Adobe Acrobat Reader DC Annots File ID Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within th...

CVE-2020-27180

konzept-ix publiXone before 2020.015 allows attackers to download files by iterating over the IXCopy fileID parameter...

Mattermost Server Input Validation Error Vulnerability (CNVD-2020-35440)

Mattermost Server is the United States Mattermost company's set of open source messaging platform. An input validation error vulnerability exists in Mattermost Server versions prior to 5.10.0, which can be exploited by an attacker to bypass security restrictions and modify file IDs...

CVE-2019-20870

An issue was discovered in Mattermost Server before 5.10.0. An attacker can bypass the intended appearance of the Edited flag after changing a post's file ID...

Code injection

An issue was discovered in Mattermost Server before 5.10.0. An attacker can bypass the intended appearance of the Edited flag after changing a post's file ID...

CVE-2019-20870

An issue was discovered in Mattermost Server before 5.10.0. An attacker can bypass the intended appearance of the Edited flag after changing a post's file ID...

Access to all file-versions of a user as soon as he has one share with the attacker – ownCloud

------- An authenticated attacker can access all versions of all files even unshared as soon as the owner of said files has at least one outgoing share with the attacker. To attacker needs to guess a file-id which is numeric and sequential. Affected ----- - owncloud/core = v10.0.9 - owncloud/core...

CVE-2018-6576

SQL Injection exists in Event Manager 1.0 via the event.php id parameter or the page.php slug parameter...

File ID Poisoning

github.com/rfjakob/gocryptfs is vulnerable to file ID poisoning. A malicious user can change the contents of a file while retaining it's file ID...

ALPINE-CVE-2016-9102

Memory leak in the v9fsxattrcreate function in hw/9pfs/9p.c in QEMU aka Quick Emulator allows local guest OS administrators to cause a denial of service memory consumption and QEMU process crash via a large number of Txattrcreate messages with the same fid number...

JINGLUN OA system /Systems/user_priv/manage. aspx file id parameter SQL injection vulnerability

No description provided by source...

致翔OA /OpenWindows/Openleibie_wtMc.aspx文件id参数SQL注入漏洞

No description provided by source...

HackerOne: Previous attachments can be referenced when creating a new report

Hello When user upload file in comment to report, user can find file ID by two ways: 1. In preview mode - In response to POST method https://hackerone.com/attachments , answer will be something like this: -"id":84577,"name":"mytestfile.png","size":32397 where fileID = 84577 for example 2. If user...

Ipswitch MOVEit DMZ MOVEitISAPI Information Disclosure Vulnerability

Ipswitch MOVEit is an automated file transfer system from Ipswitch USA. DMZ and Mobile are among the versions. Ipswitch MOVEit A security vulnerability exists in the MOVEitISAPI service of DMZ due to the sending of different error messages based on the presence or absence of a FileID. A remote...

Ultimate PHP Board 2.2.7 - Broken Authentication and Session Management

Ultimate PHP Board 2.2.7 - Broken Authentication and Session Management Exploit Title : Ultimate PHP Board 2.2.7 "Broken Authentication and Session Management" Date : 2011.05.17 Author : i2sec - Gi bum Hong Software Link : http://sourceforge.net/projects/textmb/files/UPB/UPB%202.2.7/ Version :...

CVE-2011-0794

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5.0 allows local users to affect confidentiality, integrity, and availability, related to File ID SDK. NOTE: the previous information was obtained from the April 2011 CPU. Oracle has not...

Buffer overflow

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5.0 allows local users to affect confidentiality, integrity, and availability, related to File ID SDK. NOTE: the previous information was obtained from the April 2011 CPU. Oracle has not...

CVE-2011-0794

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5.0 allows local users to affect confidentiality, integrity, and availability, related to File ID SDK. NOTE: the previous information was obtained from the April 2011 CPU. Oracle has not...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in XRMS allow remote attackers to inject arbitrary web script or HTML via 1 the real name field, related to the user list; 2 the target parameter to login.php, 3 the title parameter to activities/some.php, 4 the companyname parameter to...

CVE-2006-4778

SQL injection vulnerability in Creative Commons Tools ccHost before 3.0 allows remote attackers to execute arbitrary SQL commands via a crafted URL, which is used to populate the file ID. NOTE: Some details are obtained from third party information...