Lucene search
K

20 matches found

Cvelist
Cvelist
added 2026/06/25 6:5 p.m.19 views

CVE-2026-56768 Seahub < 13.0.23 - Authentication Bypass in ShareLinkZipTaskView GET Method

Seahub before 13.0.23 does not enforce SHARELINKLOGINREQUIRED on GET /api/v2.1/share-link-zip-task/, allowing unauthenticated users to bypass authentication. Attackers with a folder share-link token can call the GET endpoint to obtain a fileserver zip token and download entire shared directory...

8.8CVSS0.00381EPSS
Exploits0References5
OSV
OSV
added 2026/06/17 6:35 p.m.4 views

GHSA-QF38-JQ28-3CCQ Apache Airflow SFTP provider: Path traversal in SFTPHook.retrieve_directory

A path traversal in the SFTP provider SFTPHook.retrievedirectory / SFTPOperatoroperation=get let a malicious or compromised remote SFTP server write files outside the configured local destination directory via crafted directory-entry names. No Airflow account is required — the attack surface is a...

9.1CVSS5.4AI score0.00626EPSS
Exploits0References5
EUVD
EUVD
added 2026/03/06 3:31 p.m.8 views

EUVD-2018-21636

Musicco 2.0.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary directories by manipulating the parent parameter. Attackers can supply directory traversal sequences in the parent parameter of the getAlbum endpoint to access sensitive system...

8.7CVSS5.9AI score0.00632EPSS
Exploits0References3
CVE
CVE
added 2026/03/06 12:19 p.m.13 views

CVE-2018-25181

Musicco 2.0.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary directories by manipulating the parent parameter in the getAlbum endpoint, resulting in ZIP downloads of sensitive system directories. The issue affects the getAlbum path traversal fu...

8.7CVSS5.9AI score0.00632EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/06 12:19 p.m.29 views

CVE-2018-25181 Musicco 2.0.0 Arbitrary Directory Download via Path Traversal

Musicco 2.0.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary directories by manipulating the parent parameter. Attackers can supply directory traversal sequences in the parent parameter of the getAlbum endpoint to access sensitive system...

8.7CVSS0.00632EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/06 12:19 p.m.2 views

CVE-2018-25181

Musicco 2.0.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary directories by manipulating the parent parameter. Attackers can supply directory traversal sequences in the parent parameter of the getAlbum endpoint to access sensitive system...

8.7CVSS5.9AI score0.00632EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/11/23 7:15 p.m.47 views

CVE-2021-41281 Path traversal in Matrix Synapse

Synapse is a package for Matrix homeservers written in Python 3/Twisted. Prior to version 1.47.1, Synapse instances with the media repository enabled can be tricked into downloading a file from a remote server into an arbitrary directory. No authentication is required for the affected endpoint. T...

7.5CVSS7.9AI score0.01514EPSS
Exploits0References5
wpexploit
wpexploit
added 2021/08/23 12:0 a.m.600 views

OMGF < 4.5.4 - Unauthenticated Path Traversal in REST API

The plugin does not escape or validate the handle parameter of the REST API, which allows unauthenticated users to perform path traversal and overwrite arbitrary CSS file with Google Fonts CSS, or download fonts uploaded on Google Fonts website. Access the URL below as unauthenticated...

9.1CVSS9.5AI score0.01762EPSS
Exploits2
OSV
OSV
added 2020/11/17 9:15 p.m.5 views

CVE-2020-26549

An issue was discovered in Aviatrix Controller before R5.4.1290. The htaccess protection mechanism to prevent requests to directories can be bypassed for file downloading...

7.5CVSS7.1AI score0.01488EPSS
Exploits1References1
Packet Storm
Packet Storm
added 2019/01/25 12:0 a.m.32 views

Green CMS 2.x Arbitrary File / Directory Download

Exploit Title: Green CMS 2.x - Arbitrary File & Directory Download Dork: N/A Date: 2019-01-25 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.greencms.net/ Software Link: https://codeload.github.com/GreenCMS/GreenCMS/zip/beta Version: 2.x Category: Webapps Tested on: WiN7x64/KaLiLinuXx64...

