7 matches found
EUVD-2018-21636
Musicco 2.0.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary directories by manipulating the parent parameter. Attackers can supply directory traversal sequences in the parent parameter of the getAlbum endpoint to access sensitive system...
CVE-2018-25181 Musicco 2.0.0 Arbitrary Directory Download via Path Traversal
Musicco 2.0.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary directories by manipulating the parent parameter. Attackers can supply directory traversal sequences in the parent parameter of the getAlbum endpoint to access sensitive system...
CVE-2021-41281 Path traversal in Matrix Synapse
Synapse is a package for Matrix homeservers written in Python 3/Twisted. Prior to version 1.47.1, Synapse instances with the media repository enabled can be tricked into downloading a file from a remote server into an arbitrary directory. No authentication is required for the affected endpoint. T...
Musicco 2.0.0 - Arbitrary Directory Download Vulnerability
Exploit for php platform in category web applications Exploit Title: Musicco 2.0.0 - Arbitrary Directory Download Exploit Author: Ihsan Sencan Vendor Homepage: https://www.musicco.app/ Software Link: https://codeload.github.com/micser/musicco/zip/master Version: 2.0.0 Category: Webapps Tested on:...
Musicco 2.0.0 - Arbitrary Directory Download
Exploit Title: Musicco 2.0.0 - Arbitrary Directory Download Dork: N/A Date: 2018-11-09 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.musicco.app/ Software Link: https://codeload.github.com/micser/musicco/zip/master Version: 2.0.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE:...
Musicco 2.0.0 Arbitrary Directory Download
Exploit Title: Musicco 2.0.0 - Arbitrary Directory Download Dork: N/A Date: 2018-11-09 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.musicco.app/ Software Link: https://codeload.github.com/micser/musicco/zip/master Version: 2.0.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE:...
WordPress Download Plugin <= 1.0.1 - Arbitrary Directory Download Vulnerability
Arbitrary Directory Download Vulnerability was found in WordPress Download Plugin in 1.0.1 version. There's no restriction against directory download in the dpwapdownload function. It's a very serious vulnerability because an attacker can download the whole site directory. Update the plugin as so...