Lucene search
+L

7 matches found

cnnvd
cnnvd
added 2026/01/28 12:0 a.m.9 views

Explorance Blue security vulnerabilities

Explorance Blue is a learning experience management software developed by the Canadian company Explorance. Versions of Explorance Blue prior to 8.14.13 contained security vulnerabilities. These vulnerabilities stemmed from the Web service component’s ability to allow authenticated remote file...

9.9CVSS6.1AI score0.00538EPSS
Exploits0References5
euvd
euvd
added 2025/10/07 12:30 a.m.3 views

EUVD-2004-1209

Malware in sbrugna...

5CVSS6.4AI score0.03226EPSS
Exploits1References5
redhatcve
redhatcve
added 2025/05/22 4:31 p.m.9 views

CVE-2020-35362

DEXT5Upload 2.7.1262310 and earlier is affected by Directory Traversal in handler/dext5handler.jsp. This could allow remote files to be downloaded via a dext5CMD=downloadRequest action with traversal in the fileVirtualPath parameter the attacker must provide the correct fileOrgName value...

7.5CVSS6.9AI score0.01617EPSS
Exploits1
osv
osv
added 2024/09/30 12:0 a.m.10 views

CVE-2024-46540

A remote code execution RCE vulnerability in the component /admin/store.php of Emlog Pro before v2.3.15 allows attackers to use remote file downloads and self-extract fucntions to upload webshells to the target server, thereby obtaining system privileges...

6.3CVSS7.8AI score0.0073EPSS
Exploits1References5
debiancve
debiancve
added 2021/11/23 7:15 p.m.32 views

CVE-2021-41281

Synapse is a package for Matrix homeservers written in Python 3/Twisted. Prior to version 1.47.1, Synapse instances with the media repository enabled can be tricked into downloading a file from a remote server into an arbitrary directory. No authentication is required for the affected endpoint. T...

7.5CVSS7.7AI score0.01514EPSS
Exploits0
osv
osv
added 2016/03/16 10:59 a.m.10 views

CVE-2016-1991

HPE ArcSight ESM 5.x before 5.6, 6.0, 6.5.x before 6.5C SP1 Patch 2, and 6.8c before P1, and ArcSight ESM Express before 6.9.1, allows remote authenticated users to conduct unspecified "file download" attacks via unknown vectors...

8CVSS5.8AI score0.01572EPSS
Exploits0References2
cve
cve
added 2007/07/25 6:0 p.m.44 views

CVE-2007-3985

The CVE-2007-3985 issue affects Secure Computing SecurityReporter (aka Network Security Analyzer) version 4.6.3, where the file.cgi script fails to sanitize the name parameter. This enables a directory traversal attack (".." in the name) allowing remote attackers to download arbitrary files from ...

5CVSS6.7AI score0.01913EPSS
Exploits1References8Affected Software1
Rows per page
Query Builder