23 matches found
CKSource CKFinder 安全漏洞
CKSource CKFinder is a file management and uploading tool from CKSource, Inc. A security vulnerability exists in CKSource CKFinder versions prior to 2.5.0.1, which originates from an authenticated user being able to download arbitrary files on the server via the correct path...
EUVD-2022-46451
Malicious code in bioql PyPI...
CVE-2025-9414 kalcaddle kodbox Download from Link serverDownload server-side request forgery
A vulnerability was found in kalcaddle kodbox 1.61. Affected by this vulnerability is an unknown functionality of the file /?explorer/upload/serverDownload of the component Download from Link Handler. Performing manipulation of the argument url results in server-side request forgery. Remote...
CVE-2025-3594
Path traversal vulnerability with the downloading and installation of Xuggler in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.4 GA, 7.3 GA through update 34, and older unsupported versions allows remote attackers to 1 add files to arbitrary locations on the server and 2 download and...
D-Link DWL-2600AP Access Point Command Injection Vulnerability
D-Link DWL-2600AP access point contains an authenticated command injection vulnerability via the Save Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?action=configsave configBackup or downloadServerip parameter...
CVE-2022-43449
OpenHarmony-v3.1.2 and prior versions had an Arbitrary file read vulnerability via downloadserver. Local attackers can install an malicious application on the device and reveal any file from the filesystem that is accessible to downloadserver service which run with UID 1000...
CVE-2022-43449
OpenHarmony-v3.1.2 and prior versions had an Arbitrary file read vulnerability via downloadserver. Local attackers can install an malicious application on the device and reveal any file from the filesystem that is accessible to downloadserver service which run with UID 1000...
PT-2022-26923 · Unknown · Openharmony
Name of the Vulnerable Software and Affected Versions: OpenHarmony versions 3.1.2 and prior Description: The issue allows local attackers to install a malicious application on the device and reveal any file from the filesystem that is accessible to the download server service, which runs with UID...
OpenHarmony 安全漏洞
OpenHarmony is a kind of Hongmeng operating system open source project of China OpenAtom Foundation OpenAtom Foundation Foundation. A security vulnerability exists in OpenHarmony-v3.1.2, which originates from an arbitrary file read via downloadserver, and can be exploited by an attacker to instal...
Vulnerability fixed in dnsmasq
A vulnerability has been fixed in dnsmasq.The vulnerability allows an unauthenticated remote malicious agent potentially capable of to cause a denial-of-service. -= openSUSE =- The developers of openSUSE have made updates available to fix the vulnerability in openSUSE Leap 15.3. You can install...
Vulnerabilities fixed in OpenSUSE RPM
Vulnerabilities have been fixed in OpenSUSE RPM. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Remote code execution User rights -= OpenSUSE =- The developers of OpenSUSE ha...
Vulnerabilities fixed in QEMU
Vulnerabilities have been fixed in QEMU. The vulnerabilities allow a malicious party potentially capable of carrying out attacks that lead to the following categories of damage: Denial-of-Service DoS. Remote code execution with privileges of the QEMU process Access to sensitive data Access to...
Vulnerabilities fixed in OpenSUSE kernel
Vulnerabilities have been fixed in the openSUSE kernel. The vulnerabilities allow a malicious person to perform attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Accessing sensitive data Accessing system data -=...
Vulnerabilities fixed in openSUSE kernel
Vulnerabilities have been fixed in openSUSE. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User Rights Access to sensitive data Increased user rights -= openSUSE =- T...
Vulnerability fixed in OpenSUSE
SUSE has made available an update to fix a vulnerability in the Linux kernel. The vulnerability allows a locally authenticated malicious person able to obtain elevated user privileges to obtain. See "Possible fixes" for more information. The developers of OpenSUSE have made updates available to f...
Vulnerabilities fixed in the X11 server
SUSE has fixed three vulnerabilities in the x.org X11 server. A malicious party could potentially exploit the vulnerabilities to bypass security measures and gain access to system data and/or memory. -= SUSE =- SUSE has made updates available to fix the vulnerabilities in SUSE 12 and 15. fixes in...
Vulnerabilities fixed in openSUSE kernel
Vulnerabilities have been fixed in the kernel of openSUSE Leap 15.1. The vulnerabilities allow a malicious person to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Access to system data Increased user...
CVE-2019-4260
IBM Daeja ViewONE Professional, Standard & Virtual 5.0 through 5.0.5 could allow an unauthorized user to download server files resulting in sensitive information disclosure. IBM X-Force ID: 160012...
Microsoft Windows - dnslint.exe Drive-By Download
Microsoft Windows - dnslint.exe Drive-By Download + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-DNSLINT.EXE-FORCED-DRIVE-BY-DOWNLOAD.txt + ISR: Apparition Security Greetz: indoushka | Eduardo Vendor...
Design/Logic Flaw
admin-cli before versions 3.0.0.alpha25, 2.2.1.cr2 is vulnerable to an EAP feature to download server log files that allows logs to be available via GET requests making them vulnerable to cross-origin attacks. An attacker could trigger the user's browser to request the log files consuming enough...