825 matches found
EUVD-2018-21633
Easyndexer 1.0 contains an arbitrary file download vulnerability that allows unauthenticated attackers to download sensitive files by manipulating the file parameter. Attackers can send POST requests to showtif.php with arbitrary file paths in the file parameter to retrieve system files like...
CVE-2018-25178
Easyndexer 1.0 contains an arbitrary file download vulnerability that allows unauthenticated attackers to download sensitive files by manipulating the file parameter. Attackers can send POST requests to showtif.php with arbitrary file paths in the file parameter to retrieve system files like...
CVE-2018-25178
Easyndexer 1.0 contains an arbitrary file download vulnerability that allows unauthenticated attackers to download sensitive files by manipulating the file parameter. Attackers can send POST requests to showtif.php with arbitrary file paths in the file parameter to retrieve system files like...
CVE-2018-25178
CVE-2018-25178 affects Easyndexer 1.0 and describes an arbitrary file download vulnerability in showtif.php. The issue allows unauthenticated attackers to download sensitive files by sending POST requests with arbitrary file paths in the file parameter, enabling access to configuration and initia...
PT-2026-23690
Name of the Vulnerable Software and Affected Versions Easyndexer version 1.0 Description The software contains a flaw that allows unauthenticated attackers to download sensitive files. This is achieved by manipulating the file parameter within POST requests sent to the ''showtif.php'' endpoint...
CVE-2026-28769
A path traversal vulnerability exists in the /IDCLogging/checkifdone.cgi script in International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver Web management portal version 101. An authenticated attacker can manipulate the file parameter to traverse directories and enumerate...
CVE-2026-28770
Improper neutralization of special elements in the /IDCLogging/checkifdone.cgi script in International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver Web management Interface version 101 allows for XML Injection. The application reflects un-sanitized user input from the file...
EUVD-2026-9365
Improper neutralization of special elements in the /IDCLogging/checkifdone.cgi script in International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver Web management Interface version 101 allows for XML Injection. The application reflects un-sanitized user input from the file...
EUVD-2026-9364
A path traversal vulnerability exists in the /IDCLogging/checkifdone.cgi script in International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver Web management portal version 101. An authenticated attacker can manipulate the file parameter to traverse directories and enumerate...
CVE-2026-28769
A path traversal vulnerability exists in the /IDCLogging/checkifdone.cgi script in International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver Web management portal version 101. An authenticated attacker can manipulate the file parameter to traverse directories and enumerate...
CVE-2026-28770
Improper neutralization of special elements in the /IDCLogging/checkifdone.cgi script in International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver Web management Interface version 101 allows for XML Injection. The application reflects un-sanitized user input from the file...
CVE-2026-28770 XML injection In /IDC_Logging/checkifdone.cgi Endpoint On IDC SFX Web Management Interface Version 101
Improper neutralization of special elements in the /IDCLogging/checkifdone.cgi script in International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver Web management Interface version 101 allows for XML Injection. The application reflects un-sanitized user input from the file...
CVE-2026-28770
CVE-2026-28770 affects IDC SFX Series SuperFlex Satellite Receiver Web Management Interface version 101. The issue is improper neutralization of special elements in the /IDC_Logging/checkifdone.cgi script, where input from the file parameter is echoed unsanitized into a CDATA block, enabling an a...
CVE-2026-28769 LFI in /IDC_Logging/checkifdone.cgi, "file" parameter Allowing for File Existence Enumeration On IDC Satellite Receiver Web Management Interface Version 101
A path traversal vulnerability exists in the /IDCLogging/checkifdone.cgi script in International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver Web management portal version 101. An authenticated attacker can manipulate the file parameter to traverse directories and enumerate...
CVE-2026-28769
The CVE concerns IDC SFX Series SuperFlex Satellite Receiver Web management portal (version 101). An authenticated user can abuse the /IDC_Logging/checkifdone.cgi script by manipulating the file parameter to perform directory traversal, enabling enumeration of arbitrary filesystem files. The root...
International Datacasting SFX Series SuperFlex Satellite Receiver Web management interface 安全漏洞
The International Datacasting SFX Series SuperFlex Satellite Receiver Web management interface is a web-based management backend for the satellite receiver devices produced by the International Datacasting company. Version 101 of the International Datacasting SFX Series SuperFlex Satellite Receiv...
PT-2026-22621
Chamilo is a learning management system. Prior to version 1.11.30, the open parameter of help.php fails to properly sanitize user input. This allows an attacker to inject arbitrary HTML, such as underlined text, via a crafted URL. This issue has been patched in version 1.11.30...
Exploit for CVE-2026-2670
exploit-CVE-2026-2670 CVE-2026-2670 – Advantech WISE-6610...
CVE-2026-2684
A vulnerability was determined in Tsinghua Unigroup Electronic Archives System up to 3.2.21080262532. The impacted element is an unknown function of the file /Archive/ErecordManage/uploadFile.html. Executing a manipulation of the argument File can lead to unrestricted upload. The attack may be...
Tsinghua Unigroup Electronic Archives System 代码问题漏洞
Tsinghua Unigroup Electronic Archives System is an electronic archive management system of Tsinghua Unigroup. There are code issues and vulnerabilities in versions 3.2.21080262532 and earlier of Tsinghua Unigroup Electronic Archives System. These vulnerabilities stem from incorrect handling of th...