Lucene search
K

58 matches found

CNNVD
CNNVD
added 2026/05/29 12:0 a.m.10 views

Interinfo DreamMaker 安全漏洞

Interinfo DreamMaker is an application developed by Interinfo Corporation in China. Interinfo DreamMaker has a security vulnerability, which stems from relative path traversal. This vulnerability could allow unauthenticated local attackers to download arbitrary system files...

8.7CVSS5.9AI score0.00353EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/10/21 8:29 p.m.14 views

CVE-2025-8048

External Control of File Name or Path vulnerability in opentext Flipper allows Path Traversal. The vulnerability could allow a user to submit a stored local file path and then download the specified file from the system by requesting the stored document ID. This issue affects Flipper: 3.1.2...

6.5CVSS6.4AI score0.00262EPSS
Exploits0References1
NVD
NVD
added 2025/10/20 8:15 p.m.6 views

CVE-2025-8048

External Control of File Name or Path vulnerability in opentext Flipper allows Path Traversal. The vulnerability could allow a user to submit a stored local file path and then download the specified file from the system by requesting the stored document ID. This issue affects Flipper: 3.1.2...

6.5CVSS0.00262EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-6839

Malware in sbrugna...

9.8CVSS9.5AI score0.0163EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2017-14872

Malware in sbrugna...

7.1CVSS6.9AI score0.03471EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/22 10:14 a.m.14 views

CVE-2019-11216

BMC Smart Reporting 7.3 20180418 allows authenticated XXE within the import functionality. One can import a malicious XML file and perform XXE attacks to download local files from the server, or do DoS attacks with XML expansion attacks. XXE with direct response and XXE OOB are allowed...

6.5CVSS6.6AI score0.01835EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2025/05/15 8:7 p.m.9 views

CVE-2024-9765 EKC Tournament Manager < 2.2.2 - Local File Download Vulnerability

The EKC Tournament Manager WordPress plugin before 2.2.2 allows a logged in admin to download system files outside of the WordPress directory...

6.9AI score0.01414EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/05/15 8:7 p.m.14 views

CVE-2024-9765 EKC Tournament Manager < 2.2.2 - Local File Download Vulnerability

The EKC Tournament Manager WordPress plugin before 2.2.2 allows a logged in admin to download system files outside of the WordPress directory...

0.01414EPSS
Exploits1References1
OSV
OSV
added 2024/05/30 5:15 p.m.5 views

CVE-2024-35431

ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via photoBase64. An unauthenticated user can download local files from the server. NOTE: Third parties have indicated other versions are also vulnerable including up to 6.4.1...

7.5CVSS5.7AI score0.01EPSS
Exploits1References1
OSV
OSV
added 2022/08/08 2:15 p.m.6 views

CVE-2022-2357

The WSM Downloader WordPress plugin through 1.4.0 allows any visitor to use its remote file download feature to download any local files, including sensitive ones like wp-config.php...

7.5CVSS5.8AI score0.01158EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2022/08/08 2:15 p.m.4 views

CVE-2022-2357

The WSM Downloader WordPress plugin through 1.4.0 allows any visitor to use its remote file download feature to download any local files, including sensitive ones like wp-config.php...

7.5CVSS5.9AI score0.01158EPSS
Exploits1References2
0day.today
0day.today
added 2022/03/29 12:0 a.m.235 views

WordPress admin-word-count-column 2.2 - Local File Read Vulnerability

Exploit Title: WordPress Plugin admin-word-count-column 2.2 - Local File Download Google Dork: inurl:/wp-content/plugins/admin-word-count-column/ Exploit Author: Hassan Khan Yusufzai - Splint3r7 Vendor Homepage: https://wordpress.org/plugins/admin-word-count-column/ Version: 2.2 Contact me: h at...

7.4AI score
Exploits0
Prion
Prion
added 2019/12/04 8:15 p.m.18 views

Design/Logic Flaw

BMC Smart Reporting 7.3 20180418 allows authenticated XXE within the import functionality. One can import a malicious XML file and perform XXE attacks to download local files from the server, or do DoS attacks with XML expansion attacks. XXE with direct response and XXE OOB are allowed...

5.5CVSS6.3AI score0.01835EPSS
Exploits2References3Affected Software1
CNVD
CNVD
added 2019/12/04 12:0 a.m.3 views

BMC Smart Reporting XML External Entity Injection Vulnerability

BMC Smart Reporting is a smart reporting system. BMC Smart Reporting suffers from an XML External Entity Injection vulnerability that allows an authenticated attacker with administrator privileges to import a malicious XML file and perform an XXE attack to download a local file from a server, or...

6.5CVSS6.9AI score0.01835EPSS
Exploits2References1
Packet Storm
Packet Storm
added 2019/10/25 12:0 a.m.264 views

ham3d 1.1 Information Disclosure / Default Credentials

/ Exploit Title: ham3d Information Processing Script Local File Download & Default Password Vulnerability Exploit Author: Milad Hacking Vendor Homepage : http://www.ham3d.net/ Demo Script Link: http://wensoni.com Version : 1.1 Google Dork : inurl:fa/forgotpass.html Date: 2019-10-25 Tested on: Kal...

7.4AI score
Exploits0
OSV
OSV
added 2018/09/28 12:29 a.m.2 views

CVE-2018-14957

CMS ISWEB 3.5.3 is vulnerable to directory traversal and local file download, as demonstrated by moduli/downloadFile.php?file=oggettodocumenti/../.././inc/config.php one can take the control of the application because credentials are present in that config.php file...

9.8CVSS5.8AI score0.0163EPSS
Exploits1References1
Prion
Prion
added 2018/09/28 12:29 a.m.15 views

Directory traversal

CMS ISWEB 3.5.3 is vulnerable to directory traversal and local file download, as demonstrated by moduli/downloadFile.php?file=oggettodocumenti/../.././inc/config.php one can take the control of the application because credentials are present in that config.php file...

7.5CVSS9.1AI score0.0163EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2018/09/28 12:0 a.m.73 views

CVE-2018-14957

CVE-2018-14957 affects CMS ISWEB 3.5.3. The vulnerability is a directory traversal that enables local file download via moduli/downloadFile.php?file=oggetto_documenti/../.././inc/config.php, exposing credentials stored in config.php and enabling an attacker to take control of the application. Pub...

9.8CVSS9.1AI score0.0163EPSS
Exploits1References1Affected Software1
Exploit DB
Exploit DB
added 2018/08/06 12:0 a.m.35 views

CMS ISWEB 3.5.3 - Directory Traversal

Exploit Title: CMS ISWEB 3.5.3 - Directory Traversal Date: 2018-08-01 Exploit Author: Thiago "thxsena" Sena Vendor Homepage: http://www.isweb.it Version: 3.5.3 Tested on: Linux CVE : N/A PoC: CMS ISWEB 3.5.3 is vulnerable to directory traversal and local file download, as demonstrated by...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2018/08/06 12:0 a.m.15 views

CMS ISWEB 3.5.3 - Directory Traversal

CMS ISWEB 3.5.3 - Directory Traversal Exploit Title: CMS ISWEB 3.5.3 - Directory Traversal Date: 2018-08-01 Exploit Author: Thiago "thxsena" Sena Vendor Homepage: http://www.isweb.it Version: 3.5.3 Tested on: Linux CVE : N/A PoC: CMS ISWEB 3.5.3 is vulnerable to directory traversal and local file...

Exploits0
Rows per page
Query Builder