Lucene search
K

167 matches found

Cvelist
Cvelist
added 2023/06/08 12:0 a.m.21 views

CVE-2023-32750

Pydio Cells through 4.1.2 allows SSRF. For longer running processes, Pydio Cells allows for the creation of jobs, which are run in the background. The job "remote-download" can be used to cause the backend to send a HTTP GET request to a specified URL and save the response to a new file. The...

6.6AI score0.03846EPSS
Exploits4References2
Vulnrichment
Vulnrichment
added 2023/06/08 12:0 a.m.8 views

CVE-2023-32750

Pydio Cells through 4.1.2 allows SSRF. For longer running processes, Pydio Cells allows for the creation of jobs, which are run in the background. The job "remote-download" can be used to cause the backend to send a HTTP GET request to a specified URL and save the response to a new file. The...

6.4AI score0.03846EPSS
Exploits4References2
OSV
OSV
added 2023/06/08 12:0 a.m.13 views

CVE-2023-32750

Pydio Cells through 4.1.2 allows SSRF. For longer running processes, Pydio Cells allows for the creation of jobs, which are run in the background. The job "remote-download" can be used to cause the backend to send a HTTP GET request to a specified URL and save the response to a new file. The...

6.5CVSS7AI score0.03846EPSS
Exploits4References4
Positive Technologies
Positive Technologies
added 2023/06/03 12:0 a.m.3 views

PT-2023-23999 · Pydio · Pydio Cells

Name of the Vulnerable Software and Affected Versions: Pydio Cells versions 4.1.2 and earlier Description: The issue allows for Server-Side Request Forgery SSRF in Pydio Cells. This is possible through the creation of jobs that run in the background, specifically the "remote-download" job. This j...

6.5CVSS7.3AI score0.03846EPSS
Exploits4References7
Packet Storm
Packet Storm
added 2023/05/30 12:0 a.m.296 views

Pydio Cells 4.1.2 Server-Side Request Forgery

For longer running processes, Pydio Cells allows for the creation of jobs, which are run in the background. The job "remote-download" can be used to cause the backend to send a HTTP GET request to a specified URL and save the response to a new file. The response file is then available in a...

7.1AI score0.03846EPSS
Exploits4
BDU FSTEC
BDU FSTEC
added 2023/05/24 12:0 a.m.6 views

The vulnerability of the microprogramming software of the D-Link DIR-809 A1 and D-Link DIR-809 A2 lies in the lack of authentication procedures. This allows attackers to circumvent existing security restrictions and download the configuration file.

The vulnerability of the microprogramming software of the D-Link DIR-809 A1 and D-Link DIR-809 A2 is related to deficiencies in authentication procedures. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions and download the configuration file remotely...

7.8CVSS7.2AI score0.01811EPSS
Exploits0References3Affected Software3
NVD
NVD
added 2023/05/15 11:15 a.m.36 views

CVE-2023-23446

Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to download files by using a therefore unpriviledged account via the REST interface...

7.5CVSS7.5AI score0.00891EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:13 a.m.3 views

SUSE CVE-2007-0079

rblog stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for 1 data/admin.mdb or 2 data/rblog.mdb...

7.8CVSS8.9AI score0.01715EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/10/25 12:0 a.m.4 views

Esri ArcGIS Server 安全漏洞

Esri ArcGIS Server is a Web-oriented, enterprise-class software platform for delivering geolocation services from Environmental Systems Research Institute Esri, Inc. A security vulnerability exists in Esri ArcGIS Server versions 10.9.1 and earlier, which stems from a possible remote file download...

6.1CVSS6.3AI score0.00265EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/08/26 12:15 a.m.10 views

CVE-2022-36226

SiteServerCMS 5.X has a Remote-download-Getshell-vulnerability via /SiteServer/Ajax/ajaxOtherService.aspx...

7.2CVSS7.1AI score0.00944EPSS
Exploits1References3
NVD
NVD
added 2022/08/26 12:15 a.m.27 views

CVE-2022-36226

SiteServerCMS 5.X has a Remote-download-Getshell-vulnerability via /SiteServer/Ajax/ajaxOtherService.aspx...

7.2CVSS0.00944EPSS
Exploits1References2
OSV
OSV
added 2022/08/26 12:15 a.m.5 views

CVE-2022-36226

SiteServerCMS 5.X has a Remote-download-Getshell-vulnerability via /SiteServer/Ajax/ajaxOtherService.aspx...

7.2CVSS5.8AI score0.00944EPSS
Exploits1References2
Prion
Prion
added 2022/08/26 12:15 a.m.18 views

Information disclosure

SiteServerCMS 5.X has a Remote-download-Getshell-vulnerability via /SiteServer/Ajax/ajaxOtherService.aspx...

5.8CVSS7AI score0.00944EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2022/08/25 11:37 p.m.39 views

CVE-2022-36226

SiteServerCMS 5.X has a Remote-download-Getshell-vulnerability via /SiteServer/Ajax/ajaxOtherService.aspx...

7.2AI score0.00944EPSS
Exploits1References2
CVE
CVE
added 2022/08/25 11:37 p.m.67 views

CVE-2022-36226

SiteServerCMS 5.X is affected by a Remote-download-Getshell vulnerability exploitable through the /SiteServer/Ajax/ajaxOtherService.aspx API endpoint. The issue is associated with a remote download that can lead to arbitrary code execution on the server, with the CVE-2022-36226 entry reflecting a...

7.2CVSS7AI score0.00944EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2022/08/25 12:0 a.m.7 views

SiteServerCMS 安全漏洞

SSCMS SiteServerCMS SSCMS is an open source, cross-platform, enterprise-level content management system from China's SSCMS Corporation. A security vulnerability exists in SiteServerCMS version 5.X. The vulnerability stems from a remote download Getshell vulnerability via...

7.2CVSS5.6AI score0.00944EPSS
Exploits1References4
BDU FSTEC
BDU FSTEC
added 2022/08/10 12:0 a.m.7 views

The vulnerability of the Jenkins Deployer Framework Plugin involves incorrect path name restrictions for restricted directories, allowing attackers to load arbitrary files.

The vulnerability of the Jenkins Deployer Framework Plugin is related to an incorrect limitation on the path to the restricted directory. Exploiting this vulnerability allows a malicious actor to download arbitrary files remotely...

9CVSS7.7AI score0.01453EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2022/06/27 11:15 p.m.21 views

CVE-2022-32995

Halo CMS v1.5.3 was discovered to contain a Server-Side Request Forgery SSRF via the template remote download function...

9.8CVSS0.15906EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2022/06/27 11:15 p.m.4 views

CVE-2022-32995

Halo CMS v1.5.3 was discovered to contain a Server-Side Request Forgery SSRF via the template remote download function...

9.8CVSS5.8AI score0.15906EPSS
Exploits1References2
Cvelist
Cvelist
added 2022/06/27 10:15 p.m.27 views

CVE-2022-32995

Halo CMS v1.5.3 was discovered to contain a Server-Side Request Forgery SSRF via the template remote download function...

9.8AI score0.15906EPSS
Exploits1References1
Rows per page
Query Builder