16 matches found
CVE-2019-25256
VideoFlow Digital Video Protection DVP 2.10 contains an authenticated directory traversal vulnerability that allows attackers to access arbitrary system files through unvalidated 'ID' parameters. Attackers can exploit multiple Perl scripts like downloadsys.pl to read sensitive files by manipulati...
CVE-2019-25256 VideoFlow Digital Video Protection DVP 2.10 Authenticated Directory Traversal
VideoFlow Digital Video Protection DVP 2.10 contains an authenticated directory traversal vulnerability that allows attackers to access arbitrary system files through unvalidated 'ID' parameters. Attackers can exploit multiple Perl scripts like downloadsys.pl to read sensitive files by manipulati...
EUVD-2016-3913
Malware in sbrugna...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS due to long-running requests by submitting URLs that take an excessive amount of time to respond via the download method in SuppliedData model. Details Denial of Service DoS describes a family of attacks, all aimed...
Server Side Request Forgery (SSRF)
torchserve is vulnerable to Server Side Request Forgery SSRF. The vulnerability is caused by a missing input validation check in the default configuration for the property value of allowedurls, which is used to restrict URLs used to load the PyTorch model in the application. This can lead to an...
Nicotine+: Denial of Service
Background Nicotine+ is a fork of nicotine, a Soulseek client in Python. Description Nicotine+ does not sufficiently validate file path in download requests. Impact A file path in a download request which contains a null character will cause a crash of Nicotine+. Workaround There is no known...
CVE-2021-43930
Elcomplus SmartPTT is vulnerable as the backup and restore system does not adequately validate download requests, enabling malicious users to perform path traversal attacks and potentially download arbitrary files from the system...
Path traversal
Elcomplus SmartPTT is vulnerable as the backup and restore system does not adequately validate download requests, enabling malicious users to perform path traversal attacks and potentially download arbitrary files from the system...
CVE-2021-43930 Elcomplus SmartPtt Path Traversal
Elcomplus SmartPTT is vulnerable as the backup and restore system does not adequately validate download requests, enabling malicious users to perform path traversal attacks and potentially download arbitrary files from the system...
ManageEngine ServiceDesk DownloadFileServlet Information Disclosure (CVE-2017-11511)
An information disclosure vulnerability exists within ManageEngine ServiceDesk for Microsoft Windows. The vulnerability is due to the way ServiceDesk handles download requests. A successful attack could lead to stolen system information...
UBUNTU-CVE-2016-10201
Cross-site scripting XSS vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the format parameter in a download log request to index.php...
admin-cli: Potential EAP resource starvation DOS attack via GET requests for server log files
An EAP feature to download server log files allows logs to be available via GET requests making them vulnerable to cross-origin attacks. An attacker could trigger the user's browser to request the log files consuming enough resources that normal server functioning could be impaired...
CVE-2016-2840
An issue was discovered in Open-Xchange Server 6 / OX AppSuite before 7.8.0-rev26. The "session" parameter for file-download requests can be used to inject script code that gets reflected through the subsequent status page. Malicious script code can be executed within a trusted domain's context...
Hot Links Perl PHP Information Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/21112/info Hot Links is prone to an information-disclosure vulnerability because it fails to authenticate the user during specific download requests. An attacker can exploit this issue to retrieve administrative backup...
Hot Links - Perl PHP Information Disclosure
Hot Links - Perl PHP Information Disclosure source: https://www.securityfocus.com/bid/21112/info Hot Links is prone to an information-disclosure vulnerability because it fails to authenticate the user during specific download requests. An attacker can exploit this issue to retrieve administrative...
Siteframe CMS 2.2.4 - 'download.php' Information Disclosure
source: https://www.securityfocus.com/bid/7143/info Siteframe has been reported vulnerable to an information disclosure vulnerability. When handling certain download requests Siteframe may be lead into an error condition. When these errors occur, the script will output some path information...