3 matches found
CVE-2024-26261
The functionality for file download in HGiga OAKlouds' certain modules contains an Arbitrary File Read and Delete vulnerability. Attackers can put file path in specific request parameters, allowing them to download the file without login. Furthermore, the file will be deleted after being download...
PT-2024-21314 · Hgiga · Hgiga Oaklouds
Name of the Vulnerable Software and Affected Versions: HGiga OAKlouds affected versions not specified Description: The issue concerns an Arbitrary File Read and Delete vulnerability in the file download functionality of certain HGiga OAKlouds modules. Attackers can exploit this by specifying a fi...
chromium-browser: Settings allowed executable files to run immediately after download in unsepcified
Google Chrome before 44.0.2403.89 does not ensure that the auto-open list omits all dangerous file types, which makes it easier for remote attackers to execute arbitrary code by providing a crafted file and leveraging a user's previous "Always open files of this type" choice, related to...