269 matches found
CVE-2016-20076 WordPress Simple-Backup 2.7.11 Arbitrary File Deletion and Download
WordPress Simple-Backup 2.7.11 contains multiple vulnerabilities that allow unauthenticated attackers to delete arbitrary files and download sensitive files by manipulating the deletebackupfile and downloadbackupfile parameters in tools.php. Attackers can exploit insufficient input validation usi...
CVE-2026-30404
The backend database management connection test feature in wgcloud v3.6.3 has a server-side request forgery SSRF vulnerability. This issue can be exploited to make the server send requests to probe the internal network, remotely download malicious files, and perform other dangerous operations...
CVE-2026-30404
The backend database management connection test feature in wgcloud v3.6.3 has a server-side request forgery SSRF vulnerability. This issue can be exploited to make the server send requests to probe the internal network, remotely download malicious files, and perform other dangerous operations...
CVE-2026-30404
The CVE-2026-30404 entry concerns wgcloud v3.6.3, where the backend database management connection test feature is vulnerable to server-side request forgery (SSRF). The vulnerability could allow the server to initiate requests to internal networks, remotely download malicious files, and perform o...
Malicious code in grokwrapper (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 a7ae896464be7f195243e35231a2435d0a1eb055cc7fa8cfaef707c7e11c55b2 During importing the module, package silently execute code hidden in an embedded config file, and downloads remote executable. It's then added to Run registry...
CVE-2020-37034
HelloWeb 2.0 contains an arbitrary file download vulnerability that allows remote attackers to download system files by manipulating filepath and filename parameters. Attackers can send crafted GET requests to download.asp with directory traversal to access sensitive configuration and system file...
CVE-2025-57795
Explorance Blue versions prior to 8.14.13 contain an authenticated remote file download vulnerability in a web service component. In default configurations, this flaw can be leveraged to achieve remote code execution...
CVE-2025-57795
Explorance Blue versions prior to 8.14.13 contain an authenticated remote file download vulnerability in a web service component. In default configurations, this flaw can be leveraged to achieve remote code execution...
CVE-2025-57795
Explorance Blue versions prior to 8.14.13 contain an authenticated remote file download vulnerability in a web service component. In default configurations, this flaw can be leveraged to achieve remote code execution...
CVE-2025-57795
CVE-2025-57795 affects Explorance Blue, versions prior to 8.14.13. The vulnerability exists in a web service component and allows an authenticated remote file download, which in default configurations can lead to remote code execution. Affected software is Explorance Blue up to 8.14.12 inclusive;...
CVE-2025-57795 Unauthenticated Remote File Download in Explorance Blue
Explorance Blue versions prior to 8.14.13 contain an authenticated remote file download vulnerability in a web service component. In default configurations, this flaw can be leveraged to achieve remote code execution...
CVE-2025-57795 Unauthenticated Remote File Download in Explorance Blue
Explorance Blue versions prior to 8.14.13 contain an authenticated remote file download vulnerability in a web service component. In default configurations, this flaw can be leveraged to achieve remote code execution...
PT-2026-5174
Explorance Blue versions prior to 8.14.13 contain an authenticated remote file download vulnerability in a web service component. In default configurations, this flaw can be leveraged to achieve remote code execution...
CVE-2019-11999
Potential security vulnerabilities have been identified in HPE OpenCall Media Platform OCMP resulting in remote arbitrary file download and cross site scripting. HPE has made the following updates available to resolve the vulnerability in the impacted versions of OCMP. For OCMP version 4.4.X -...
CVE-2019-20354
The web application component of piSignage before 2.6.4 allows a remote attacker authenticated as a low-privilege user to download arbitrary files from the Raspberry Pi via api/settings/log?file=../ path traversal. In other words, this issue is in the player API for log download...
CVE-2020-7812
Ezhttptrans.ocx ActiveX Control in Kaoni ezHTTPTrans 1.0.0.70 and prior versions contain a vulnerability that could allow remote attacker to download arbitrary file by setting the arguments to the activex method. This can be leveraged for code execution by rebooting the victim’s PC...
IQ Service IQ-Support 安全漏洞
IQ Service IQ-Support is an intelligent customer service system from IQ Service, Inc. of Taiwan, China. A security vulnerability exists in IQ Service IQ-Support that originates from relative path traversal and could allow an unauthenticated, remote attacker to download arbitrary system files...
EUVD-2020-28758
Malware in sbrugna...
EUVD-2017-14871
Malware in sbrugna...
EUVD-2007-3068
Malware in sbrugna...