Lucene search
+L

53 matches found

Cvelist
Cvelist
added 2019/08/13 1:32 p.m.27 views

CVE-2019-14530

An issue was discovered in custom/ajaxdownload.php in OpenEMR before 5.0.2 via the fileName parameter. An attacker can download any file that is readable by the user www-data from server storage. If the requested file is writable for the www-data user and the directory...

8.6AI score0.66891EPSS
Exploits11References5
NVD
NVD
added 2019/07/02 3:15 p.m.23 views

CVE-2019-4260

IBM Daeja ViewONE Professional, Standard & Virtual 5.0 through 5.0.5 could allow an unauthorized user to download server files resulting in sensitive information disclosure. IBM X-Force ID: 160012...

5.3CVSS4.7AI score0.01301EPSS
Exploits0References2
CVE
CVE
added 2018/07/19 10:0 p.m.115 views

CVE-2018-10869

The CVE-2018-10869 vulnerability affects redhat-certification and allows a remote attacker to download any file accessible by the web server user via the /download page due to improper access restriction. Red Hat’s RHSA-2018:2373 (and related advisories) document this issue and provide a security...

7.5CVSS7.6AI score0.02768EPSS
Exploits0References3Affected Software2
OpenVAS
OpenVAS
added 2017/12/06 12:0 a.m.24 views

Horde Gollem Module Unauthorized File Download Vulnerability - Windows

Horde Groupware is prone to an unauthorized file download vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.5CVSS7.4AI score0.0553EPSS
Exploits3References1
OpenVAS
OpenVAS
added 2017/12/06 12:0 a.m.34 views

Horde Gollem Module Unauthorized File Download Vulnerability - Linux

Horde Groupware is prone to an unauthorized file download vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.5CVSS7.4AI score0.0553EPSS
Exploits3References1
OSV
OSV
added 2017/07/13 3:29 p.m.2 views

CVE-2017-1308

IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0 could allow an authenticated attacker to download files they should not have access to due to improper access controls. IBM X-Force ID: 125462...

6.5CVSS5.8AI score0.01537EPSS
Exploits0References3
Packet Storm
Packet Storm
added 2017/04/07 12:0 a.m.99 views

D-Link DWR-116 Directory Traversal

Title: D-Link DWR-116 Arbitrary File Download Vendor: D-Link www.dlink.com Affected models: DWR-116 / DWR-116A1 Tested on: V1.01EU, V1.00CPb10, V1.05AU CVE: CVE-2017-6190 Date: 04.07.2016 Author: Patryk Bogdan @patrykbogdan Description: D-Link DWR-116 with firmware before V1.05b09 suffers from...

0.1AI score0.15767EPSS
Exploits6
Exploit DB
Exploit DB
added 2017/01/30 12:0 a.m.79 views

HelpDeskZ < 1.0.2 - (Authenticated) SQL Injection / Unauthorized File Download

''' Exploit Title: HelpDeskZ fetchRow"SELECT , COUNTid AS total FROM ".TABLEPREFIX."attachments WHERE id=".$db-realescapestring$params2." AND ticketid=".$params0." AND msgid=".$params3; third argument AND msgid=".$params3; sent to fetchRow query with out any senitization Steps to reproduce:...

7.4AI score
Exploits0
CNVD
CNVD
added 2016/09/29 12:0 a.m.4 views

Huawei eSight Directory Traversal Vulnerability

Huawei eSight is Huawei's next-generation O&M solution for enterprise infrastructure networks, unified communications, telepresence conferencing, video surveillance, and data centers. The solution supports unified monitoring and configuration management of multi-vendor and multi-type devices, as...

6.5CVSS6.6AI score0.01575EPSS
Exploits0References1
Prion
Prion
added 2016/08/25 6:59 p.m.19 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in Roundcube Webmail before 1.1.5 allows remote attackers to hijack the authentication of users for requests that download attachments and cause a denial of service disk consumption via unspecified vectors...

6.8CVSS7.4AI score0.02713EPSS
Exploits0References8Affected Software2
Exploit DB
Exploit DB
added 2004/12/06 12:0 a.m.44 views

Microsoft Internet Explorer 5.0.1 - FTP URI Arbitrary FTP Server Command Execution

source: https://www.securityfocus.com/bid/11826/info Microsoft Internet Explorer is reported prone to an arbitrary FTP server command-execution vulnerability. This issue is due to the application's failure to properly sanitize user-supplied URI input before using it to execute FTP commands on...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2004/06/10 12:0 a.m.30 views

BlackBoard Learning System 6.0 - Dropbox File Download

source: https://www.securityfocus.com/bid/10515/info It is reported that Blackboard improperly allows users to download files posted in the 'Digital Dropbox'. Files in the dropbox are intended for the course administrators. The application does not verify that the files requested for download are...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2000/07/13 12:0 a.m.34 views

Infosec.20000712.worldclient.2.1

Infosec Security Vulnerability Report No: Infosec.20000712.worldclient.2.1 Vulnerability Summary --------------------- Problem: The web server for remote access to e-mail in WorldClient 2.1 is vulnerable for root dot dot. It is possible to read and in some cases download any file known by name an...

7.4AI score
Exploits0
Rows per page
Query Builder