52 matches found
EUVD-2015-5076
Malware in sbrugna...
EUVD-2019-8800
Malware in sbrugna...
EUVD-2022-36947
Malicious code in bioql PyPI...
EUVD-2022-5457
Malicious code in bioql PyPI...
EUVD-2022-5517
Malicious code in bioql PyPI...
EUVD-2022-32145
Malicious code in bioql PyPI...
EUVD-2024-21452
Malicious code in bioql PyPI...
EUVD-2022-5817
Malicious code in bioql PyPI...
CVE-2024-24026
An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions at com.java2nb.system.controller.SysUserController: uploadImg. An attacker can pass in specially crafted filename parameter to perform arbitrary File download...
CVE-2021-37200
A vulnerability has been identified in SINEC NMS All versions V1.0 SP1. An attacker with access to the webserver of an affected system could download arbitrary files from the underlying filesystem by sending a specially crafted HTTP request...
CVE-2021-41185
Mycodo is an environmental monitoring and regulation system. An exploit in versions prior to 8.12.7 allows anyone with access to endpoints to download files outside the intended directory. A patch has been applied and a release made. Users should upgrade to version 8.12.7. As a workaround, users...
PT-2025-18005 · Iteachyou · Iteachyou Dreamer Cms
Name of the Vulnerable Software and Affected Versions: iteachyou Dreamer CMS versions up to 4.1.3 Description: A vulnerability was found in the Attachment Handler component, specifically affecting an unknown functionality of the file /admin/attachment/download. The manipulation of the ID argument...
phpMyFAQ 3.2.10 - Unintended File Download Triggered by Embedded Frames
Exploit Title: phpMyFAQ v3.2.10 - Unintended File Download Triggered by Embedded Frames Date: 13 Dec 2024 Exploit Author: George Chen Vendor Homepage: https://github.com/thorsten/phpMyFAQ/ Software Link: https://github.com/thorsten/phpMyFAQ/ Version: v3.2.10 Tested on: Mac, Win CVE : CVE-2024–558...
📄 phpMyFAQ 3.2.10 Unintended File Download
phpMyFAQ version 3.2.10 suffers from an unintended file download vulnerability. Exploit Title: phpMyFAQ v3.2.10 - Unintended File Download Triggered by Embedded Frames Date: 13 Dec 2024 Exploit Author: George Chen Vendor Homepage: https://github.com/thorsten/phpMyFAQ/ Software Link:...
CVE-2025-27085
Multiple vulnerabilities exist in the web-based management interface of AOS-10 GW and AOS-8 Controller/Mobility Conductor. Successful exploitation of these vulnerabilities could allow an authenticated, remote attacker to download arbitrary files from the filesystem of an affected device...
CVE-2025-2519
CVE-2025-2519 affects the Streamit WordPress theme and permits authenticated (Subscriber+) users to download arbitrary files due to insufficient validation in the st_send_download_file function. Affected versions: all up to 4.0.1. The vulnerability has been patched by the vendor; upgrading to the...
CVE-2024-13617
The aoa-downloadable WordPress plugin through 0.1.0 doesn't validate a parameter in its download function, allowing unauthenticated attackers to download arbitrary files from the server...
CVE-2024-13617
The aoa-downloadable WordPress plugin through 0.1.0 doesn't validate a parameter in its download function, allowing unauthenticated attackers to download arbitrary files from the server...
CVE-2024-35431
ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via photoBase64. An unauthenticated user can download local files from the server. NOTE: Third parties have indicated other versions are also vulnerable including up to 6.4.1...
CVE-2021-4356
The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Download in versions up to, and including, 18.2. This is due to lacking authentication protections, capability checks, and sanitization, all on the wpfmfilemetaupdate AJAX action. This makes it possible...