Lucene search
K

16 matches found

NVD
NVD
added 2025/12/24 8:15 p.m.7 views

CVE-2019-25256

VideoFlow Digital Video Protection DVP 2.10 contains an authenticated directory traversal vulnerability that allows attackers to access arbitrary system files through unvalidated 'ID' parameters. Attackers can exploit multiple Perl scripts like downloadsys.pl to read sensitive files by manipulati...

7.1CVSS0.00543EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/12/24 7:28 p.m.31 views

CVE-2019-25256 VideoFlow Digital Video Protection DVP 2.10 Authenticated Directory Traversal

VideoFlow Digital Video Protection DVP 2.10 contains an authenticated directory traversal vulnerability that allows attackers to access arbitrary system files through unvalidated 'ID' parameters. Attackers can exploit multiple Perl scripts like downloadsys.pl to read sensitive files by manipulati...

7.1CVSS0.00543EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2016-3913

Malware in sbrugna...

6.1CVSS6.3AI score0.01641EPSS
Exploits0References4
Snyk
Snyk
added 2024/11/01 6:34 a.m.5 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS due to long-running requests by submitting URLs that take an excessive amount of time to respond via the download method in SuppliedData model. Details Denial of Service DoS describes a family of attacks, all aimed...

8.7CVSS7.1AI score
Exploits0References3
Veracode
Veracode
added 2023/10/03 5:21 a.m.36 views

Server Side Request Forgery (SSRF)

torchserve is vulnerable to Server Side Request Forgery SSRF. The vulnerability is caused by a missing input validation check in the default configuration for the property value of allowedurls, which is used to restrict URLs used to load the PyTorch model in the application. This can lead to an...

10CVSS6.9AI score0.35256EPSS
Exploits6References6Affected Software1
Gentoo Linux
Gentoo Linux
added 2022/10/31 12:0 a.m.36 views

Nicotine+: Denial of Service

Background Nicotine+ is a fork of nicotine, a Soulseek client in Python. Description Nicotine+ does not sufficiently validate file path in download requests. Impact A file path in a download request which contains a null character will cause a crash of Nicotine+. Workaround There is no known...

7.5CVSS3.8AI score0.01586EPSS
Exploits1
NVD
NVD
added 2022/04/28 3:15 p.m.23 views

CVE-2021-43930

Elcomplus SmartPTT is vulnerable as the backup and restore system does not adequately validate download requests, enabling malicious users to perform path traversal attacks and potentially download arbitrary files from the system...

4.9CVSS0.00969EPSS
Exploits0References1
Prion
Prion
added 2022/04/28 3:15 p.m.20 views

Path traversal

Elcomplus SmartPTT is vulnerable as the backup and restore system does not adequately validate download requests, enabling malicious users to perform path traversal attacks and potentially download arbitrary files from the system...

4CVSS7.2AI score0.00969EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/04/28 2:53 p.m.26 views

CVE-2021-43930 Elcomplus SmartPtt Path Traversal

Elcomplus SmartPTT is vulnerable as the backup and restore system does not adequately validate download requests, enabling malicious users to perform path traversal attacks and potentially download arbitrary files from the system...

4.9CVSS5.5AI score0.00969EPSS
Exploits0References1
Check Point Advisories
Check Point Advisories
added 2018/01/02 12:0 a.m.4 views

ManageEngine ServiceDesk DownloadFileServlet Information Disclosure (CVE-2017-11511)

An information disclosure vulnerability exists within ManageEngine ServiceDesk for Microsoft Windows. The vulnerability is due to the way ServiceDesk handles download requests. A successful attack could lead to stolen system information...

5CVSS1.5AI score0.03538EPSS
Exploits0
OSV
OSV
added 2017/03/03 3:59 p.m.4 views

UBUNTU-CVE-2016-10201

Cross-site scripting XSS vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the format parameter in a download log request to index.php...

6.1CVSS6.9AI score0.00814EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2017/02/02 8:23 p.m.5 views

admin-cli: Potential EAP resource starvation DOS attack via GET requests for server log files

An EAP feature to download server log files allows logs to be available via GET requests making them vulnerable to cross-origin attacks. An attacker could trigger the user's browser to request the log files consuming enough resources that normal server functioning could be impaired...

6.5CVSS7.3AI score0.02693EPSS
Exploits0References4
Cvelist
Cvelist
added 2016/12/15 6:31 a.m.31 views

CVE-2016-2840

An issue was discovered in Open-Xchange Server 6 / OX AppSuite before 7.8.0-rev26. The "session" parameter for file-download requests can be used to inject script code that gets reflected through the subsequent status page. Malicious script code can be executed within a trusted domain's context...

6.2AI score0.01641EPSS
Exploits0References3
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.13 views

Hot Links Perl PHP Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/21112/info Hot Links is prone to an information-disclosure vulnerability because it fails to authenticate the user during specific download requests. An attacker can exploit this issue to retrieve administrative backup...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2006/11/15 12:0 a.m.19 views

Hot Links - Perl PHP Information Disclosure

Hot Links - Perl PHP Information Disclosure source: https://www.securityfocus.com/bid/21112/info Hot Links is prone to an information-disclosure vulnerability because it fails to authenticate the user during specific download requests. An attacker can exploit this issue to retrieve administrative...

7.3AI score
Exploits0
Exploit DB
Exploit DB
added 2003/03/19 12:0 a.m.26 views

Siteframe CMS 2.2.4 - 'download.php' Information Disclosure

source: https://www.securityfocus.com/bid/7143/info Siteframe has been reported vulnerable to an information disclosure vulnerability. When handling certain download requests Siteframe may be lead into an error condition. When these errors occur, the script will output some path information...

7AI score
Exploits0
Rows per page
Query Builder