38 matches found
EUVD-2021-14022
Malware in sbrugna...
EUVD-2019-8793
Malware in sbrugna...
EUVD-2020-19094
Malware in sbrugna...
EUVD-2023-35495
Malicious code in bioql PyPI...
CVE-2025-5526 BuddyPress Docs < 2.2.5 - Subscriber+ Arbitrary Document Read/Update
The BuddyPress Docs WordPress plugin before 2.2.5 lacks proper access controls and allows a logged in user to view and download files belonging to another user...
CVE-2025-49183
All communication with the REST API is unencrypted HTTP, allowing an attacker to intercept traffic between an actor and the webserver. This leads to the possibility of information gathering and downloading media files...
Important: curl security update
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: a heap-based buffer overflow in the SOCKS5 proxy handshake CVE-2023-38545 curl: cookie injection with none file...
ALSA-2023:5763 Important: curl security update
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: a heap-based buffer overflow in the SOCKS5 proxy handshake CVE-2023-38545 curl: cookie injection with none file...
CVE-2023-32756
e-Excellence U-Office Force has a path traversal vulnerability within its file uploading and downloading functions. An unauthenticated remote attacker can exploit this vulnerability to read arbitrary system files, but can’t control system or disrupt service...
Path traversal
e-Excellence U-Office Force has a path traversal vulnerability within its file uploading and downloading functions. An unauthenticated remote attacker can exploit this vulnerability to read arbitrary system files, but can’t control system or disrupt service...
CVE-2023-32756 e-Excellence U-Office Force - Path Traversal
e-Excellence U-Office Force has a path traversal vulnerability within its file uploading and downloading functions. An unauthenticated remote attacker can exploit this vulnerability to read arbitrary system files, but can’t control system or disrupt service...
CVE-2023-32756 e-Excellence U-Office Force - Path Traversal
e-Excellence U-Office Force has a path traversal vulnerability within its file uploading and downloading functions. An unauthenticated remote attacker can exploit this vulnerability to read arbitrary system files, but can’t control system or disrupt service...
Moderate: curl security update
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: IDN wildcard match may lead to Improper Cerificate Validation CVE-2023-28321 curl: more POST-after-PUT confusion...
The vulnerability of HID Mercury programmable logic controllers’ microprogramming software lies in the improper limitation of the path name to the restricted access directory. This allows a malicious actor to load any file into any directory of the file system.
The vulnerability of HID Mercury programmable logic controllers’ microprogramming software is related to an incorrect limitation on the path name to the restricted access directory. Exploiting this vulnerability allows a malicious actor to download any file into any directory of the file system b...
RLSA-2021:4511 Moderate: curl security and bug fix update
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: Leak of authentication credentials in URL via automatic Referer CVE-2021-22876 curl: TELNET stack contents disclosure...
CVE-2020-26549
An issue was discovered in Aviatrix Controller before R5.4.1290. The htaccess protection mechanism to prevent requests to directories can be bypassed for file downloading...
Design/Logic Flaw
An issue was discovered in Aviatrix Controller before R5.4.1290. The htaccess protection mechanism to prevent requests to directories can be bypassed for file downloading...
CVE-2020-26549
An issue was discovered in Aviatrix Controller before R5.4.1290. The htaccess protection mechanism to prevent requests to directories can be bypassed for file downloading...
CVE-2020-13953
In Apache Tapestry from 5.4.0 to 5.5.0, crafting specific URLs, an attacker can download files inside the WEB-INF folder of the WAR being run...
Authorization Bypass
firefox is vulnerable to authorization bypass. The vulnerability exists as the code for downloading files did not validate special characters, allowing the file path to be cut off earlier, resulting in the downloading of a different file...