CVE-2025-14516

A vulnerability was found in Yalantis uCrop 2.2.11. Affected by this issue is the function downloadFile of the file com.yalantis.ucrop.task.BitmapLoadTask.java of the component URL Handler. Performing manipulation results in server-side request forgery. The attack may be initiated remotely. The...

EUVD-2025-202689

A vulnerability was found in Yalantis uCrop 2.2.11. Affected by this issue is the function downloadFile of the file com.yalantis.ucrop.task.BitmapLoadTask.java of the component URL Handler. Performing manipulation results in server-side request forgery. The attack may be initiated remotely. The...

CVE-2025-11789 Out-of-bounds read vulnerability in Circutor SGE-PLC1000/SGE-PLC50

Out-of-bounds read vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The 'DownloadFile' function converts a parameter to an integer using 'atoi' and then uses it as an index in the 'FilesDownload' array with '&FilesDownloadiVar2'. If the parameter is too large, it will access memory beyond...

CVE-2025-5381

A vulnerability, which was classified as problematic, was found in Yifang CMS up to 2.0.2. Affected is the function downloadFile of the file /api/File/downloadFile of the component Admin Panel. The manipulation of the argument File leads to path traversal. It is possible to launch the attack...

CVE-2025-5381

A vulnerability, which was classified as problematic, was found in Yifang CMS up to 2.0.2. Affected is the function downloadFile of the file /api/File/downloadFile of the component Admin Panel. The manipulation of the argument File leads to path traversal. It is possible to launch the attack...

CVE-2025-5381 Yifang CMS Admin Panel downloadFile path traversal

A vulnerability, which was classified as problematic, was found in Yifang CMS up to 2.0.2. Affected is the function downloadFile of the file /api/File/downloadFile of the component Admin Panel. The manipulation of the argument File leads to path traversal. It is possible to launch the attack...

CVE-2025-5381

CVE-2025-5381 – Yifang CMS (up to 2.0.2) exposes a path traversal in the Admin Panel, via the downloadFile function at /api/File/downloadFile. The vulnerability arises from improper handling of the File argument, enabling remote exploitation. Public exploits have been disclosed. No official patch...

CVE-2025-5381 Yifang CMS Admin Panel downloadFile path traversal

A vulnerability, which was classified as problematic, was found in Yifang CMS up to 2.0.2. Affected is the function downloadFile of the file /api/File/downloadFile of the component Admin Panel. The manipulation of the argument File leads to path traversal. It is possible to launch the attack...

PT-2025-23406 · Unknown · Yifang Cms

Name of the Vulnerable Software and Affected Versions: Yifang CMS versions up to 2.0.2 Description: A vulnerability was found in the function downloadFile of the file "/api/File/downloadFile" of the component Admin Panel. The manipulation of the argument File leads to path traversal. It is possib...

Arbitrary File Upload

Overview alexstack/laravel-cms is a Simple Bootstrap Laravel CMS Affected versions of this package are vulnerable to Arbitrary File Upload due to unchecked access to the downloadFile function in index in LaravelCmsFileAdminController.php. Remediation There is no fixed version for...

Denial Of Service (DoS)

sonar-scanner-api is vulnerable to denial of serviceDoS attacks. The vulnerability exists in the ServerConnection.java class because the downloadFile function does not properly close response body, resulting in excessive resource consumption that can potentially lead to an application crash...

Design/Logic Flaw

The DownloadFile function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to force a download of an arbitrary file onto a client machine via a URL in the first argument and a destination filename in the second...

CVE-2007-5608

The DownloadFile function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to force a download of an arbitrary file onto a client machine via a URL in the first argument and a destination filename in the second...

CVE-2007-3076

A certain ActiveX control in sasatl.dll in Zenturi ProgramChecker allows remote attackers to download arbitrary files to the client system via the DownloadFile function...