Lucene search
K

167 matches found

Prion
Prion
added 2020/04/29 4:15 p.m.12 views

Design/Logic Flaw

AxECM.cabActiveX Control in Inogard Ebiz4u contains a vulnerability that could allow remote files to be downloaded and executed by setting arguments to the activeX method. Download of Code Without Integrity Check vulnerability in ActiveX control of Inogard Co,,LTD Ebiz4u ActiveX of Inogard...

6.5CVSS7AI score0.00646EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2020/04/16 7:15 p.m.2 views

CVE-2019-11999

Potential security vulnerabilities have been identified in HPE OpenCall Media Platform OCMP resulting in remote arbitrary file download and cross site scripting. HPE has made the following updates available to resolve the vulnerability in the impacted versions of OCMP. For OCMP version 4.4.X -...

6.9CVSS4.9AI score0.00803EPSS
Exploits0References1
OSV
OSV
added 2020/02/11 4:15 p.m.3 views

CVE-2019-13941

A vulnerability has been identified in OZW672 All versions V10.00, OZW772 All versions V10.00. Vulnerable versions of OZW Web Server use predictable path names for project files that legitimately authenticated users have created by using the application's export function. By accessing a specific...

7.5CVSS7AI score0.01617EPSS
Exploits0References2
OSV
OSV
added 2019/10/23 9:15 p.m.3 views

CVE-2019-18383

An issue was discovered on TerraMaster FS-210 4.0.19 devices. One can download backup files remotely from terramasterTNAS-00E43Aconfigbackup.bin without permission...

7.5CVSS5.8AI score0.01604EPSS
Exploits0References1
CVE
CVE
added 2019/10/23 9:0 p.m.92 views

CVE-2019-18383

TerraMaster FS-210 devices running firmware 4.0.19 are affected by CVE-2019-18383, an information-disclosure flaw that allows remote retrieval of the backup file terramaster_TNAS-00E43A_config_backup.bin without authentication. The issue is documented across multiple sources (NVD/Red Hat/CNVD/etc...

7.5CVSS7.5AI score0.01604EPSS
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2019/01/15 12:0 a.m.6 views

The vulnerability of the HTTP web server of the Cisco Prime Infrastructure monitoring and network equipment management system allows a hacker to download and execute any arbitrary file.

The vulnerability of the HTTP web server of the Cisco Prime Infrastructure monitoring and network equipment management system is related to access control errors for system directories. Exploiting this vulnerability allows a malicious actor to download and execute any arbitrary file remotely...

7.5CVSS7.9AI score0.86221EPSS
Exploits5References3
CNVD
CNVD
added 2018/07/23 12:0 a.m.3 views

IBM Sterling File Gateway Information Disclosure Vulnerability (CNVD-2018-14088)

IBM Sterling File Gateway is a suite of file transfer software from IBM in the United States. The software integrates different centers of file transfer activity and facilitates the secure exchange of file-based data over the Internet. A security vulnerability exists in IBM Sterling File Gateway...

5.3CVSS5.4AI score0.02375EPSS
Exploits0References1
OSV
OSV
added 2018/07/18 12:29 p.m.4 views

UBUNTU-CVE-2018-14371

The getLocalePrefix function in ResourceManager.java in Eclipse Mojarra before 2.3.7 is affected by Directory Traversal via the loc parameter. A remote attacker can download configuration files or Java bytecodes from applications...

7.5CVSS7.1AI score0.04425EPSS
Exploits0References4
0day.today
0day.today
added 2018/05/17 12:0 a.m.44 views

Intelbras NCLOUD 300 1.0 - Authentication bypass Exploit

Exploit for hardware platform in category web applications coding: utf-8 Exploit Title: Intelbras NCloud Authentication bypass Date: 16/05/2018 Exploit Author: Pedro Aguiar - email protected Vendor Homepage: http://www.intelbras.com.br/ Software Link:...

9.7AI score0.35573EPSS
Exploits5
exploitpack
exploitpack
added 2018/05/17 12:0 a.m.32 views

Intelbras NCLOUD 300 1.0 - Authentication bypass

Intelbras NCLOUD 300 1.0 - Authentication bypass coding: utf-8 Exploit Title: Intelbras NCloud Authentication bypass Date: 16/05/2018 Exploit Author: Pedro Aguiar - [email protected] Vendor Homepage: http://www.intelbras.com.br/ Software Link:...

