Lucene search
K

270 matches found

OSV
OSV
added 2021/11/30 7:15 p.m.3 views

CVE-2020-7880

The vulnerabilty was discovered in ActiveX module related to NeoRS remote support program. This issue allows an remote attacker to download and execute remote file. It is because of improper parameter validation of StartNeoRS function in ActiveX...

8.8CVSS7.4AI score0.01606EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/11/30 6:47 p.m.24 views

CVE-2020-7880 douzone NeoRS remote support program ActiveX vulnerability

The vulnerabilty was discovered in ActiveX module related to NeoRS remote support program. This issue allows an remote attacker to download and execute remote file. It is because of improper parameter validation of StartNeoRS function in ActiveX...

7.5CVSS8.7AI score0.01606EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2021/11/30 1:40 a.m.2 views

CVE-2021-43358

Sunnet eHRD has inadequate filtering for special characters in URLs, which allows a remote attacker to perform path traversal attacks without authentication, access restricted paths and download system files...

7.8CVSS7.2AI score0.02294EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2021/11/30 12:0 a.m.5 views

NeoRS RS10 输入验证错误漏洞

Douzone Bizon NeoRs is a remote support service from Douzone Bizon in Korea. Remote Pc can be accessed and controlled anytime, anywhere through the remote support site. A security vulnerability exists in NeoRS RS10 version, which stems from improper validation of the parameters of the StartNeoRS...

9.3CVSS8.1AI score0.01606EPSS
Exploits0References2
OSV
OSV
added 2021/11/23 8:15 p.m.4 views

UBUNTU-CVE-2021-41281

Synapse is a package for Matrix homeservers written in Python 3/Twisted. Prior to version 1.47.1, Synapse instances with the media repository enabled can be tricked into downloading a file from a remote server into an arbitrary directory. No authentication is required for the affected endpoint. T...

7.5CVSS7.2AI score0.01514EPSS
Exploits0References6
FreeBSD
FreeBSD
added 2021/11/18 12:0 a.m.24 views

py-matrix-synapse -- several vulnerabilities

Matrix developers report: This release patches one high severity issue affecting Synapse installations 1.47.0 and earlier using the media repository. An attacker could cause these Synapses to download a remote file and store it in a directory outside the media repository. Note that: This only...

7.5CVSS7.3AI score0.01514EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/10/28 12:0 a.m.4 views

Raonwiz DEXT5 安全漏洞

Raonwiz DEXT5 is a set of HTML5-based file transfer solution from Raonwiz Korea. The product supports encrypted file transfer, form building, and other features. A security vulnerability exists in DEXT5 Upload, which allows remote attackers to download and execute remote files by setting argument...

8.8CVSS8.2AI score0.00606EPSS
Exploits0References2
CNVD
CNVD
added 2021/07/08 12:0 a.m.5 views

QSAN Storage Manager Path Traversal Vulnerability

QSAN Storage Manager is a NAS operating system from Quantium Technologies Incorporated QSAN. A path traversal vulnerability exists in sharelink in QSAN Storage Manager 3.3.1 and earlier versions. A remote attacker can exploit this vulnerability to download arbitrary files...

7.5CVSS7AI score0.01669EPSS
Exploits0References1
OSV
OSV
added 2021/07/07 2:15 p.m.2 views

CVE-2021-32527

Path traversal vulnerability in QSAN Storage Manager allows remote unauthenticated attackers to download arbitrary files thru injecting file path in download function. Suggest contacting with QSAN and refer to recommendations in QSAN Document...

7.5CVSS5.9AI score0.01743EPSS
Exploits0References1
OSV
OSV
added 2021/07/07 2:15 p.m.1 views

CVE-2021-32516

Path traversal vulnerability in sharelink in QSAN Storage Manager allows remote attackers to download arbitrary files. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3...

7.5CVSS5.8AI score0.01669EPSS
Exploits0References1
OSV
OSV
added 2021/07/07 2:15 p.m.2 views

CVE-2021-32517

Improper access control vulnerability in sharelink in QSAN Storage Manager allows remote attackers to download arbitrary files using particular parameter in download function. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3...

7.5CVSS7.2AI score0.01262EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/07/07 2:11 p.m.13 views

CVE-2021-32517 QSAN Storage Manager - Improper Access Control

Improper access control vulnerability in sharelink in QSAN Storage Manager allows remote attackers to download arbitrary files using particular parameter in download function. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3...

7.5CVSS7.8AI score0.01262EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/07/07 12:0 a.m.4 views

QSAN Storage Manager 安全漏洞

QSAN Storage Manager is a NAS operating system from Quantium Technologies Incorporated QSAN. An improper access control vulnerability exists in sharelink in QSAN Storage Manager 3.3.1 and earlier versions. A remote attacker could exploit this vulnerability to download arbitrary files via specific...

7.5CVSS6AI score0.01262EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/07/07 12:0 a.m.6 views

QSAN Storage Manager 路径遍历漏洞

QSAN Storage Manager is a NAS operating system from Quantium Technologies Incorporated QSAN. A path traversal vulnerability exists in sharelink in QSAN Storage Manager 3.3.1 and earlier versions. A remote attacker can exploit this vulnerability to download arbitrary files...

7.5CVSS6AI score0.01669EPSS
Exploits0References2
OSV
OSV
added 2021/04/19 1:15 p.m.4 views

CVE-2020-7851

Innorix Web-Based File Transfer Solution versuibs prior to and including 9.2.18.385 contains a vulnerability that could allow remote files to be downloaded and executed by setting the arguments to the internal method. A remote attacker could induce a user to access a crafted web page, causing...

7.8CVSS7.2AI score0.00723EPSS
Exploits0References2
CVE
CVE
added 2021/04/19 12:55 p.m.36 views

CVE-2020-7851

The CVE CVE-2020-7851 affects Innorix Web-Based File Transfer Solution (

7.8CVSS7.6AI score0.00723EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2021/03/29 4:15 p.m.4 views

CVE-2020-7850

NBBDownloader.ocx ActiveX Control in Groupware contains a vulnerability that could allow remote files to be downloaded and executed by setting the arguments to the activex method. A remote attacker could induce a user to access a crafted web page, causing damage such as malicious code infection...

7.8CVSS5.8AI score0.00773EPSS
Exploits0References2
CVE
CVE
added 2021/03/29 3:45 p.m.49 views

CVE-2020-7850

The CVE-2020-7850 entry concerns the NBBDownloader.ocx ActiveX control in Groupware. Descriptions across sources indicate a vulnerability that allows remote files to be downloaded and executed by manipulating arguments to the ActiveX method, enabling a remote attacker to lure a user to a crafted ...

7.8CVSS7.6AI score0.00773EPSS
Exploits0References2Affected Software1
FreeBSD
FreeBSD
added 2021/02/08 12:0 a.m.18 views

Carrierwave -- Multiple vulnerabilities

Community reports: Fix Code Injection vulnerability in CarrierWave::RMagick Fix SSRF vulnerability in the remote file download feature...

8.8CVSS2.9AI score0.12678EPSS
Exploits1References1
OSV
OSV
added 2020/12/26 6:15 a.m.2 views

CVE-2020-35362

DEXT5Upload 2.7.1262310 and earlier is affected by Directory Traversal in handler/dext5handler.jsp. This could allow remote files to be downloaded via a dext5CMD=downloadRequest action with traversal in the fileVirtualPath parameter the attacker must provide the correct fileOrgName value...

7.5CVSS7.1AI score0.01617EPSS
Exploits1References1
Rows per page
Query Builder