18 matches found
EUVD-2017-18029
Malware in sbrugna...
EUVD-2017-17790
Malware in sbrugna...
CVE-2017-9307
The CVE-2017-9307 entry concerns a known SSRF issue in Allen Disk 1.6, specifically in remotedownload.php, where a crafted file parameter can be used by remote authenticated users to perform port scans and reach internal network services. The related connected documents corroborate that remotedow...
CVE-2017-9307
SSRF vulnerability in remotedownload.php in Allen Disk 1.6 allows remote authenticated users to conduct port scans and access intranet servers via a crafted file parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in Allen Disk 1.6 allows remote authenticated users to inject arbitrary web script or HTML persistently by uploading a crafted HTML file. The attack vector is the content of this file, and the filename must be specified in the PATHINFO to readfile.php...
CVE-2017-9249
Cross-site scripting XSS vulnerability in Allen Disk 1.6 allows remote authenticated users to inject arbitrary web script or HTML persistently by uploading a crafted HTML file. The attack vector is the content of this file, and the filename must be specified in the PATHINFO to readfile.php...
CVE-2017-9249
The CVE-2017-9249 entry describes a Cross-Site Scripting (XSS) vulnerability in Allen Disk 1.6. The issue enables remote authenticated users to persistently inject arbitrary web script or HTML by uploading a crafted HTML file, with the attack vector being the contents of that file and the filenam...
Design/Logic Flaw
reg.php in Allen Disk 1.6 doesn't check if isset$SESSION'captcha''code'==1, which makes it possible to bypass the CAPTCHA via an empty $POST'captcha'...
CVE-2017-9091
/admin/loginc.php in Allen Disk 1.6 doesn't check if isset$SESSION'captcha''code' == 1, which leads to CAPTCHA bypass by emptying $POST'captcha'...
CVE-2017-9090
reg.php in Allen Disk 1.6 doesn't check if isset$SESSION'captcha''code'==1, which makes it possible to bypass the CAPTCHA via an empty $POST'captcha'...
CVE-2017-9090
The CVE-2017-9090 issue affects Allen Disk 1.6’s reg.php, where there is no proper check of isset($_SESSION['captcha']['code']), enabling bypass of CAPTCHA via an empty $_POST['captcha']. The vulnerability is documented across multiple feeds (NVD entry with CVSSv2/3 scores indicating low–high imp...
Design/Logic Flaw
Allen Disk 1.6 has CSRF in setpass.php with an impact of changing a password...
CVE-2017-8848
Allen Disk 1.6 has CSRF in setpass.php with an impact of changing a password...
CVE-2017-8848
Allen Disk 1.6 has CSRF in setpass.php with an impact of changing a password...
CVE-2017-8848
Allen Disk 1.6 has CSRF in setpass.php with an impact of changing a password...
CVE-2017-8832
Allen Disk 1.6 has XSS in the id parameter to downfile.php...
CVE-2017-8832
Allen Disk 1.6 has a Cross-Site Scripting (XSS) vulnerability in the id parameter of downfile.php. The connected records consistently describe this XSS flaw for Allen Disk 1.6, but none of the provided documents supply details on exploitation methods, affected versions beyond 1.6, specific root c...
CVE-2017-8832
Allen Disk 1.6 has XSS in the id parameter to downfile.php...