Lucene search
K

18 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2017-18029

Malware in sbrugna...

7.5CVSS7.6AI score0.01192EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2017-17790

Malware in sbrugna...

6.5CVSS6.6AI score0.00487EPSS
Exploits0References2
CVE
CVE
added 2017/05/31 3:54 a.m.49 views

CVE-2017-9307

The CVE-2017-9307 entry concerns a known SSRF issue in Allen Disk 1.6, specifically in remotedownload.php, where a crafted file parameter can be used by remote authenticated users to perform port scans and reach internal network services. The related connected documents corroborate that remotedow...

6.5CVSS6.1AI score0.00894EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2017/05/31 3:54 a.m.25 views

CVE-2017-9307

SSRF vulnerability in remotedownload.php in Allen Disk 1.6 allows remote authenticated users to conduct port scans and access intranet servers via a crafted file parameter...

6.2AI score0.00894EPSS
Exploits0References1
Prion
Prion
added 2017/05/28 8:29 p.m.16 views

Cross site scripting

Cross-site scripting XSS vulnerability in Allen Disk 1.6 allows remote authenticated users to inject arbitrary web script or HTML persistently by uploading a crafted HTML file. The attack vector is the content of this file, and the filename must be specified in the PATHINFO to readfile.php...

3.5CVSS5.6AI score0.0068EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2017/05/28 8:0 p.m.28 views

CVE-2017-9249

Cross-site scripting XSS vulnerability in Allen Disk 1.6 allows remote authenticated users to inject arbitrary web script or HTML persistently by uploading a crafted HTML file. The attack vector is the content of this file, and the filename must be specified in the PATHINFO to readfile.php...

5.1AI score0.0068EPSS
Exploits1References2
CVE
CVE
added 2017/05/28 8:0 p.m.47 views

CVE-2017-9249

The CVE-2017-9249 entry describes a Cross-Site Scripting (XSS) vulnerability in Allen Disk 1.6. The issue enables remote authenticated users to persistently inject arbitrary web script or HTML by uploading a crafted HTML file, with the attack vector being the contents of that file and the filenam...

5.4CVSS5AI score0.0068EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2017/05/19 6:29 p.m.18 views

Design/Logic Flaw

reg.php in Allen Disk 1.6 doesn't check if isset$SESSION'captcha''code'==1, which makes it possible to bypass the CAPTCHA via an empty $POST'captcha'...

5CVSS7.5AI score0.01192EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2017/05/19 6:0 p.m.27 views

CVE-2017-9091

/admin/loginc.php in Allen Disk 1.6 doesn't check if isset$SESSION'captcha''code' == 1, which leads to CAPTCHA bypass by emptying $POST'captcha'...

7.5AI score0.01192EPSS
Exploits0References1
Cvelist
Cvelist
added 2017/05/19 6:0 p.m.24 views

CVE-2017-9090

reg.php in Allen Disk 1.6 doesn't check if isset$SESSION'captcha''code'==1, which makes it possible to bypass the CAPTCHA via an empty $POST'captcha'...

7.5AI score0.01192EPSS
Exploits0References1
CVE
CVE
added 2017/05/19 6:0 p.m.46 views

CVE-2017-9090

The CVE-2017-9090 issue affects Allen Disk 1.6’s reg.php, where there is no proper check of isset($_SESSION['captcha']['code']), enabling bypass of CAPTCHA via an empty $_POST['captcha']. The vulnerability is documented across multiple feeds (NVD entry with CVSSv2/3 scores indicating low–high imp...

7.5CVSS7.4AI score0.01192EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2017/05/08 5:29 p.m.13 views

Design/Logic Flaw

Allen Disk 1.6 has CSRF in setpass.php with an impact of changing a password...

4.3CVSS6.5AI score0.00487EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2017/05/08 5:29 p.m.17 views

CVE-2017-8848

Allen Disk 1.6 has CSRF in setpass.php with an impact of changing a password...

6.5CVSS6.5AI score0.00487EPSS
Exploits0References1
OSV
OSV
added 2017/05/08 5:29 p.m.5 views

CVE-2017-8848

Allen Disk 1.6 has CSRF in setpass.php with an impact of changing a password...

6.5CVSS5.8AI score0.00487EPSS
Exploits0References1
Cvelist
Cvelist
added 2017/05/08 5:0 p.m.20 views

CVE-2017-8848

Allen Disk 1.6 has CSRF in setpass.php with an impact of changing a password...

6.6AI score0.00487EPSS
Exploits0References1
NVD
NVD
added 2017/05/08 6:29 a.m.17 views

CVE-2017-8832

Allen Disk 1.6 has XSS in the id parameter to downfile.php...

6.1CVSS6AI score0.00631EPSS
Exploits0References1
CVE
CVE
added 2017/05/08 6:10 a.m.54 views

CVE-2017-8832

Allen Disk 1.6 has a Cross-Site Scripting (XSS) vulnerability in the id parameter of downfile.php. The connected records consistently describe this XSS flaw for Allen Disk 1.6, but none of the provided documents supply details on exploitation methods, affected versions beyond 1.6, specific root c...

6.1CVSS5.9AI score0.00631EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2017/05/08 6:10 a.m.25 views

CVE-2017-8832

Allen Disk 1.6 has XSS in the id parameter to downfile.php...

6AI score0.00631EPSS
Exploits0References1
Rows per page
Query Builder