Lucene search
K

14 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-51516

Malicious code in bioql PyPI...

5.3CVSS6.6AI score0.00292EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/01/14 12:0 a.m.8 views

The vulnerability of the Drupal CMS system’s “Download All Files” module, related to the lack of authentication, allows attackers to bypass security restrictions and execute a forced browsing attack.

The vulnerability of the “Download All Files” module in Drupal systems is related to the lack of authentication. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and execute a Forceful Browsing attack...

4.3CVSS5.5AI score0.00292EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2025/01/09 8:24 p.m.17 views

CVE-2024-13303 Download All Files - Critical - Access bypass - SA-CONTRIB-2024-069

Missing Authorization vulnerability in Drupal Download All Files allows Forceful Browsing.This issue affects Download All Files: from 0.0.0 before 2.0.2...

0.00292EPSS
Exploits0References1
CVE
CVE
added 2025/01/09 8:24 p.m.55 views

CVE-2024-13303

CVE-2024-13303 affects the Drupal module “Download All Files” (vulnerable: 0.0.0–2.0.1) and is due to a Missing Authorization flaw that enables forceful browsing to access files that should be protected. Public references confirm the issue as an access bypass vulnerability in this contrib module,...

5.3CVSS7.2AI score0.00292EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/01/09 8:24 p.m.3 views

CVE-2024-13303 Download All Files - Critical - Access bypass - SA-CONTRIB-2024-069

Missing Authorization vulnerability in Drupal Download All Files allows Forceful Browsing.This issue affects Download All Files: from 0.0.0 before 2.0.2...

5.3CVSS5.9AI score0.00292EPSS
Exploits0References5
OSV
OSV
added 2024/12/04 3:13 p.m.4 views

DRUPAL-CONTRIB-2024-069

This module provides a field formatter for the field type 'file' called Table of files with download all link . The module had vulnerabilities allowing a user to download files they normally should not be able to download...

5.3CVSS6.8AI score0.00292EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/12/04 12:0 a.m.3 views

Drupal Download All Files module < 2.0.2 - Unauthenticated Broken Access Control vulnerability

Unauthenticated Broken Access Control vulnerability discovered by Pierre Rudloff in WordPress Module Download All Files versions 2.0.2...

5.3CVSS7AI score0.00292EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/12/04 12:0 a.m.4 views

PT-2024-10085 · Drupal · Download All Files

Name of the Vulnerable Software and Affected Versions: Download All Files versions 0.0.0 through 2.0.1 Description: The issue is related to a Missing Authorization vulnerability in the Download All Files module for the Drupal CMS, which allows for Forceful Browsing. This vulnerability can be...

5.3CVSS7.4AI score0.00292EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/11/25 12:0 a.m.5 views

PT-2024-35697 · Autolab · Autolab

Name of the Vulnerable Software and Affected Versions: Autolab versions 3.0.0 through 3.0.2 Description: Autolab is a course management service that enables auto-graded programming assignments. The issue allows students to download all assignments from another student, as long as they are logged...

7.1CVSS7.2AI score0.00469EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/11/25 12:0 a.m.4 views

Autolab 安全漏洞

Autolab is an open source course management service from Autolab. It supports automatically graded programming assignments. A security vulnerability exists in Autolab version 3.0.0 that stems from the ability of students to download all assignments from other students using the...

7.1CVSS6.4AI score0.00469EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2019/11/12 12:0 a.m.120 views

Atlassian Confluence 6.15.1 Directory Traversal

Exploit Title: Atlassian Confluence 6.15.1 - Directory Traversal Google Dork: N/A Date: 2019-11-11 Exploit Author: max7253 Vendor Homepage: https://www.atlassian.com Software Link: https://www.atlassian.com/software/confluence/download-archives Version: 6.15.1 Tested on: Microsoft Windows 7...

9CVSS8.7AI score0.97153EPSS
Exploits10
CNVD
CNVD
added 2016/09/23 12:0 a.m.5 views

WordPress Plugin Order Export Import for WooCommerce - Order Information Disclosure Vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Software Foundation. WordPress plugin Order Export Import for WooCommerce - Order has an information disclosure vulnerability. An attacker can exploit the vulnerability to download all orders...

6.2AI score
Exploits0References1
OSV
OSV
added 2012/07/21 3:38 a.m.4 views

UBUNTU-CVE-2012-2364

Cross-site scripting XSS vulnerability in lib/filelib.php in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via an assignment submission with zip compression, leading to text/html rendering during a...

3.5CVSS5.9AI score0.00795EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2012/06/04 12:0 a.m.16 views

Fedora 17 : moodle-2.2.3-1.fc17 (2012-8284)

CVE-2012-2353 MSA-12-0024: Hidden information access issue CVE-2012-2354 MSA-12-0025: Personal communication access issue CVE-2012-2355 MSA-12-0026: Quiz capability issue CVE-2012-2356 MSA-12-0027: Question bank capability issues CVE-2012-2357 MSA-12-0028: Insecure authentication issue...

6.5CVSS5.4AI score0.0169EPSS
Exploits0References1
Rows per page
Query Builder