22 matches found
CVE-2005-2819
DownFile 1.3 allows remote attackers to gain administrator privileges via a direct request to 1 update.php, 2 del.php, and 3 addform.php...
CVE-2005-2818
CVE-2005-2818 concerns a cross-site scripting (XSS) vulnerability in DownFile 1.3. The issue arises from unvalidated input in the id parameter passed to four PHP scripts (email.php, index.php, del.php, add_form.php), enabling remote attackers to inject arbitrary JavaScript/HTML. The available doc...