10CVSS0.4AI score0.35573EPSS
Exploits5
ATTACKERKB
ATTACKERKB
added 2018/03/28 2:29 p.m.3 views

CVE-2018-9110

Studio 42 elFinder before 2.1.37 has a directory traversal vulnerability in elFinder.class.php with the zipdl function that can allow a remote attacker to download files accessible by the web server process and delete files owned by the account running the web server process. NOTE: this issue...

9.1CVSS5.7AI score0.02963EPSS
Exploits0References4
Zero Day Initiative
Zero Day Initiative
added 2017/12/13 12:0 a.m.27 views

NetGain Enterprise Manager heapdumps Remote Download Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within heapdumps.jsp. The issue results from the lack of proper validation...

5CVSS1.3AI score0.02847EPSS
Exploits0
CNVD
CNVD
added 2017/10/11 12:0 a.m.5 views

HP ArcSight Enterprise Security Manager and ArcSight Enterprise Security Manager Express Access Control Error Vulnerability

HP ArcSight ESM Enterprise Security Manager and ESM Express are both enterprise security management software with event correlation and security analysis capabilities from Hewlett Packard Enterprise HPE. The software collects, correlates and reports on enterprise-wide security events in real time...

6.5CVSS6.9AI score0.00963EPSS
Exploits0References1
CNVD
CNVD
added 2017/09/20 12:0 a.m.6 views

ZTE ZXR10 1800-2S Improper Access Control Vulnerability

The ZTE ZXR10 1800-2S is a router from ZTE. The ZTE ZXR10 1800-2S fails to properly restrict the range of file download directories for web users, allowing remote attackers to exploit the vulnerability by submitting special requests to download configuration files and steal sensitive information...

7.5CVSS6.9AI score0.01287EPSS
Exploits1References1
CNVD
CNVD
added 2017/08/22 12:0 a.m.4 views

Micro Focus Enterprise Developer and Enterprise Server Path Traversal Vulnerability

Micro Focus Enterprise Developer and Enterprise Server are both products of Micro Focus, a British company.Micro Focus Enterprise Developer is a set of integrated development environments for the mainframe.Enterprise Server is a production deployment platform for mainframe programs. Enterprise...

6.5CVSS6.6AI score0.01785EPSS
Exploits0References1
Kitploit
Kitploit
added 2017/08/09 3:11 p.m.33 views

Invoke-CradleCrafter - PowerShell Remote Download Cradle Generator and Obfuscator

Invoke-CradleCrafter is a PowerShell v2.0+ compatible PowerShell remote download cradle generator and obfuscator. Purpose Invoke-CradleCrafter exists to aid Blue Teams and Red Teams in easily exploring, generating and obfuscating PowerShell remote download cradles. In addition, it helps Blue Team...

7.3AI score
Exploits0References1
CNVD
CNVD
added 2017/05/24 12:0 a.m.3 views

Micro Focus Vibe Directory Traversal Vulnerability

Micro Focus Vibe aggregates what users need to do their jobs.Vibe supports seamless and secure access.The Vibe mobile app securely stores login credentials for one or more Vibe sites, so users can easily and quickly connect to Vibe sites. A directory traversal vulnerability exists in Micro Focus...

6.5CVSS7.1AI score0.01398EPSS
Exploits0References1
OSV
OSV
added 2016/12/14 12:59 a.m.4 views

CVE-2016-9209

A vulnerability in TCP processing in Cisco FirePOWER system software could allow an unauthenticated, remote attacker to download files that would normally be blocked. Affected Products: The following Cisco products are vulnerable: Adaptive Security Appliance ASA 5500-X Series with FirePOWER...

4.3CVSS5.8AI score0.01184EPSS
Exploits0References2
CNVD
CNVD
added 2016/10/20 12:0 a.m.4 views

Wordpress candidate-application-form plugin file download vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Software Foundation. candidate-application-form is one of the plugins used to add a candidate application form to a job opening. A file download vulnerability exists in version v1.0 of the Wordpress...

7.5CVSS6.8AI score0.08833EPSS
Exploits1References1
CNVD
CNVD
added 2016/10/20 12:0 a.m.4 views

Wordpress simple-image-manipulator plugin remote file download vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language. simple-image-manipulator is one of the image manipulator plugin. A remote file download vulnerability exists in Wordpress simple-image-manipulator plugin v1.0, which can be exploited by...

7.5CVSS7AI score0.07038EPSS
Exploits2References1
Rows per page
Query Builder