167 matches found
CVE-2023-32750
Pydio Cells through 4.1.2 allows SSRF. For longer running processes, Pydio Cells allows for the creation of jobs, which are run in the background. The job "remote-download" can be used to cause the backend to send a HTTP GET request to a specified URL and save the response to a new file. The...
CVE-2023-32750
Pydio Cells through 4.1.2 allows SSRF. For longer running processes, Pydio Cells allows for the creation of jobs, which are run in the background. The job "remote-download" can be used to cause the backend to send a HTTP GET request to a specified URL and save the response to a new file. The...
CVE-2023-32750
Pydio Cells through 4.1.2 allows SSRF. For longer running processes, Pydio Cells allows for the creation of jobs, which are run in the background. The job "remote-download" can be used to cause the backend to send a HTTP GET request to a specified URL and save the response to a new file. The...
PT-2023-23999 · Pydio · Pydio Cells
Name of the Vulnerable Software and Affected Versions: Pydio Cells versions 4.1.2 and earlier Description: The issue allows for Server-Side Request Forgery SSRF in Pydio Cells. This is possible through the creation of jobs that run in the background, specifically the "remote-download" job. This j...
Pydio Cells 4.1.2 Server-Side Request Forgery
For longer running processes, Pydio Cells allows for the creation of jobs, which are run in the background. The job "remote-download" can be used to cause the backend to send a HTTP GET request to a specified URL and save the response to a new file. The response file is then available in a...
The vulnerability of the microprogramming software of the D-Link DIR-809 A1 and D-Link DIR-809 A2 lies in the lack of authentication procedures. This allows attackers to circumvent existing security restrictions and download the configuration file.
The vulnerability of the microprogramming software of the D-Link DIR-809 A1 and D-Link DIR-809 A2 is related to deficiencies in authentication procedures. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions and download the configuration file remotely...
CVE-2023-23446
Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to download files by using a therefore unpriviledged account via the REST interface...
SUSE CVE-2007-0079
rblog stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for 1 data/admin.mdb or 2 data/rblog.mdb...
Esri ArcGIS Server 安全漏洞
Esri ArcGIS Server is a Web-oriented, enterprise-class software platform for delivering geolocation services from Environmental Systems Research Institute Esri, Inc. A security vulnerability exists in Esri ArcGIS Server versions 10.9.1 and earlier, which stems from a possible remote file download...
CVE-2022-36226
SiteServerCMS 5.X has a Remote-download-Getshell-vulnerability via /SiteServer/Ajax/ajaxOtherService.aspx...
CVE-2022-36226
SiteServerCMS 5.X has a Remote-download-Getshell-vulnerability via /SiteServer/Ajax/ajaxOtherService.aspx...
CVE-2022-36226
SiteServerCMS 5.X has a Remote-download-Getshell-vulnerability via /SiteServer/Ajax/ajaxOtherService.aspx...
Information disclosure
SiteServerCMS 5.X has a Remote-download-Getshell-vulnerability via /SiteServer/Ajax/ajaxOtherService.aspx...
CVE-2022-36226
SiteServerCMS 5.X has a Remote-download-Getshell-vulnerability via /SiteServer/Ajax/ajaxOtherService.aspx...
CVE-2022-36226
SiteServerCMS 5.X is affected by a Remote-download-Getshell vulnerability exploitable through the /SiteServer/Ajax/ajaxOtherService.aspx API endpoint. The issue is associated with a remote download that can lead to arbitrary code execution on the server, with the CVE-2022-36226 entry reflecting a...
SiteServerCMS 安全漏洞
SSCMS SiteServerCMS SSCMS is an open source, cross-platform, enterprise-level content management system from China's SSCMS Corporation. A security vulnerability exists in SiteServerCMS version 5.X. The vulnerability stems from a remote download Getshell vulnerability via...
The vulnerability of the Jenkins Deployer Framework Plugin involves incorrect path name restrictions for restricted directories, allowing attackers to load arbitrary files.
The vulnerability of the Jenkins Deployer Framework Plugin is related to an incorrect limitation on the path to the restricted directory. Exploiting this vulnerability allows a malicious actor to download arbitrary files remotely...
CVE-2022-32995
Halo CMS v1.5.3 was discovered to contain a Server-Side Request Forgery SSRF via the template remote download function...
CVE-2022-32995
Halo CMS v1.5.3 was discovered to contain a Server-Side Request Forgery SSRF via the template remote download function...
CVE-2022-32995
Halo CMS v1.5.3 was discovered to contain a Server-Side Request Forgery SSRF via the template remote download function...