Lucene search
K

67 matches found

NVD
NVD
added 2020/10/27 5:15 a.m.16 views

CVE-2020-27180

konzept-ix publiXone before 2020.015 allows attackers to download files by iterating over the IXCopy fileID parameter...

7.5CVSS7.5AI score0.01219EPSS
Exploits0References2
Cvelist
Cvelist
added 2020/10/27 4:21 a.m.23 views

CVE-2020-27180

konzept-ix publiXone before 2020.015 allows attackers to download files by iterating over the IXCopy fileID parameter...

7.5AI score0.01219EPSS
Exploits0References2
Prion
Prion
added 2017/03/07 4:59 p.m.10 views

Sql injection

SQL injection vulnerability in framework/modules/filedownloads/controllers/filedownloadController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the fileid parameter...

7.5CVSS9AI score0.02225EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2017/03/07 4:0 p.m.21 views

CVE-2016-9087

SQL injection vulnerability in framework/modules/filedownloads/controllers/filedownloadController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the fileid parameter...

10AI score0.02225EPSS
Exploits1References4
CNVD
CNVD
added 2016/11/07 12:0 a.m.3 views

SQL Injection Vulnerability in FileID Parameter of Digital Campus Management System of Shanghai Pengda Computer System Development Co.

The digital campus system of Shanghai Pengda Computer System Development Co., Ltd. is a technology platform using .NET+SqlServer. NET+SqlServer technology platform. SQL injection vulnerability exists in the Digital Campus Management System/BG/Mail/Mail/DownAttach.aspx page of Shanghai Pengda...

7.9AI score
Exploits0References1
CNVD
CNVD
added 2016/11/04 12:0 a.m.5 views

Exponent CMS 'fileid' Parameter SQL Injection Vulnerability

Exponent CMS is a free, open source PHP-based modular content management system CMS of the U.S. OIC Group of companies. The system supports direct editing in the page, and provides user management, site configuration, content editing and other functions. Exponent CMS version 2.3.9 suffers from a...

9.8CVSS9.7AI score0.02225EPSS
Exploits1References1
Packet Storm
Packet Storm
added 2016/05/25 12:0 a.m.39 views

Teampass 2.1.25 Arbitrary File Download

Document Title: =============== Teampass v2.1.25 - Arbitrary File Download Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1843 Release Date: ============= 2016-05-17 Vulnerability Laboratory ID VL-ID: ====================================...

7.4AI score
Exploits0
Vulnerability Lab
Vulnerability Lab
added 2016/05/17 12:0 a.m.36 views

Teampass v2.1.25 - Arbitrary File Download Vulnerability

Document Title: =============== Teampass v2.1.25 - Arbitrary File Download Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1843 Release Date: ============= 2016-05-17 Vulnerability Laboratory ID VL-ID: ====================================...

7.1AI score
Exploits0
Prion
Prion
added 2016/02/10 3:59 p.m.18 views

Code injection

The MOVEitISAPI service in Ipswitch MOVEit DMZ before 8.2 provides different error messages depending on whether a FileID exists, which allows remote authenticated users to enumerate FileIDs via the X-siLock-FileID parameter in a download action to MOVEitISAPI/MOVEitISAPI.dll...

4CVSS6.7AI score0.02954EPSS
Exploits2References4Affected Software1
Cvelist
Cvelist
added 2016/02/10 3:0 p.m.33 views

CVE-2015-7677

The MOVEitISAPI service in Ipswitch MOVEit DMZ before 8.2 provides different error messages depending on whether a FileID exists, which allows remote authenticated users to enumerate FileIDs via the X-siLock-FileID parameter in a download action to MOVEitISAPI/MOVEitISAPI.dll...

4.6AI score0.02954EPSS
Exploits2References4
CVE
CVE
added 2016/02/10 3:0 p.m.65 views

CVE-2015-7677

CVE-2015-7677 affects Ipswitch MOVEit DMZ (before 8.2) via the MOVEitISAPI service. The issue exposes information disclosure: remote authenticated users can enumerate FileIDs by sending a request to MOVEitISAPI/MOVEitISAPI.dll using the X-siLock-FileID parameter in a download action, taking advan...

