67 matches found
CVE-2020-27180
konzept-ix publiXone before 2020.015 allows attackers to download files by iterating over the IXCopy fileID parameter...
CVE-2020-27180
konzept-ix publiXone before 2020.015 allows attackers to download files by iterating over the IXCopy fileID parameter...
Sql injection
SQL injection vulnerability in framework/modules/filedownloads/controllers/filedownloadController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the fileid parameter...
CVE-2016-9087
SQL injection vulnerability in framework/modules/filedownloads/controllers/filedownloadController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the fileid parameter...
SQL Injection Vulnerability in FileID Parameter of Digital Campus Management System of Shanghai Pengda Computer System Development Co.
The digital campus system of Shanghai Pengda Computer System Development Co., Ltd. is a technology platform using .NET+SqlServer. NET+SqlServer technology platform. SQL injection vulnerability exists in the Digital Campus Management System/BG/Mail/Mail/DownAttach.aspx page of Shanghai Pengda...
Exponent CMS 'fileid' Parameter SQL Injection Vulnerability
Exponent CMS is a free, open source PHP-based modular content management system CMS of the U.S. OIC Group of companies. The system supports direct editing in the page, and provides user management, site configuration, content editing and other functions. Exponent CMS version 2.3.9 suffers from a...
Teampass 2.1.25 Arbitrary File Download
Document Title: =============== Teampass v2.1.25 - Arbitrary File Download Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1843 Release Date: ============= 2016-05-17 Vulnerability Laboratory ID VL-ID: ====================================...
Teampass v2.1.25 - Arbitrary File Download Vulnerability
Document Title: =============== Teampass v2.1.25 - Arbitrary File Download Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1843 Release Date: ============= 2016-05-17 Vulnerability Laboratory ID VL-ID: ====================================...
Code injection
The MOVEitISAPI service in Ipswitch MOVEit DMZ before 8.2 provides different error messages depending on whether a FileID exists, which allows remote authenticated users to enumerate FileIDs via the X-siLock-FileID parameter in a download action to MOVEitISAPI/MOVEitISAPI.dll...
CVE-2015-7677
The MOVEitISAPI service in Ipswitch MOVEit DMZ before 8.2 provides different error messages depending on whether a FileID exists, which allows remote authenticated users to enumerate FileIDs via the X-siLock-FileID parameter in a download action to MOVEitISAPI/MOVEitISAPI.dll...
CVE-2015-7677
CVE-2015-7677 affects Ipswitch MOVEit DMZ (before 8.2) via the MOVEitISAPI service. The issue exposes information disclosure: remote authenticated users can enumerate FileIDs by sending a request to MOVEitISAPI/MOVEitISAPI.dll using the X-siLock-FileID parameter in a download action, taking advan...
SQL Injection Vulnerability in FileId Parameter of Nanjing Jenohan Journal Submission System
Nanjing Jenohan Software Technology Co., Ltd. is for the development of hospital full cost accounting decision support software system, hospital performance management information system and hospital customer management information system. An SQL injection vulnerability exists in the FileId...
Traidnt up 2.0 (report.php trtext) Blind SQL Injection Vulnerability
Traidnt up is a php online upload script assignmessage,charset$errors."انتظر سوف يتم تحويلك للملف مرة أخري".""; $traidnt-display"message.tpl"; else $ip = getenv'REMOTEADDR'; $reportquery = $db-query" INSERT INTO report reportkey ,reportwhy ,reportip VALUES '$fileid', '$trtext', '$ip';";...
Directory traversal
Directory traversal vulnerability in the GetData method in the Dell DellSystemLite.Scanner ActiveX control in DellSystemLite.ocx 1.0.0.0 allows remote attackers to read arbitrary files via directory traversal sequences in the fileID parameter...
CVE-2011-0329
Directory traversal vulnerability in the GetData method in the Dell DellSystemLite.Scanner ActiveX control in DellSystemLite.ocx 1.0.0.0 allows remote attackers to read arbitrary files via directory traversal sequences in the fileID parameter...
Directory traversal
Directory traversal vulnerability in fileManager.cfc in Mura CMS 5.1 before 5.1.498 and 5.2 before 5.2.2809, and Sava CMS 5 through 5.2, allows remote attackers to read arbitrary files via a .. dot dot in the FILEID parameter to the default URI under tasks/render/file/...
CVE-2010-3468
Directory traversal vulnerability in fileManager.cfc in Mura CMS 5.1 before 5.1.498 and 5.2 before 5.2.2809, and Sava CMS 5 through 5.2, allows remote attackers to read arbitrary files via a .. dot dot in the FILEID parameter to the default URI under tasks/render/file/...
CVE-2010-1515
Multiple cross-site scripting XSS vulnerabilities in index.php in TomatoCMS 2.0.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 keyword or 2 article-id parameter in conjunction with a /admin/news/article/list PATHINFO; the 3 keyword parameter in conjunction...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in index.php in TomatoCMS 2.0.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 keyword or 2 article-id parameter in conjunction with a /admin/news/article/list PATHINFO; the 3 keyword parameter in conjunction...
Joomla! Component Jumi - fileid Blind SQL Injection
Joomla! Component Jumi - fileid Blind SQL Injection ------------------------------------------------------------------------------ Joomla Component comjumi fileid Blind SQL-injection Vulnerability ------------------------------------------------------------------------------ + Author : Chip D3 Bi...