12 matches found
CVE-2026-59995
A flaw was found in OpenSSH. The sftp client, when used to download files from a malicious server with the 'sftp server:/path .' command, does not properly restrict where those files are saved. This allows an attacker to control the download location, potentially overwriting existing files or...
EUVD-2026-42137
sftp in OpenSSH before 10.4 does not properly constrain the location of downloaded files when "sftp server:/path ." is used with an attacker-controlled server...
CVE-2026-42315 pyLoad: Path Traversal via Package Folder Name in set_package_data
pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, when passing a folder name in the setpackagedata API function call inside the data object with key "folder", there is no sanitization at all, allowing a user with Perms.MODIFY to specify arbitrary...
PT-2026-37264
Name of the Vulnerable Software and Affected Versions pyLoad versions prior to 0.5.0b3.dev100 Description Lack of sanitization in the set package data function allows a user with Perms.MODIFY permissions to specify arbitrary directories as download locations for a package. This occurs when passin...
Intel® Rapid Storage Technology Software Advisory
Summary: A potential security vulnerability for the Intel® Rapid Storage Technology software may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2025-24327 Description: Insecure inherited permissions fo...
Intel® RealSense™ DCM Advisory
Summary: A potential security vulnerability in the Intel® RealSense™ Depth Camera Manager DCM software may allow information disclosure. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2021-33119 Description: Improper access control ...
Security Bulletin: Vulnerability in IBM Java SDK affects IBM Platform Symphony and IBM Spectrum Symphony (CVE-2016-3610 CVE-2016-3598 CVE-2016-3606 CVE-2016-3587 CVE-2016-3511 CVE-2016-3550 CVE-2016-3485)
Summary Vulnerability in IBM Java SDK affects IBM Platform Symphony and IBM Spectrum Symphony Vulnerability Details CVE IDs: CVE-2016-3610 CVE-2016-3598 CVE-2016-3606 CVE-2016-3587 CVE-2016-3511 CVE-2016-3550 CVE-2016-3485 Affected Products and Versions IBM Platform Symphony: 5.2, 6.1.0.1, 6.1.1,...
WordPress Epic Arbitrary File Download Vulnerability
WordPress Epic theme suffers from an arbitrary file download vulnerability. Note that this finding houses site-specific data. |||||||||||||||||||||||||||||||||||||||||||||||||| |-------------------------------------------------------------------------| | Exploit Title: Wordpress epic theme...
Apple Safari for Windows and Internet Explorer Combined Code Execution (CVE-2008-2540)
Microsoft Internet Explorer is the most widely used Internet browser. Safari is a web browsing application developed by Apple. A combination of the default download location in Safari and how the Windows desktop handles executables creates a blended threat in which files may be downloaded to a...
Lianzhong ConnectAndEnterRoom ActiveX stack overflow vulnerability(exp)-vulnerability warning-the black bar safety net
exeurl = InputBox "please input the download execution exe of the address:", "input","" 'code by NetPatch if exeurl "" then...
Fedora Core 3 : firefox-1.0.1-1.3.1 (2005-182)
This update fixes several security vulnerabilities in Firefox 1.0. It is recommended that all users update to Firefox 1.0.1. Additionally, this update backports several fixes from rawhide. This update enables pango font rendering by default. This update enables smooth scrolling by default. On...
rna_deleter.rgp
RealArcade download My Games 06/13/2001 10:51 RealArcade RealNetworks http://www.real.com Copyright 2001, RealNetworks [email protected] RealGames Server RealGames Server games-dl.real.com /gameconsole/games/demorgses/%f Not used in Beta1 Flux 950258D1-7ABD-4afc-8886-449B98CE8224 1.0 Demo RGI...