167 matches found
Design/Logic Flaw
AxECM.cabActiveX Control in Inogard Ebiz4u contains a vulnerability that could allow remote files to be downloaded and executed by setting arguments to the activeX method. Download of Code Without Integrity Check vulnerability in ActiveX control of Inogard Co,,LTD Ebiz4u ActiveX of Inogard...
CVE-2019-11999
Potential security vulnerabilities have been identified in HPE OpenCall Media Platform OCMP resulting in remote arbitrary file download and cross site scripting. HPE has made the following updates available to resolve the vulnerability in the impacted versions of OCMP. For OCMP version 4.4.X -...
CVE-2019-13941
A vulnerability has been identified in OZW672 All versions V10.00, OZW772 All versions V10.00. Vulnerable versions of OZW Web Server use predictable path names for project files that legitimately authenticated users have created by using the application's export function. By accessing a specific...
CVE-2019-18383
An issue was discovered on TerraMaster FS-210 4.0.19 devices. One can download backup files remotely from terramasterTNAS-00E43Aconfigbackup.bin without permission...
CVE-2019-18383
TerraMaster FS-210 devices running firmware 4.0.19 are affected by CVE-2019-18383, an information-disclosure flaw that allows remote retrieval of the backup file terramaster_TNAS-00E43A_config_backup.bin without authentication. The issue is documented across multiple sources (NVD/Red Hat/CNVD/etc...
The vulnerability of the HTTP web server of the Cisco Prime Infrastructure monitoring and network equipment management system allows a hacker to download and execute any arbitrary file.
The vulnerability of the HTTP web server of the Cisco Prime Infrastructure monitoring and network equipment management system is related to access control errors for system directories. Exploiting this vulnerability allows a malicious actor to download and execute any arbitrary file remotely...
IBM Sterling File Gateway Information Disclosure Vulnerability (CNVD-2018-14088)
IBM Sterling File Gateway is a suite of file transfer software from IBM in the United States. The software integrates different centers of file transfer activity and facilitates the secure exchange of file-based data over the Internet. A security vulnerability exists in IBM Sterling File Gateway...
UBUNTU-CVE-2018-14371
The getLocalePrefix function in ResourceManager.java in Eclipse Mojarra before 2.3.7 is affected by Directory Traversal via the loc parameter. A remote attacker can download configuration files or Java bytecodes from applications...
Intelbras NCLOUD 300 1.0 - Authentication bypass Exploit
Exploit for hardware platform in category web applications coding: utf-8 Exploit Title: Intelbras NCloud Authentication bypass Date: 16/05/2018 Exploit Author: Pedro Aguiar - email protected Vendor Homepage: http://www.intelbras.com.br/ Software Link:...
Intelbras NCLOUD 300 1.0 - Authentication bypass
Intelbras NCLOUD 300 1.0 - Authentication bypass coding: utf-8 Exploit Title: Intelbras NCloud Authentication bypass Date: 16/05/2018 Exploit Author: Pedro Aguiar - [email protected] Vendor Homepage: http://www.intelbras.com.br/ Software Link:...
CVE-2018-9110
Studio 42 elFinder before 2.1.37 has a directory traversal vulnerability in elFinder.class.php with the zipdl function that can allow a remote attacker to download files accessible by the web server process and delete files owned by the account running the web server process. NOTE: this issue...
NetGain Enterprise Manager heapdumps Remote Download Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within heapdumps.jsp. The issue results from the lack of proper validation...
HP ArcSight Enterprise Security Manager and ArcSight Enterprise Security Manager Express Access Control Error Vulnerability
HP ArcSight ESM Enterprise Security Manager and ESM Express are both enterprise security management software with event correlation and security analysis capabilities from Hewlett Packard Enterprise HPE. The software collects, correlates and reports on enterprise-wide security events in real time...
ZTE ZXR10 1800-2S Improper Access Control Vulnerability
The ZTE ZXR10 1800-2S is a router from ZTE. The ZTE ZXR10 1800-2S fails to properly restrict the range of file download directories for web users, allowing remote attackers to exploit the vulnerability by submitting special requests to download configuration files and steal sensitive information...
Micro Focus Enterprise Developer and Enterprise Server Path Traversal Vulnerability
Micro Focus Enterprise Developer and Enterprise Server are both products of Micro Focus, a British company.Micro Focus Enterprise Developer is a set of integrated development environments for the mainframe.Enterprise Server is a production deployment platform for mainframe programs. Enterprise...
Invoke-CradleCrafter - PowerShell Remote Download Cradle Generator and Obfuscator
Invoke-CradleCrafter is a PowerShell v2.0+ compatible PowerShell remote download cradle generator and obfuscator. Purpose Invoke-CradleCrafter exists to aid Blue Teams and Red Teams in easily exploring, generating and obfuscating PowerShell remote download cradles. In addition, it helps Blue Team...
Micro Focus Vibe Directory Traversal Vulnerability
Micro Focus Vibe aggregates what users need to do their jobs.Vibe supports seamless and secure access.The Vibe mobile app securely stores login credentials for one or more Vibe sites, so users can easily and quickly connect to Vibe sites. A directory traversal vulnerability exists in Micro Focus...
CVE-2016-9209
A vulnerability in TCP processing in Cisco FirePOWER system software could allow an unauthenticated, remote attacker to download files that would normally be blocked. Affected Products: The following Cisco products are vulnerable: Adaptive Security Appliance ASA 5500-X Series with FirePOWER...
Wordpress candidate-application-form plugin file download vulnerability
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Software Foundation. candidate-application-form is one of the plugins used to add a candidate application form to a job opening. A file download vulnerability exists in version v1.0 of the Wordpress...
Wordpress simple-image-manipulator plugin remote file download vulnerability
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language. simple-image-manipulator is one of the image manipulator plugin. A remote file download vulnerability exists in Wordpress simple-image-manipulator plugin v1.0, which can be exploited by...