVD-2026-17094
Incorrect access control in the filedetails.asp endpoint of DDSN Interactive Acora CMS v10.7.1 allows attackers with editor privileges to access sensitive files via crafted requests...
CVE-2026-29597
DDSN Interactive cm3 Acora CMS version 10.7.1 contains an improper access control vulnerability. An editor-privileged user can access sensitive configuration files by force browsing the “/Admin/filemanager/filedetails.asp” endpoint and manipulating the “file” parameter. By referencing specific...
CVE-2026-29597
DDSN Interactive cm3 Acora CMS version 10.7.1 contains an improper access control vulnerability. An editor-privileged user can access sensitive configuration files by force browsing the “/Admin/filemanager/filedetails.asp” endpoint and manipulating the “file” parameter. By referencing specific...
EUVD-2014-8592
Malware in sbrugna...
CVE-2024-13494
The WordPress File Upload plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.25.2. This is due to missing or incorrect nonce validation on the 'wfufiledetails' function. This makes it possible for unauthenticated attackers to modify user data...
PT-2025-7819 · WordPress · Wordpress File Upload
Name of the Vulnerable Software and Affected Versions: WordPress File Upload plugin versions up to 4.25.2 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the wfu file details function. This allows unauthenticated attackers to modify...
WordPress WordPress File Upload plugin <= 4.25.2 - Cross-Site Request Forgery in wfu_file_details vulnerability
Cross-Site Request Forgery in wfufiledetails vulnerability discovered by Tim Coen in WordPress Plugin WordPress File Upload versions = 4.25.2...
HCL Technologies DRYiCE MyXalytics Security Breach
HCL Technologies DRYiCE MyXalytics is a unified reporting and dashboard product from HCL Technologies, USA. A security vulnerability exists in HCL Technologies DRYiCE MyXalytics, which originates when certain endpoints within the application expose detailed file information...
CVE-2022-28365
Reprise License Manager 14.2 is affected by an Information Disclosure vulnerability via a GET request to /goforms/rlminfo. No authentication is required. The information disclosed is associated with software versions, process IDs, network configuration, hostnames, system architecture, and...
CVE-2022-28365
Reprise License Manager 14.2 is affected by an Information Disclosure vulnerability via a GET request to /goforms/rlminfo. No authentication is required. The information disclosed is associated with software versions, process IDs, network configuration, hostnames, system architecture, and...
CVE-2022-28365
Reprise License Manager 14.2 is affected by an Information Disclosure vulnerability via a GET request to /goforms/rlminfo. No authentication is required. The information disclosed is associated with software versions, process IDs, network configuration, hostnames, system architecture, and...
Information disclosure
Reprise License Manager 14.2 is affected by an Information Disclosure vulnerability via a GET request to /goforms/rlminfo. No authentication is required. The information disclosed is associated with software versions, process IDs, network configuration, hostnames, system architecture, and...
PT-2022-18974 · Reprise · Reprise License Manager
Name of the Vulnerable Software and Affected Versions: Reprise License Manager version 14.2 Description: The issue allows for information disclosure via a GET request to "/goforms/rlminfo" without requiring authentication. The disclosed information includes details about software versions, proces...
CVE-2022-28365
Reprise License Manager 14.2 is affected by an Information Disclosure vulnerability via a GET request to /goforms/rlminfo. No authentication is required. The information disclosed is associated with software versions, process IDs, network configuration, hostnames, system architecture, and...
Description of the security update for SharePoint Server 2010: October 8, 2019
Description of the security update for SharePoint Server 2010: October 8, 2019 Summary This security update resolves a remote code execution vulnerability that exists in Microsoft Excel software when the software fails to correctly handle objects in memory. To learn more about the vulnerability,...
Description of the security update for Excel 2013: September 11, 2018
Description of the security update for Excel 2013: September 11, 2018 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see Microsoft Common...
Description of the security update for the HIDParser elevation of privilege vulnerability in Windows Server 2008, Windows Embedded POSReady 2009, and Windows Embedded Standard 2009: June 12, 2018
Description of the security update for the HIDParser elevation of privilege vulnerability in Windows Server 2008, Windows Embedded POSReady 2009, and Windows Embedded Standard 2009: June 12, 2018 Summary To learn more about the vulnerability, go to CVE-2018-8169.Important If you install a languag...
Threat Outbreak Alert RuleID32754: Email Messages Distributing Malicious Software on May 10, 2018
Medium Alert ID: 57857 First Published: 2018 May 10 19:11 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID32754 may contain the following files: Name | Size...
Biscom Secure File Transfer Stored Cross-Site Scripting Vulnerability
Biscom Secure File Transfer SFT is a Web-based file transfer solution from Biscom USA. The solution has features such as file sharing, workspace creation and automatic file cleanup. In Biscom SFT version 5.1.1015, the 'Name' and 'Description' fields of the workspace and the File Details pane of t...
R7-2017-06 | CVE-2017-5241: Biscom SFT XSS (FIXED)
Summary The Workspaces component of Biscom Secure File Transfer SFT version 5.1.1015 is vulnerable to stored cross-site scripting in two fields. An attacker would need to have the ability to create a Workspace and entice a victim to visit the malicious page in order to run malicious Javascript in...