0.1AI score
Exploits0
0day.today
0day.today
added 2019/01/25 12:0 a.m.48 views

GreenCMS 2.x - Arbitrary File Download Vulnerability

Exploit for php platform in category web applications Exploit Title: Green CMS 2.x - Arbitrary File & Directory Download Exploit Author: Ihsan Sencan Vendor Homepage: http://www.greencms.net/ Software Link: https://codeload.github.com/GreenCMS/GreenCMS/zip/beta Version: 2.x Category: Webapps Test...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2019/01/25 12:0 a.m.31 views

GreenCMS 2.x - Arbitrary File Download

GreenCMS 2.x - Arbitrary File Download Exploit Title: Green CMS 2.x - Arbitrary File & Directory Download Dork: N/A Date: 2019-01-25 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.greencms.net/ Software Link: https://codeload.github.com/GreenCMS/GreenCMS/zip/beta Version: 2.x Category:...

7.4AI score
Exploits0
0day.today
0day.today
added 2018/11/14 12:0 a.m.126 views

Musicco 2.0.0 - Arbitrary Directory Download Vulnerability

Exploit for php platform in category web applications Exploit Title: Musicco 2.0.0 - Arbitrary Directory Download Exploit Author: Ihsan Sencan Vendor Homepage: https://www.musicco.app/ Software Link: https://codeload.github.com/micser/musicco/zip/master Version: 2.0.0 Category: Webapps Tested on:...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2018/11/13 12:0 a.m.35 views

Musicco 2.0.0 - Arbitrary Directory Download

Musicco 2.0.0 - Arbitrary Directory Download Exploit Title: Musicco 2.0.0 - Arbitrary Directory Download Dork: N/A Date: 2018-11-09 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.musicco.app/ Software Link: https://codeload.github.com/micser/musicco/zip/master Version: 2.0.0 Category:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2018/11/13 12:0 a.m.173 views

Musicco 2.0.0 Arbitrary Directory Download

Exploit Title: Musicco 2.0.0 - Arbitrary Directory Download Dork: N/A Date: 2018-11-09 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.musicco.app/ Software Link: https://codeload.github.com/micser/musicco/zip/master Version: 2.0.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/11/13 12:0 a.m.77 views

Musicco 2.0.0 - Arbitrary Directory Download

Exploit Title: Musicco 2.0.0 - Arbitrary Directory Download Dork: N/A Date: 2018-11-09 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.musicco.app/ Software Link: https://codeload.github.com/micser/musicco/zip/master Version: 2.0.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE:...

7AI score
Exploits0
Kitploit
Kitploit
added 2017/08/24 2:9 p.m.41 views

iWant - CLI Based Decentralized Peer To Peer File Sharing

A commandline tool for searching and downloading files in LAN network, without any central server. Features Decentralized : There is no central server hosting files. Therefore, no central point of failure Easydiscovery of files: As easy as searching for something in Google. File download from...

6.9AI score
Exploits0References1
n0where
n0where
added 2017/08/06 6:21 p.m.26 views

Decentralized Peer to Peer File Sharing: iWant

A command-line tool for searching and downloading files in LAN network, without any central server. Features Decentralized : There is no central server hosting files. Therefore, no central point of failure Easy discovery of files : As easy as searching for something in Google. File download from...

1AI score
Exploits0References2
Patchstack
Patchstack
added 2017/07/14 12:0 a.m.9 views

WordPress Download Plugin <= 1.0.1 - Arbitrary Directory Download Vulnerability

Arbitrary Directory Download Vulnerability was found in WordPress Download Plugin in 1.0.1 version. There's no restriction against directory download in the dpwapdownload function. It's a very serious vulnerability because an attacker can download the whole site directory. Update the plugin as so...

4.7AI score
Exploits0References2Affected Software1
Packet Storm
Packet Storm
added 2016/08/25 12:0 a.m.48 views

Dotclear 2.9.1 Directory Download

Dotclear 2.9.1 Directory Download Vulnerability + Software: https://dotclear.org/ + Author: Wiswat Aswamenakul + Affected version: only tested on 2.9.1 previous version might be affected + Platform: tested on Ubuntu 14.04, PHP 5.5.9 + Description Authenticated users with media manager access...

7.4AI score
Exploits0
Rows per page
Query Builder