25 matches found
CVE-2026-4204
Affected products: D-Link DNS-120, DNR-202L, DNS-315L, DNS-320/320L/320LW, DNS-321, DNR-322L, DNS-323, DNS-325/326/327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05, DNS-1550-04. Root cause: The CGI endpoints in /cgi-bin/gui_mgr.cgi (cgi_myfavorite_add/…/cgi_mycloud_au...
PT-2026-4750
The web interface offers a functionality to export the internal SQLite database. After executing the database export, an automatic download is started and the device reboots. After rebooting, the exported database is deleted and cannot be accessed anymore. However, it was noticed that sometimes t...
CVE-2025-66550
Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7.17 and 5.2.4, when a malicious user creates a calendar event with a crafted attachment that links to a download link of a file on the same Nextcloud server, the file would be downloaded without the user confirming the action. This...
📄 WhatsApp Android Contact Gating Bypass
WhatsApp Android has a contact gating bypass in groups that leads to interaction-less media download. Background To prevent security issues and spam, WhatsApp for Android requires some form of user interaction to automatically download files from non-contacts: a. After adding someone as a contact...
UBUNTU-CVE-2025-5986
A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user's desktop or home directory without prompting, even if auto-saving is disabled. This behavior can be abused to fill the disk with garbage data e.g. using /dev/urandom on Linux or to...
PT-2025-21186 · Mozilla +5 · Thunderbird +5
Name of the Vulnerable Software and Affected Versions: Thunderbird versions prior to 128.10.1 Thunderbird versions prior to 138.0.1 Description: A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user's desktop or home directory without...
CVE-2020-14118
An intent redirection vulnerability in the Mi App Store product. This vulnerability is caused by the Mi App Store does not verify the validity of the incoming data, can cause the app store to automatically download and install apps...
The vulnerability of the Microsoft Lync for Mac instant messaging program, related to message processing errors, allows a hacker to redirect users to malicious websites or automatically download certain types of files from a list of safe file types.
The vulnerability of the Microsoft Lync for Mac instant messaging program exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to redirect users to malicious websites or automatically download certain file types as safe files through a...
Security Bypass Vulnerabilities in Multiple Game Engine Products
ioquake3 and others are open source, free, cross-platform Quake 3-based FPS game engines. A security vulnerability exists in the auto-downloading feature in several game engine products, which stems from the program's failure to adequately restrict content. An attacker can exploit the vulnerabili...
CVE-2017-6903
In ioquake3 before 2017-03-14, the auto-downloading feature has insufficient content restrictions. This also affects Quake III Arena, OpenArena, OpenJK, iortcw, and other id Tech 3 aka Quake 3 engine forks. A malicious auto-downloaded file can trigger loading of crafted auto-downloaded files as...
CVE-2017-6903
In ioquake3 before 2017-03-14, the auto-downloading feature has insufficient content restrictions. This also affects Quake III Arena, OpenArena, OpenJK, iortcw, and other id Tech 3 aka Quake 3 engine forks. A malicious auto-downloaded file can trigger loading of crafted auto-downloaded files as...
UBUNTU-CVE-2017-6903
In ioquake3 before 2017-03-14, the auto-downloading feature has insufficient content restrictions. This also affects Quake III Arena, OpenArena, OpenJK, iortcw, and other id Tech 3 aka Quake 3 engine forks. A malicious auto-downloaded file can trigger loading of crafted auto-downloaded files as...
CVE-2017-6903
In ioquake3 before 2017-03-14, the auto-downloading feature has insufficient content restrictions. This also affects Quake III Arena, OpenArena, OpenJK, iortcw, and other id Tech 3 aka Quake 3 engine forks. A malicious auto-downloaded file can trigger loading of crafted auto-downloaded files as...
CVE-2017-6903
In ioquake3 before 2017-03-14, the auto-downloading feature has insufficient content restrictions. This also affects Quake III Arena, OpenArena, OpenJK, iortcw, and other id Tech 3 aka Quake 3 engine forks. A malicious auto-downloaded file can trigger loading of crafted auto-downloaded files as...
Windows-Exploit-Suggester v3.2 - Compares a targets patch levels against the Microsoft vulnerability database
This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. It also notifies the user if there are public exploits and Metasploit modules available for the missing bulletins. It requires the 'systeminfo' comman...
Here's How to Stop Windows 7 or 8 from Downloading Windows 10 Automatically
Yesterday we reported you that Microsoft is auto-downloading Windows 10 installation files — between 3.5GB and 6GB — onto users' PCs even if they have not opted into the upgrade. Microsoft plans to deploy Windows 10 on over 1 Billion devices worldwide, and this auto-downloading Windows 10 could b...
SMBMap - Samba Share Enumerator
SMBMap allows users to enumerate samba share drives across an entire domain. List share drives, drive permissions, share contents, upload/download functionality, file name auto-download pattern matching, and even execute remote commands. This tool was designed with pen testing in mind, and is...
Android webkit XSS cross-domain Auto-Download vulnerability-vulnerability warning-the black bar safety net
Android Multiple Vulnerabilities Author: www.80vul.com Email:5up3rh3igmail.com Release Date: 2012/2/8 References: http://www.80vul.com/android/android-0days.txt Ph4nt0m Webzine 0x06 has been releasedhttp://www.80vul.com/webzine0x06/,there three papers on the android application security about the...
Google Chrome Auto download exploit ..
Hello,, Google Chrome Auto download exploit .. Discovered By : HACKERS PAL Copy rights : HACKERS PAL Website : http://www.soqor.net Email Address : [email protected] Tested Successfully on Google Chrome Build 1798 html head titleChrome Auto download Exploit .. By HACKERS PAL/title script functio...
google-download2.txt
Hello,, Google Chrome Auto download exploit .. Discovered By : HACKERS PAL Copy rights : HACKERS PAL Website : http://www.soqor.net Email Address : [email protected] Tested Successfully on Google Chrome Build 1798 Chrome Auto download Exploit .. By HACKERS PAL function softdownload...