270 matches found
CVE-2020-7880
The vulnerabilty was discovered in ActiveX module related to NeoRS remote support program. This issue allows an remote attacker to download and execute remote file. It is because of improper parameter validation of StartNeoRS function in ActiveX...
CVE-2020-7880 douzone NeoRS remote support program ActiveX vulnerability
The vulnerabilty was discovered in ActiveX module related to NeoRS remote support program. This issue allows an remote attacker to download and execute remote file. It is because of improper parameter validation of StartNeoRS function in ActiveX...
CVE-2021-43358
Sunnet eHRD has inadequate filtering for special characters in URLs, which allows a remote attacker to perform path traversal attacks without authentication, access restricted paths and download system files...
NeoRS RS10 输入验证错误漏洞
Douzone Bizon NeoRs is a remote support service from Douzone Bizon in Korea. Remote Pc can be accessed and controlled anytime, anywhere through the remote support site. A security vulnerability exists in NeoRS RS10 version, which stems from improper validation of the parameters of the StartNeoRS...
UBUNTU-CVE-2021-41281
Synapse is a package for Matrix homeservers written in Python 3/Twisted. Prior to version 1.47.1, Synapse instances with the media repository enabled can be tricked into downloading a file from a remote server into an arbitrary directory. No authentication is required for the affected endpoint. T...
py-matrix-synapse -- several vulnerabilities
Matrix developers report: This release patches one high severity issue affecting Synapse installations 1.47.0 and earlier using the media repository. An attacker could cause these Synapses to download a remote file and store it in a directory outside the media repository. Note that: This only...
Raonwiz DEXT5 安全漏洞
Raonwiz DEXT5 is a set of HTML5-based file transfer solution from Raonwiz Korea. The product supports encrypted file transfer, form building, and other features. A security vulnerability exists in DEXT5 Upload, which allows remote attackers to download and execute remote files by setting argument...
QSAN Storage Manager Path Traversal Vulnerability
QSAN Storage Manager is a NAS operating system from Quantium Technologies Incorporated QSAN. A path traversal vulnerability exists in sharelink in QSAN Storage Manager 3.3.1 and earlier versions. A remote attacker can exploit this vulnerability to download arbitrary files...
CVE-2021-32527
Path traversal vulnerability in QSAN Storage Manager allows remote unauthenticated attackers to download arbitrary files thru injecting file path in download function. Suggest contacting with QSAN and refer to recommendations in QSAN Document...
CVE-2021-32516
Path traversal vulnerability in sharelink in QSAN Storage Manager allows remote attackers to download arbitrary files. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3...
CVE-2021-32517
Improper access control vulnerability in sharelink in QSAN Storage Manager allows remote attackers to download arbitrary files using particular parameter in download function. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3...
CVE-2021-32517 QSAN Storage Manager - Improper Access Control
Improper access control vulnerability in sharelink in QSAN Storage Manager allows remote attackers to download arbitrary files using particular parameter in download function. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3...
QSAN Storage Manager 安全漏洞
QSAN Storage Manager is a NAS operating system from Quantium Technologies Incorporated QSAN. An improper access control vulnerability exists in sharelink in QSAN Storage Manager 3.3.1 and earlier versions. A remote attacker could exploit this vulnerability to download arbitrary files via specific...
QSAN Storage Manager 路径遍历漏洞
QSAN Storage Manager is a NAS operating system from Quantium Technologies Incorporated QSAN. A path traversal vulnerability exists in sharelink in QSAN Storage Manager 3.3.1 and earlier versions. A remote attacker can exploit this vulnerability to download arbitrary files...
CVE-2020-7851
Innorix Web-Based File Transfer Solution versuibs prior to and including 9.2.18.385 contains a vulnerability that could allow remote files to be downloaded and executed by setting the arguments to the internal method. A remote attacker could induce a user to access a crafted web page, causing...
CVE-2020-7851
The CVE CVE-2020-7851 affects Innorix Web-Based File Transfer Solution (
CVE-2020-7850
NBBDownloader.ocx ActiveX Control in Groupware contains a vulnerability that could allow remote files to be downloaded and executed by setting the arguments to the activex method. A remote attacker could induce a user to access a crafted web page, causing damage such as malicious code infection...
CVE-2020-7850
The CVE-2020-7850 entry concerns the NBBDownloader.ocx ActiveX control in Groupware. Descriptions across sources indicate a vulnerability that allows remote files to be downloaded and executed by manipulating arguments to the ActiveX method, enabling a remote attacker to lure a user to a crafted ...
Carrierwave -- Multiple vulnerabilities
Community reports: Fix Code Injection vulnerability in CarrierWave::RMagick Fix SSRF vulnerability in the remote file download feature...
CVE-2020-35362
DEXT5Upload 2.7.1262310 and earlier is affected by Directory Traversal in handler/dext5handler.jsp. This could allow remote files to be downloaded via a dext5CMD=downloadRequest action with traversal in the fileVirtualPath parameter the attacker must provide the correct fileOrgName value...