14 matches found
EUVD-2024-51516
Malicious code in bioql PyPI...
The vulnerability of the Drupal CMS system’s “Download All Files” module, related to the lack of authentication, allows attackers to bypass security restrictions and execute a forced browsing attack.
The vulnerability of the “Download All Files” module in Drupal systems is related to the lack of authentication. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and execute a Forceful Browsing attack...
CVE-2024-13303 Download All Files - Critical - Access bypass - SA-CONTRIB-2024-069
Missing Authorization vulnerability in Drupal Download All Files allows Forceful Browsing.This issue affects Download All Files: from 0.0.0 before 2.0.2...
CVE-2024-13303
CVE-2024-13303 affects the Drupal module “Download All Files” (vulnerable: 0.0.0–2.0.1) and is due to a Missing Authorization flaw that enables forceful browsing to access files that should be protected. Public references confirm the issue as an access bypass vulnerability in this contrib module,...
CVE-2024-13303 Download All Files - Critical - Access bypass - SA-CONTRIB-2024-069
Missing Authorization vulnerability in Drupal Download All Files allows Forceful Browsing.This issue affects Download All Files: from 0.0.0 before 2.0.2...
DRUPAL-CONTRIB-2024-069
This module provides a field formatter for the field type 'file' called Table of files with download all link . The module had vulnerabilities allowing a user to download files they normally should not be able to download...
Drupal Download All Files module < 2.0.2 - Unauthenticated Broken Access Control vulnerability
Unauthenticated Broken Access Control vulnerability discovered by Pierre Rudloff in WordPress Module Download All Files versions 2.0.2...
PT-2024-10085 · Drupal · Download All Files
Name of the Vulnerable Software and Affected Versions: Download All Files versions 0.0.0 through 2.0.1 Description: The issue is related to a Missing Authorization vulnerability in the Download All Files module for the Drupal CMS, which allows for Forceful Browsing. This vulnerability can be...
PT-2024-35697 · Autolab · Autolab
Name of the Vulnerable Software and Affected Versions: Autolab versions 3.0.0 through 3.0.2 Description: Autolab is a course management service that enables auto-graded programming assignments. The issue allows students to download all assignments from another student, as long as they are logged...
Autolab 安全漏洞
Autolab is an open source course management service from Autolab. It supports automatically graded programming assignments. A security vulnerability exists in Autolab version 3.0.0 that stems from the ability of students to download all assignments from other students using the...
Atlassian Confluence 6.15.1 Directory Traversal
Exploit Title: Atlassian Confluence 6.15.1 - Directory Traversal Google Dork: N/A Date: 2019-11-11 Exploit Author: max7253 Vendor Homepage: https://www.atlassian.com Software Link: https://www.atlassian.com/software/confluence/download-archives Version: 6.15.1 Tested on: Microsoft Windows 7...
WordPress Plugin Order Export Import for WooCommerce - Order Information Disclosure Vulnerability
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Software Foundation. WordPress plugin Order Export Import for WooCommerce - Order has an information disclosure vulnerability. An attacker can exploit the vulnerability to download all orders...
UBUNTU-CVE-2012-2364
Cross-site scripting XSS vulnerability in lib/filelib.php in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via an assignment submission with zip compression, leading to text/html rendering during a...
Fedora 17 : moodle-2.2.3-1.fc17 (2012-8284)
CVE-2012-2353 MSA-12-0024: Hidden information access issue CVE-2012-2354 MSA-12-0025: Personal communication access issue CVE-2012-2355 MSA-12-0026: Quiz capability issue CVE-2012-2356 MSA-12-0027: Question bank capability issues CVE-2012-2357 MSA-12-0028: Insecure authentication issue...