Netgear-WN604 downloadFile.php - Information Disclosure

There is an information leakage vulnerability in the downloadFile.php interface of Netgear WN604. A remote attacker using file authentication can use this vulnerability to obtain the administrator account and password information of the wireless router, causing the router's background to be...

CVE-2024-6646 Netgear WN604 Web Interface downloadFile.php information disclosure

A vulnerability was found in Netgear WN604 up to 20240710. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /downloadFile.php of the component Web Interface. The manipulation of the argument file with the input config leads to information...

NETGEAR WN604 信息泄露漏洞

The NETGEAR WN604 is a small wireless router from NETGEAR. The NETGEAR WN604 suffers from an information disclosure vulnerability that originates in the parameter file of file/downloadFile.php, which is not sufficiently protected for sensitive information and can be exploited by an attacker to...

CVE-2019-19372

A downloadFile.php downloadfile path traversal vulnerability in rConfig through 3.9.3 allows attackers to list files in arbitrary folders and potentially download files. NOTE: the discoverer later reported that there was not a "fully working exploit...

Path traversal

DISPUTED A downloadFile.php downloadfile path traversal vulnerability in rConfig through 3.9.3 allows attackers to list files in arbitrary folders and potentially download files. NOTE: the discoverer later reported that there was not a "fully working exploit."...

CVE-2019-19372

A downloadFile.php downloadfile path traversal vulnerability in rConfig through 3.9.3 allows attackers to list files in arbitrary folders and potentially download files. NOTE: the discoverer later reported that there was not a "fully working exploit...

CVE-2019-19372

CVE-2019-19372 affects rConfig up to version 3.9.3, where a path traversal flaw in downloadFile.php allows listing files in arbitrary folders and potentially downloading files. Root cause is unsafe handling of file paths in download_file, enabling access outside restricted directories. Public sou...

Directory traversal

CMS ISWEB 3.5.3 is vulnerable to directory traversal and local file download, as demonstrated by moduli/downloadFile.php?file=oggettodocumenti/../.././inc/config.php one can take the control of the application because credentials are present in that config.php file...

rConfig 3.1.1 - Local File Inclusion

rConfig 3.1.1 - Local File Inclusion Title =================== rConfig, the open source network device configuration management tool, Vulnerable to Local File Inclusion Summary =================== rConfig, the open source network device configuration management tool, is vulnerable to local file...

rConfig 3.1.1 - Local File Inclusion

Exploit for php platform in category web applications Title =================== rConfig, the open source network device configuration management tool, Vulnerable to Local File Inclusion Summary =================== rConfig, the open source network device configuration management tool, is vulnerabl...

rConfig 3.1.1 Local File Inclusion

Title =================== rConfig, the open source network device configuration management tool, Vulnerable to Local File Inclusion Summary =================== rConfig, the open source network device configuration management tool, is vulnerable to local file inclusion in /lib/crud/downloadFile.ph...

DynMedia Pro Web CMS 4.0 - Local File Disclosure

|||!===========================================================================! DynMedia Pro Web CMS 4.0 ||Local File Disclosure Exploit| | Author : MbahSemar [email protected] Homepage : http://www.indonesianhacker.or.id | http://suramcrew.org | http://www.masfuji.us Date : 22 April, 2010...

Ultrize TimeSheet 1.2.2 File Disclosure

Ultrize TimeSheet 1.2.2 readfile Local File Disclosure Vulnerability Code page /actions/downloadFile.php ==== File not found. "; print $fileName; print "Please make sure your file paths are correct: $config'uploaddir'/$jobid/$fileName"; ? ==== Poc /actions/downloadFile.php?fileName=../config.php...

Ultrize TimeSheet 1.2.2 - 'readfile()' Local File Disclosure

Ultrize TimeSheet 1.2.2 readfile Local File Disclosure Vulnerability Code page /actions/downloadFile.php ==== File not found. "; print $fileName; print "Please make sure your file paths are correct: $config'uploaddir'/$jobid/$fileName"; ? ==== Poc /actions/downloadFile.php?fileName=../config.php...

Ultrize TimeSheet 1.2.2 readfile() Local File Disclosure Vulnerability

No description provided by source. Ultrize TimeSheet 1.2.2 readfile Local File Disclosure Vulnerability Code page /actions/downloadFile.php ==== ?php // This script performs the actual file download $fileName = $REQUEST'fileName'; --!! $jobid = $REQUEST'jobid'; --!! $fullFile =...

Ultrize TimeSheet 1.2.2 readfile() Local File Disclosure Vulnerability

Exploit for unknown platform in category web applications ====================================================================== Ultrize TimeSheet 1.2.2 readfile Local File Disclosure Vulnerability ====================================================================== Ultrize TimeSheet 1.2.2...

Ultrize TimeSheet 1.2.2 - readfile() Local File Disclosure

Ultrize TimeSheet 1.2.2 - readfile Local File Disclosure Ultrize TimeSheet 1.2.2 readfile Local File Disclosure Vulnerability Code page /actions/downloadFile.php ==== File not found. "; print $fileName; print "Please make sure your file paths are correct: $config'uploaddir'/$jobid/$fileName"; ?...

Directory traversal

Directory traversal vulnerability in downloadfile.php in eLouai's Force Download of media files script, as available on 20071030 and earlier, allows remote attackers to read arbitrary files via the file parameter. NOTE: this issue only occurs in environments where the system administrator has not...