236 matches found
DedeCMS - Open Redirect via download.php
Dedecms 5.71sp1 and earlier contain a URL redirect caused by a logic error that does not properly validate GET request input, letting attackers redirect users to arbitrary URLs, exploit requires sending crafted GET requests. id: CVE-2024-57241 info: name: DedeCMS - Open Redirect via download.php...
Malicious Package
Overview @cloudplatform-single-spa/svp-vm-migration is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...
Malicious Package
Overview @cloudplatform-single-spa/cloudia is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...
Malicious Package
Overview @cloudplatform-single-spa/paas-kafka is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization a...
Malicious Package
Overview @cloudplatform-single-spa/ml-inference-docker-run is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...
Malicious Package
Overview @car-loans/save is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview @mlspace/profile is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview @car-loans/safe-storage-module is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and thi...
Malicious Package
Overview @cloudplatform-single-spa/svp-draas is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization an...
Malicious Package
Overview @cloudplatform-single-spa/vpc-endpoint is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization...
CVE-2018-25393
Navigate CMS 2.8.5 contains a path traversal vulnerability exploitable by authenticated users via the id parameter on navigate_download.php. Attack payloads like ../../../cfg/globals.php can be used to download arbitrary files, exposing sensitive configuration and system files outside the intende...
CVE-2026-44657
Mantis Bug Tracker MantisBT is an open source issue tracker. Prior to 2.28.2, using showinline=1 parameter and a valid fileshowinlinetoken CSRF token on filedownload.php, an attacker can execute code by uploading a crafted XHTML attachment referencing a JavaScript attachment. This vulnerability i...
CVE-2026-37266
An issue in Responsive File Manager Responsive FileManager Version 9.14.0 allows a remote attacker to execute arbitrary code via the forcedownload.php component...
CVE-2026-37266
An issue in Responsive File Manager Responsive FileManager Version 9.14.0 allows a remote attacker to execute arbitrary code via the forcedownload.php component...
EUVD-2026-22977
An issue in the file handling logic of the component download.php of SAC-NFe v2.0.02 allows attackers to execute a directory traversal and read arbitrary files from the system via a crafted GET request...
PT-2026-33098
CVE-2026-30996 An issue in the file handling logic of the component download.php of SAC-NFe v2.0.02 allows attackers to execute a directory traversal and read arbitrary files from t… https://t.co/gqMgY57juf...
SoftSul SAC-NFe 安全漏洞
SoftSul SAC-NFe is an electronic invoice management system developed by the Brazilian company SoftSul. Version 2.0.02 of SoftSul SAC-NFe contains a security vulnerability. This vulnerability stems from defects in the file processing logic of the download.php component, which may lead to directory...
CVE-2020-37088
CVE-2020-37088 affects School ERP Pro 1.0: an unauthenticated file disclosure via download.php by manipulating the document parameter with directory traversal to read arbitrary files, exposing sensitive configuration files and credentials. Root cause: improper validation of the document parameter...
CVE-2020-37105 PMB 5.6 - 'logid' SQL Injection
PMB 5.6 contains a SQL injection vulnerability in the administration download script that allows authenticated attackers to execute arbitrary SQL commands through the 'logid' parameter. Attackers can leverage this vulnerability by sending crafted requests to the /admin/sauvegarde/download.php...
PT-2026-5853
PMB 5.6 contains a SQL injection vulnerability in the administration download script that allows authenticated attackers to execute arbitrary SQL commands through the 'logid' parameter. Attackers can leverage this vulnerability by sending crafted requests to the /admin/sauvegarde/download.php...