EUVD-2017-17774

Malware in sbrugna...

Allen Disk Cross-Site Scripting Vulnerability

Allen Disk is a free, open source cloud-based hard disk product that features encrypted file storage, online preview, file sharing and more. A cross-site scripting vulnerability exists in the 'id' parameter of the downfile.php file in Allen Disk version 1.6. A remote attacker can exploit this...

CVE-2017-8832

Allen Disk 1.6 has XSS in the id parameter to downfile.php...

CVE-2017-8832

Allen Disk 1.6 has XSS in the id parameter to downfile.php...

Design/Logic Flaw

Allen Disk 1.6 has XSS in the id parameter to downfile.php...

CVE-2017-8832

Allen Disk 1.6 has a Cross-Site Scripting (XSS) vulnerability in the id parameter of downfile.php. The connected records consistently describe this XSS flaw for Allen Disk 1.6, but none of the provided documents supply details on exploitation methods, affected versions beyond 1.6, specific root c...

CVE-2017-8832

Allen Disk 1.6 has XSS in the id parameter to downfile.php...

海康威视视频接入网关系统 downFile.php 参数fileName 任意文件下载漏洞

0x01漏洞简介 海康威视视频接入网关系统在页面/serverLog/downFile.php的参数fileName存在任意文件下载漏洞。 0x02漏洞分析 文件/serverLog/downFile.php alert"文件不存在!";window.history.back-1;'; exit; else $file = fopen$filedir . $filename,"r"; // 打开文件 // 输入文件标签 Header"Content-type: application/octet-stream"; Header"Accept-Ranges: bytes";...

SQL Blind Betting Vulnerability in zzcms

ZZCMS highlights the investment and supply and demand functions, you can quickly build a product investment website. SQL injection vulnerability exists in zzcms product/project version, cookie and time-based blind injection. The vulnerability trigger point is in downfile.php, the attacker can use...