Lucene search
K

29 matches found

Huntr
Huntr
added 2022/08/09 7:50 a.m.28 views

Path traversal on administrative account

Description Relative path traversal in DNN.Platform at log download functionality. Administrative account can download any system file. This could allow direct read access to files that are not meant to be accessible directly by the platform. Proof of Concept Login as administrative user. Payload...

3.3CVSS2.1AI score0.00999EPSS
Exploits1
NVD
NVD
added 2021/10/13 4:15 p.m.15 views

CVE-2021-20124

A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the WebServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges...

7.8CVSS0.69248EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2021/10/13 3:47 p.m.25 views

CVE-2021-20123

A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges...

6.7AI score0.74279EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2021/10/13 12:0 a.m.19 views

CVE-2021-20123

A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges...

7.8CVSS6.8AI score0.74279EPSS
In wildExploits1References2
Cvelist
Cvelist
added 2017/03/28 2:46 a.m.29 views

CVE-2016-9459

Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a log pollution vulnerability potentially leading to a local XSS. The download log functionality in the admin screen is delivering the log in JSON format to the end-user. The file was delivered with an attachment...

5.9AI score0.01493EPSS
Exploits1References8
Nextcloud
Nextcloud
added 2016/07/19 12:0 a.m.35 views

Log pollution can potentially lead to local HTML injection (NC-SA-2016-002)

The "download log" functionality in the admin screen is delivering the log in JSON format to the end-user. The file was delivered with an attachment disposition forcing the browser to download the document. However, Firefox running on Microsoft Windows would offer the user to open the data in the...

4.3CVSS0.6AI score0.01493EPSS
Exploits1Affected Software1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.23 views

sFileManager <= v.24a Local File Inclusion Vulnerability

No description provided by source. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= sFileManager = v.24a / Local File Inclusion Vulnerability -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= $ Program: sFileManager $ Version: = v.24a $ File affected: fm.php $ Download:...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.16 views

McAfee Asset Manager 6.6 - Multiple Vulnerabilities

No description provided by source. Cloud SSO is vuln to unauthed XSS in the authentication audit form: https://twitter.com/BrandonPrry/status/445969380656943104 McAfee Asset Manager v6.6 multiple vulnerabilities http://www.mcafee.com/us/products/asset-manager.aspx Authenticated arbitrary file rea...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2013/01/10 12:0 a.m.73 views

Chrome for Android - Download Function Information Disclosure

CVE Number: CVE-2012-4906 Title: Chrome for Android - Download Function Information Disclosure Affected Software: Confirmed on Chrome for Android v18.0.1025123 Credit: Takeshi Terada Issue Status: v18.0.1025308 was released which fixes this vulnerability Overview: Rogue Android apps can steal...

5CVSS5.9AI score0.03103EPSS
Exploits1
Rows per page
Query Builder