22 matches found
EUVD-2019-18380
Malware in sbrugna...
EUVD-2007-4407
Malware in sbrugna...
EUVD-2008-2302
Malware in sbrugna...
EUVD-2016-10021
Malware in sbrugna...
EUVD-2019-13867
Malware in sbrugna...
EUVD-2013-0899
Malware in sbrugna...
EUVD-2024-40404
Malicious code in bioql PyPI...
CVE-2025-7899 Insecure Direct Object Reference in extension "powermail" (powermail)
The powermail extension for TYPO3 allows Insecure Direct Object Reference resulting in download of arbitrary files from the webserver. This issue affects powermail version 12.0.0 up to 12.5.2 and version 13.0.0...
RHEL 8 : thunderbird (RHSA-2025:10165)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:10165 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: thunderbird: Unsolicited File Download, Disk Space Exhaustio...
SUSE-SU-2025:01660-2 Security update for MozillaThunderbird
This update for MozillaThunderbird fixes the following issues: Update to Mozilla Thunderbird 128.10.1. Security fixes: - MFSA 2025-34 bsc1243216 CVE-2025-3875: Sender Spoofing via Malformed From Header in Thunderbird. CVE-2025-3877: Unsolicited File Download, Disk Space Exhaustion, and Credential...
CVE-2024-51749
Element is a Matrix web client built using the Matrix React SDK. Versions of Element Web and Desktop earlier than 1.11.85 do not check if thumbnails for attachments, stickers and images are coherent. It is possible to add thumbnails to events trigger a file download once clicked. Fixed in...
CVE-2022-2981
The Download Monitor WordPress plugin before 4.5.98 does not ensure that files to be downloaded are inside the blog folders, and not sensitive, allowing high privilege users such as admin to download the wp-config.php or /etc/passwd even in an hardened environment or multisite setup...
CVE-2019-3415
ZTE MW NR8000V2.4.4.03 and NR8000V2.4.4.04 are impacted by path traversal vulnerability. Due to path traversal,users can download any files...
CVE-2019-19372
A downloadFile.php downloadfile path traversal vulnerability in rConfig through 3.9.3 allows attackers to list files in arbitrary folders and potentially download files. NOTE: the discoverer later reported that there was not a "fully working exploit...
CVE-2025-46579 ZTE GoldenDB Database product has a DDE injection vulnerability
There is a DDE injection vulnerability in the GoldenDB database product. Attackers can inject DDE expressions through the interface, and when users download and open the affected file, the DDE commands can be executed...
CVE-2024-13529
The SocialV - Social Network and Community BuddyPress Theme theme for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'socialvsenddownloadfile' function in all versions up to, and including, 2.0.15. This makes it possible for authenticated attackers...
CVE-2024-42187 HCL BigFix Patch Download Plug-ins are affected by path traversal vulnerability
BigFix Patch Download Plug-ins are affected by path traversal vulnerability. The application could allow operators to download files from a local repository which is vulnerable to path traversal attacks...
CVE-2024-42182
The CVE-2024-42182 entry concerns HCL BigFix Patch Download Plug-ins and an SSRF flaw that can cause the application to fetch files from an internally hosted server (localhost). The root cause is a server-side request forgery vulnerability in the plug-ins’ handling of local requests. Reported imp...
PT-2023-32464 · WordPress · Hotel Booking Lite
Name of the Vulnerable Software and Affected Versions: Hotel Booking Lite WordPress plugin versions prior to 4.8.5 Description: The issue arises from the plugin's failure to validate file paths provided via user input and its lack of proper CSRF and authorisation checks. This allows unauthenticat...
CVE-2022-43858
IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to access the file system and download files they are authorized to but not while using this interface. The remote authenticated user can bypass the interface checks by modifying a parameter thereby gaining access to their...