283 matches found
WordPress Candidate Application Form <= 1.3 - Local File Inclusion
WordPress Candidate Application Form = 1.3 is susceptible to arbitrary file downloads because the code in downloadpdffile.php does not do any sanity checks. id: CVE-2015-1000005 info: name: WordPress Candidate Application Form = 1.3 - Local File Inclusion author: dhiyaneshDK severity: high...
EUVD-2026-20572
LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. From 21.0.0 to before 27.0.3 and 28.0.1, while the documentrepository frontend was restricting file access, the backend endpoint was not...
Weintek cMT 安全漏洞
Weintek cMT is a human-computer interface application developed by Weintek Corporation. Version 2.1.53 of Weintek cMT contains a security vulnerability. This vulnerability stems from improper access control in the downloadwb.cgi component, which may allow unverified attackers to download...
Explorance Blue security vulnerabilities
Explorance Blue is a learning experience management software developed by the Canadian company Explorance. Versions of Explorance Blue prior to 8.14.13 contained security vulnerabilities. These vulnerabilities stemmed from the Web service component’s ability to allow authenticated remote file...
CVE-2003-1335
Directory traversal vulnerability in Kai Blankenhorn Bitfolge simple and nice index file aka snif before 1.2.5 allows remote attackers to download files from locations above the snif directory...
CVE-2017-18923
beroNet VoIP Gateways before 3.0.16 have a PHP script that allows downloading arbitrary files, including ones with credentials...
CVE-2022-27644
This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R6700v3 1.0.4.12010.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files...
Drupal 11.0.x < 11.1.9 Multiple Vulnerabilities
According to its self-reported version number, the detected Drupal application is affected by multiple vulnerabilities : - Drupal Core has a rarely used feature, provided by an underlying library, which allows certain attributes of incoming HTTP requests to be overridden. - Drupal core contains a...
Drupal 8.0.x < 10.4.9 Multiple Vulnerabilities
According to its self-reported version number, the detected Drupal application is affected by multiple vulnerabilities : - Drupal Core has a rarely used feature, provided by an underlying library, which allows certain attributes of incoming HTTP requests to be overridden. - Drupal core contains a...
Man-In-The-Middle (MITM)
Dragonfly is vulnerable to Man-in-the-Middle MitM attack. The vulnerability is due to the scheduler being hardcoded to use the insecure HTTP protocol for downloading tiny files, which allows an attacker to intercept and modify network requests to deliver malicious or altered data...
CVE-2025-10312
The Theme Importer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation when processing form submissions in the theme-importer.php file. This makes it possible for unauthenticated attackers to trigger...
EUVD-2025-34550
The Theme Importer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation when processing form submissions in the theme-importer.php file. This makes it possible for unauthenticated attackers to trigger...
CVE-2025-10312 Theme Importer <= 1.0 - Cross-Site Request Forgery
The Theme Importer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation when processing form submissions in the theme-importer.php file. This makes it possible for unauthenticated attackers to trigger...
PT-2025-41468
Name of the Vulnerable Software and Affected Versions Newforma Info Exchange NIX versions 2023.3 and 2024.1 Description Newforma Info Exchange NIX utilizes a hard-coded key for encrypting query parameters. Certain encrypted parameter values can define file paths for download, potentially...
EUVD-2007-3969
Malware in sbrugna...
EUVD-2020-17067
Malware in sbrugna...
EUVD-2005-1578
Malware in sbrugna...
EUVD-2014-1167
Malware in sbrugna...
EUVD-2017-2784
Malware in sbrugna...
EUVD-2014-8015
Malware in sbrugna...