13 matches found
EUVD-2004-2649
Malware in sbrugna...
EUVD-2002-0024
Malware in sbrugna...
EUVD-2018-16959
Malware in sbrugna...
EUVD-2025-21377
Malicious code in bioql PyPI...
CVE-2015-10142
Sitecore Experience Platform XP prior to 8.0 Initial Release rev. 141212 and Content Management System CMS prior to 7.2 Update-3 rev. 141226 and prior to 7.5 Update-1 rev. 150130 contain a vulnerability that may allow an attacker to download files under the web root of the site when the name of t...
WordPress Easy Video Player Wordpress & WooCommerce Theme <= 10.0 is vulnerable to Arbitrary File Download
Software Easy Video Player Wordpress & WooCommerce Type Theme Vulnerable versions = 10.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Download CVE CVE-2025-28955 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 646c16d60f12 Credits 0xd4rk5id3...
CVE-2023-29541
Firefox did not properly handle downloads of files ending in .desktop, which can be interpreted to run attacker-controlled commands. This bug only affects Firefox for Linux on certain Distributions. Other operating systems are unaffected, and Mozilla is unable to enumerate all affected Linux...
CVE-2023-31250 Drupal core - Moderately critical - Access bypass - SA-CORE-2023-005
The file download facility doesn't sufficiently sanitize file paths in certain situations. This may result in users gaining access to private files that they should not have access to. Some sites may require configuration changes following this security release. Review the release notes for your...
BossCMS V1.1 Arbitrary File Download Vulnerability in Background
BossCMS is a safe, stable, good, permanent free open source, independent research and development of PHP framework for enterprise building system. BossCMS background arbitrary file download vulnerability, attackers can use the vulnerability to download any file in the server...
CVE-2020-4430
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to download arbitrary files from the system. IBM X-Force ID: 180535...
Heeroa /info/infoshowaction.do 任意文件下载漏洞
No description provided by source...
CVE-2007-5456
Microsoft Internet Explorer 7 and earlier allows remote attackers to bypass the "File Download - Security Warning" dialog box and download arbitrary .exe files by placing a '?' question mark followed by a non-.exe filename after the .exe filename, as demonstrated by 1 .txt, 2 .cda, 3 .log, 4 .dif...
Microsoft Internet Explorer 6.0 SP2 - File Download Security Warning Bypass
Orginal Advisory and exploit by cyberflash Vengy Circumvent Windows XP SP2 security features using execCommand 'SaveAs' function! Demonstration: Notice that you don't receive any warning messages such as: "File Download - Security Warning" or "Open File - Security Warning". If "Hide file extensio...