73 matches found
CVE-2023-4171 Chengdu Flash Flood Disaster Monitoring and Warning System FileDownload.ashx path traversal
A vulnerability classified as problematic was found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. This vulnerability affects unknown code of the file \Service\FileDownload.ashx. The manipulation of the argument Files leads to path traversal: '../filedir'. The attack can be...
Path traversal
Absolute Path Traversal vulnerability in FileDownload in QSAN Storage Manager allows remote authenticated attackers download arbitrary files via the Url path parameter. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3...
CVE-2021-32507 QSAN Storage Manager - Absolute Path Traversal via FileDownload function
Absolute Path Traversal vulnerability in FileDownload in QSAN Storage Manager allows remote authenticated attackers download arbitrary files via the Url path parameter. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3...
CVE-2021-32507
Summary: CVE-2021-32507 is an absolute path traversal vulnerability in the FileDownload function of QSAN Storage Manager. The flaw allows remote authenticated attackers to download arbitrary files via the URL path parameter. It affects QSAN Storage Manager versions up to 3.3.1 (and earlier per CN...
QSAN Storage Manager 路径遍历漏洞
QSAN Storage Manager is a NAS operating system from Quantium Technologies Incorporated QSAN. An absolute path traversal vulnerability exists in FileDownload in QSAN Storage Manager 3.3.1 and earlier versions. An attacker can exploit this vulnerability by injecting symbolic links to access arbitra...
NovelPlus 路径遍历漏洞
NovelPlus is an application. An open source mobile social application and idea publishing platform. NovelPlus suffers from a path traversal vulnerability that originates in the fileDownload function of com/java2nb/common/controller/FileController.java...
PT-2021-18585 · Unknown · Novel-Plus
Name of the Vulnerable Software and Affected Versions: Novel-plus 小说精品屋-plus version 3.5.1 Description: The issue allows attackers to read arbitrary files via the filePath parameter in the fileDownload function located in com/java2nb/common/controller/FileController.java. This enables access to...
Design/Logic Flaw
DISPUTED An issue was discovered in the fileDownload function in the CommonController class in FEBS-Shiro before 2018-11-05. An attacker can download a file via a request of the form /common/download?filename=1.jsp&delete=false. NOTE: the software maintainer disputes the significance of this repo...
CVE-2018-20437
An issue was discovered in the fileDownload function in the CommonController class in FEBS-Shiro before 2018-11-05. An attacker can download a file via a request of the form /common/download?filename=1.jsp&delete=false. NOTE: the software maintainer disputes the significance of this report becaus...
CVE-2018-20437
An issue was discovered in the fileDownload function in the CommonController class in FEBS-Shiro before 2018-11-05. An attacker can download a file via a request of the form /common/download?filename=1.jsp&delete=false. NOTE: the software maintainer disputes the significance of this report becaus...
CVE-2018-20437
FEBS-Shiro (prior to 2018-11-05) is affected by a vulnerability in the fileDownload function of the CommonController. An attacker can trigger arbitrary file download via /common/download?filename=1.jsp&delete=false. Root cause: insecure file handling in the CommonController. Impact is described a...
EverSync 0.5 - Arbitrary File Download Vulnerability
Exploit for php platform in category web applications Exploit Title: EverSync 0.5 - Arbitrary File Download Exploit Author: Ihsan Sencan Vendor Homepage: https://phpmassmail.sourceforge.io/ Software Link:...
Directory traversal
Multiple directory traversal vulnerabilities in Polycom RealPresence Resource Manager aka RPRM before 8.4 allow 1 remote authenticated users to read arbitrary files via a .. dot dot in the Modifier parameter to PlcmRmWeb/FileDownload; or remote authenticated administrators to upload arbitrary fil...
HP Intelligent Management Center SOM Module filePath Information Disclosure
The HP Intelligent Management Center IMC application running on the remote host is affected by an information disclosure vulnerability in the included IMC Service Operation Management SOM module, specifically within the FileDownload servlet, due to improper validation of user-supplied input to th...
Wordpress filedownload plugin cross-site scripting vulnerability
WordPress is the WordPress Software Foundation's set of blogging platforms developed using the PHP language. filedownload is one of the file download plugin. A security vulnerability exists in Wordpress filedownload plugin v1.4, which can be exploited by an attacker to execute malicious code on a...
Wordpress filedownload plugin SQL injection vulnerability
WordPress is the WordPress Software Foundation's set of blogging platforms developed using the PHP language. filedownload is one of the file download plugin. A SQL injection vulnerability exists in version v1.4 of the Wordpress filedownload plugin, which can be exploited by an attacker to execute...
Wordpress filedownload plugin has unspecified vulnerability
WordPress is the WordPress Software Foundation's set of blogging platforms developed using the PHP language. filedownload is one of the file download plugin. A security vulnerability exists in Wordpress filedownload plugin v1.4, which can be exploited by an attacker to execute malicious code on a...
CVE-2015-1000004
XSS in filedownload v1.4 wordpress plugin...
CVE-2015-1000003
Blind SQL Injection in filedownload v1.4 wordpress plugin...
Open redirect
Open Proxy in filedownload v1.4 wordpress plugin...