4.3CVSS4.3AI score0.02954EPSS
Exploits2References4Affected Software1
CNVD
CNVD
added 2015/07/06 12:0 a.m.3 views

SQL Injection Vulnerability in FileId Parameter of Nanjing Jenohan Journal Submission System

Nanjing Jenohan Software Technology Co., Ltd. is for the development of hospital full cost accounting decision support software system, hospital performance management information system and hospital customer management information system. An SQL injection vulnerability exists in the FileId...

7.7AI score
Exploits0References1
0day.today
0day.today
added 2012/11/28 12:0 a.m.24 views

Traidnt up 2.0 (report.php trtext) Blind SQL Injection Vulnerability

Traidnt up is a php online upload script assignmessage,charset$errors."انتظر سوف يتم تحويلك للملف مرة أخري".""; $traidnt-display"message.tpl"; else $ip = getenv'REMOTEADDR'; $reportquery = $db-query" INSERT INTO report reportkey ,reportwhy ,reportip VALUES '$fileid', '$trtext', '$ip';";...

7.1AI score
Exploits0
Prion
Prion
added 2011/02/21 6:0 p.m.15 views

Directory traversal

Directory traversal vulnerability in the GetData method in the Dell DellSystemLite.Scanner ActiveX control in DellSystemLite.ocx 1.0.0.0 allows remote attackers to read arbitrary files via directory traversal sequences in the fileID parameter...

5CVSS7.2AI score0.01581EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2011/02/21 5:0 p.m.17 views

CVE-2011-0329

Directory traversal vulnerability in the GetData method in the Dell DellSystemLite.Scanner ActiveX control in DellSystemLite.ocx 1.0.0.0 allows remote attackers to read arbitrary files via directory traversal sequences in the fileID parameter...

6.7AI score0.01581EPSS
Exploits0References4
Prion
Prion
added 2010/09/29 5:0 p.m.13 views

Directory traversal

Directory traversal vulnerability in fileManager.cfc in Mura CMS 5.1 before 5.1.498 and 5.2 before 5.2.2809, and Sava CMS 5 through 5.2, allows remote attackers to read arbitrary files via a .. dot dot in the FILEID parameter to the default URI under tasks/render/file/...

5CVSS7.1AI score0.06853EPSS
Exploits5References5Affected Software2
Cvelist
Cvelist
added 2010/09/29 4:0 p.m.30 views

CVE-2010-3468

Directory traversal vulnerability in fileManager.cfc in Mura CMS 5.1 before 5.1.498 and 5.2 before 5.2.2809, and Sava CMS 5 through 5.2, allows remote attackers to read arbitrary files via a .. dot dot in the FILEID parameter to the default URI under tasks/render/file/...

6.6AI score0.06853EPSS
Exploits5References5
NVD
NVD
added 2010/06/15 2:30 p.m.23 views

CVE-2010-1515

Multiple cross-site scripting XSS vulnerabilities in index.php in TomatoCMS 2.0.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 keyword or 2 article-id parameter in conjunction with a /admin/news/article/list PATHINFO; the 3 keyword parameter in conjunction...

2.6CVSS5.8AI score0.01028EPSS
Exploits1References4
Prion
Prion
added 2010/06/15 2:30 p.m.16 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in index.php in TomatoCMS 2.0.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 keyword or 2 article-id parameter in conjunction with a /admin/news/article/list PATHINFO; the 3 keyword parameter in conjunction...

2.6CVSS6AI score0.01028EPSS
Exploits1References4Affected Software1
exploitpack
exploitpack
added 2009/06/15 12:0 a.m.17 views

Joomla! Component Jumi - fileid Blind SQL Injection

Joomla! Component Jumi - fileid Blind SQL Injection ------------------------------------------------------------------------------ Joomla Component comjumi fileid Blind SQL-injection Vulnerability ------------------------------------------------------------------------------ + Author : Chip D3 Bi...

0.2AI score
Exploits0
Rows per page
Query Builder