420 matches found
CVE-2022-29720
74cmsSE v3.5.1 was discovered to contain an arbitrary file read vulnerability via the component \index\controller\Download.php...
CVE-2022-29720
74cmsSE v3.5.1 was discovered to contain an arbitrary file read vulnerability via the component \index\controller\Download.php...
CVE-2022-29720
CVE-2022-29720 affects 74cmsSE v3.5.1. A vulnerability in index\controller\Download.php enables an arbitrary file read. Documented references confirm the component and location; no exploit details or remediation are provided in the supplied sources. If applicable, apply vendor advisories or patch...
OpenCart Path Traversal
OpenCart through 3.0.2.0 allows directory traversal in the editDownload function in admin\model\catalog\download.php via admin/index.php?route=catalog/download/edit, related to the downloadid. For example, an attacker can download ../../config.php...
CVE-2022-26271
74cmsSE v3.4.1 was discovered to contain an arbitrary file read vulnerability via the $url parameter at \index\controller\Download.php...
CVE-2022-26271
74cmsSE v3.4.1 was discovered to contain an arbitrary file read vulnerability via the $url parameter at \index\controller\Download.php...
CVE-2022-26271
74cmsSE v3.4.1 was discovered to contain an arbitrary file read vulnerability via the $url parameter at \index\controller\Download.php...
Xerte path traversal vulnerability
Xerte is an open source software from The Xerte Project community in the UK. Used to create learning objects. Xerte has a security vulnerability that stems from a directory traversal vulnerability in the Xerte Project Xerte to 3.10.3 when downloading project files via download.php. No details of...
CVE-2021-44665
A Directory Traversal vulnerability exists in the Xerte Project Xerte through 3.10.3 when downloading a project file via download.php...
CVE-2021-44665
A Directory Traversal vulnerability exists in the Xerte Project Xerte through 3.10.3 when downloading a project file via download.php...
Directory traversal
A Directory Traversal vulnerability exists in the Xerte Project Xerte through 3.10.3 when downloading a project file via download.php...
CVE-2021-44665
A Directory Traversal vulnerability exists in the Xerte Project Xerte through 3.10.3 when downloading a project file via download.php...
VulnCheck KEV: CVE-2013-6720
Directory traversal vulnerability in download.php in the Passive Capture Application PCA web console in IBM Tealeaf CX 7.x, 8.x through 8.6, 8.7 before FP2, and 8.8 before FP2 allows remote authenticated users to bypass intended access restrictions via a .. dot dot in the log parameter, as...
Cross-site Scripting (XSS)
zoneminder:edge is vulnerable to cross site scripting XSS. An attacker to execute HTML or JavaScript code via a vulnerable 'Exportfile' parameter value in the view download download.php because proper filtration is omitted...
Cross-site Scripting (XSS)
zoneminder:edge is vulnerable to cross site scripting XSS. An attacker is able to execute HTML or JavaScript code via a vulnerable 'eid' aka Event ID parameter value in the view download download.php because proper filtration is omitted...
Cross site scripting
The RSVPMaker Excel WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /phpexcel/PHPExcel/Shared/JAMA/docs/download.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.1...
Server side request forgery (ssrf)
The Canto plugin 1.3.0 for WordPress allows includes/lib/download.php?subdomain= SSRF...
ZoneMinder < 1.34.21 Multiple XSS Vulnerabilities
ZoneMinder is prone to multiple cross-site scripting XSS vulnerabilities via the connkey parameter to download.php or export.php. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
ZoneMinder Cross-Site Scripting Vulnerability (CNVD-2020-52938)
ZoneMinder is a free and open source CCTV software application for Linux environments that supports IP, USB and analog cameras. A cross-site scripting vulnerability exists in ZoneMinder version 1.34.21. The vulnerability can be exploited to conduct cross-site scripting attacks via the connkey...
CVE-2020-25729
ZoneMinder before 1.34.21 has XSS via the connkey parameter to download.php or export.php...