Lucene search
K

21 matches found

EUVD
EUVD
added 2026/03/21 6:31 p.m.2 views

EUVD-2019-19896

Green CMS 2.x contains a path traversal vulnerability that allows authenticated attackers to download arbitrary files and directories by injecting directory traversal sequences. Attackers can manipulate the themename parameter in the themeexporthandle action or supply base64-encoded file paths to...

7.1CVSS5.9AI score0.01101EPSS
Exploits1References5
NVD
NVD
added 2026/03/21 4:16 p.m.5 views

CVE-2019-25574

Green CMS 2.x contains a path traversal vulnerability that allows authenticated attackers to download arbitrary files and directories by injecting directory traversal sequences. Attackers can manipulate the themename parameter in the themeexporthandle action or supply base64-encoded file paths to...

7.1CVSS0.01101EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/03/21 3:30 p.m.2 views

CVE-2019-25574

Green CMS 2.x contains a path traversal vulnerability that allows authenticated attackers to download arbitrary files and directories by injecting directory traversal sequences. Attackers can manipulate the themename parameter in the themeexporthandle action or supply base64-encoded file paths to...

7.1CVSS5.9AI score0.01101EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/03/21 3:30 p.m.26 views

CVE-2019-25574 Green CMS 2.x Path Traversal Arbitrary File Download

Green CMS 2.x contains a path traversal vulnerability that allows authenticated attackers to download arbitrary files and directories by injecting directory traversal sequences. Attackers can manipulate the themename parameter in the themeexporthandle action or supply base64-encoded file paths to...

7.1CVSS0.01101EPSS
Exploits1References4
CVE
CVE
added 2026/03/21 3:30 p.m.13 views

CVE-2019-25574

CVE-2019-25574 affects Green CMS 2.x. The vulnerability is a path traversal flaw that enables authenticated attackers to download arbitrary files or directories. Attackers can exploit the themeexporthandle action by injecting directory traversal sequences into the theme_name parameter, or use bas...

7.1CVSS5.9AI score0.01101EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/21 12:0 a.m.5 views

PT-2026-26922

Green CMS 2.x contains a path traversal vulnerability that allows authenticated attackers to download arbitrary files and directories by injecting directory traversal sequences. Attackers can manipulate the theme name parameter in the themeexporthandle action or supply base64-encoded file paths t...

7.1CVSS5.9AI score0.01101EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2005-2820

Malware in sbrugna...

7.5CVSS6.4AI score0.01549EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2005-2819

Malware in sbrugna...

4.3CVSS6.4AI score0.01177EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/09/11 12:0 a.m.5 views

PT-2024-39187 · Unknown · Yunke Online School System

Name of the Vulnerable Software and Affected Versions: Yunke Online School System versions up to 3.0.6 Description: A vulnerability was found in the Yunke Online School System, affecting the downfile function of the file application/admin/controller/Appadmin.php. The manipulation of the url...

5.3CVSS4.9AI score0.00535EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/03/18 12:0 a.m.4 views

PT-2024-21307 · Fujian Kelixin · Fujian Kelixin Communication Command/Dispatch Platform

Name of the Vulnerable Software and Affected Versions: Fujian Kelixin Communication Command and Dispatch Platform versions up to 20240318 Description: A critical issue has been found in the Fujian Kelixin Communication Command and Dispatch Platform, affecting an unknown functionality of the file...

9.8CVSS7AI score0.00558EPSS
Exploits0References6
OSV
OSV
added 2023/05/17 5:15 p.m.3 views

CVE-2023-2765

A vulnerability has been found in Weaver OA up to 9.5 and classified as problematic. This vulnerability affects unknown code of the file /E-mobile/App/System/File/downfile.php. The manipulation of the argument url leads to absolute path traversal. The attack can be initiated remotely. The exploit...

7.5CVSS5.2AI score0.02182EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/05/17 12:0 a.m.6 views

PT-2023-21283 · Weaver Oa · Weaver Oa

Name of the Vulnerable Software and Affected Versions: Weaver OA versions up to 9.5 Description: A problematic issue has been found in the file /E-mobile/App/System/File/downfile.php, where the manipulation of the url argument leads to absolute path traversal. This can be initiated remotely. The...

7.5CVSS4.9AI score0.02182EPSS
Exploits1References6
OSV
OSV
added 2023/01/26 10:15 p.m.3 views

CVE-2022-38088

A directory traversal vulnerability exists in the httpd downfile.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger this vulnerability...

6.5CVSS5.9AI score0.02283EPSS
Exploits1References2
CNVD
CNVD
added 2018/06/29 12:0 a.m.3 views

GreenCMS Arbitrary File Download Vulnerability

GreenCMS is a content management system CMS based on ThinkPHP. An arbitrary file download vulnerability exists in GreenCMS version 2.3.0603. An attacker can download arbitrary files with the help of index.php?m=admin&c=media&a=downfile URI...

7.5CVSS7.7AI score0.01586EPSS
Exploits1References1
myhack58
myhack58
added 2010/11/29 12:0 a.m.31 views

JCMS 2 0 1 0 arbitrary File Download vulnerability-vulnerability warning-the black bar safety net

Publishing author: Beach Affected version: V2010 Official address: http://www.hanweb.com/ Vulnerability type: File Download Vulnerability Description: The JCMS 2 0 1 0 downfile. jsp to download the presence of the vulnerability can be configured to download any files. Description: In...

0.4AI score
Exploits0
Exploit DB
Exploit DB
added 2010/11/22 12:0 a.m.31 views

JCMS 2010 - File Download

Title: JCMS 2010 File Download Vulnerability Date: 2010-11-22 Author: Beach Team: http://www.linux520.com/ Vendor: http://www.hanweb.com/ Language:Java Greetz: Brother Description: In /module/download/downfile.jsp ,filename and pathfile didn't verify user's input So this vulnerability allows an...

7.4AI score
Exploits0
NVD
NVD
added 2005/09/07 7:7 p.m.17 views

CVE-2005-2819

DownFile 1.3 allows remote attackers to gain administrator privileges via a direct request to 1 update.php, 2 del.php, and 3 addform.php...

7.5CVSS6.9AI score0.01549EPSS
Exploits0References4
NVD
NVD
added 2005/09/07 7:7 p.m.16 views

CVE-2005-2818

Cross-site scripting XSS vulnerability in DownFile 1.3 allows remote attackers to inject arbitrary web script or HTML via the id parameter to 1 email.php,2 index.php, 3 del.php, or 4 addform.php...

4.3CVSS5.7AI score0.01177EPSS
Exploits0References4
CVE
CVE
added 2005/09/07 4:0 a.m.42 views

CVE-2005-2818

CVE-2005-2818 concerns a cross-site scripting (XSS) vulnerability in DownFile 1.3. The issue arises from unvalidated input in the id parameter passed to four PHP scripts (email.php, index.php, del.php, add_form.php), enabling remote attackers to inject arbitrary JavaScript/HTML. The available doc...

4.3CVSS6AI score0.01177EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2005/09/07 4:0 a.m.47 views

CVE-2005-2819

CVE-2005-2819 affects DownFile 1.3. Remote attackers can gain administrator privileges through direct HTTP requests to update.php, del.php, and add_form.php. The provided materials describe the affected components and impact but do not specify the underlying root cause or a verified exploit metho...

7.5CVSS7.3AI score0.01549EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder