Lucene search
+L

73 matches found

Cvelist
Cvelist
added 2023/08/05 9:0 p.m.35 views

CVE-2023-4171 Chengdu Flash Flood Disaster Monitoring and Warning System FileDownload.ashx path traversal

A vulnerability classified as problematic was found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. This vulnerability affects unknown code of the file \Service\FileDownload.ashx. The manipulation of the argument Files leads to path traversal: '../filedir'. The attack can be...

4.3CVSS5.8AI score0.00941EPSS
Exploits1References3
Prion
Prion
added 2021/07/07 2:15 p.m.20 views

Path traversal

Absolute Path Traversal vulnerability in FileDownload in QSAN Storage Manager allows remote authenticated attackers download arbitrary files via the Url path parameter. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3...

4CVSS6.3AI score0.01301EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/07/07 2:11 p.m.46 views

CVE-2021-32507 QSAN Storage Manager - Absolute Path Traversal via FileDownload function

Absolute Path Traversal vulnerability in FileDownload in QSAN Storage Manager allows remote authenticated attackers download arbitrary files via the Url path parameter. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3...

6.5CVSS6.5AI score0.01301EPSS
Exploits0References1
CVE
CVE
added 2021/07/07 2:11 p.m.62 views

CVE-2021-32507

Summary: CVE-2021-32507 is an absolute path traversal vulnerability in the FileDownload function of QSAN Storage Manager. The flaw allows remote authenticated attackers to download arbitrary files via the URL path parameter. It affects QSAN Storage Manager versions up to 3.3.1 (and earlier per CN...

6.5CVSS6.3AI score0.01301EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2021/07/07 12:0 a.m.4 views

QSAN Storage Manager 路径遍历漏洞

QSAN Storage Manager is a NAS operating system from Quantium Technologies Incorporated QSAN. An absolute path traversal vulnerability exists in FileDownload in QSAN Storage Manager 3.3.1 and earlier versions. An attacker can exploit this vulnerability by injecting symbolic links to access arbitra...

6.5CVSS5.9AI score0.01301EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/04/29 12:0 a.m.3 views

NovelPlus 路径遍历漏洞

NovelPlus is an application. An open source mobile social application and idea publishing platform. NovelPlus suffers from a path traversal vulnerability that originates in the fileDownload function of com/java2nb/common/controller/FileController.java...

5.3CVSS5.8AI score0.02071EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2021/04/29 12:0 a.m.3 views

PT-2021-18585 · Unknown · Novel-Plus

Name of the Vulnerable Software and Affected Versions: Novel-plus 小说精品屋-plus version 3.5.1 Description: The issue allows attackers to read arbitrary files via the filePath parameter in the fileDownload function located in com/java2nb/common/controller/FileController.java. This enables access to...

5.3CVSS5AI score0.02071EPSS
Exploits1References6
Prion
Prion
added 2018/12/25 3:29 p.m.18 views

Design/Logic Flaw

DISPUTED An issue was discovered in the fileDownload function in the CommonController class in FEBS-Shiro before 2018-11-05. An attacker can download a file via a request of the form /common/download?filename=1.jsp&delete=false. NOTE: the software maintainer disputes the significance of this repo...

5CVSS7.5AI score0.02435EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2018/12/25 3:29 p.m.17 views

CVE-2018-20437

An issue was discovered in the fileDownload function in the CommonController class in FEBS-Shiro before 2018-11-05. An attacker can download a file via a request of the form /common/download?filename=1.jsp&delete=false. NOTE: the software maintainer disputes the significance of this report becaus...

7.5CVSS7.5AI score0.02435EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2018/12/25 3:0 p.m.14 views

CVE-2018-20437

An issue was discovered in the fileDownload function in the CommonController class in FEBS-Shiro before 2018-11-05. An attacker can download a file via a request of the form /common/download?filename=1.jsp&delete=false. NOTE: the software maintainer disputes the significance of this report becaus...

6.9AI score0.02435EPSS
Exploits1References3
CVE
CVE
added 2018/12/25 3:0 p.m.53 views

CVE-2018-20437

FEBS-Shiro (prior to 2018-11-05) is affected by a vulnerability in the fileDownload function of the CommonController. An attacker can trigger arbitrary file download via /common/download?filename=1.jsp&delete=false. Root cause: insecure file handling in the CommonController. Impact is described a...

7.5CVSS7.5AI score0.02435EPSS
Exploits1References3Affected Software1
0day.today
0day.today
added 2018/11/16 12:0 a.m.255 views

EverSync 0.5 - Arbitrary File Download Vulnerability

Exploit for php platform in category web applications Exploit Title: EverSync 0.5 - Arbitrary File Download Exploit Author: Ihsan Sencan Vendor Homepage: https://phpmassmail.sourceforge.io/ Software Link:...

Exploits0
Prion
Prion
added 2017/09/19 7:29 p.m.20 views

Directory traversal

Multiple directory traversal vulnerabilities in Polycom RealPresence Resource Manager aka RPRM before 8.4 allow 1 remote authenticated users to read arbitrary files via a .. dot dot in the Modifier parameter to PlcmRmWeb/FileDownload; or remote authenticated administrators to upload arbitrary fil...

5.5CVSS6.9AI score0.04926EPSS
Exploits5References6Affected Software1
Tenable Nessus
Tenable Nessus
added 2017/04/13 12:0 a.m.21 views

HP Intelligent Management Center SOM Module filePath Information Disclosure

The HP Intelligent Management Center IMC application running on the remote host is affected by an information disclosure vulnerability in the included IMC Service Operation Management SOM module, specifically within the FileDownload servlet, due to improper validation of user-supplied input to th...

7.8CVSS7.2AI score0.04804EPSS
Exploits0References3
CNVD
CNVD
added 2016/10/20 12:0 a.m.4 views

Wordpress filedownload plugin cross-site scripting vulnerability

WordPress is the WordPress Software Foundation's set of blogging platforms developed using the PHP language. filedownload is one of the file download plugin. A security vulnerability exists in Wordpress filedownload plugin v1.4, which can be exploited by an attacker to execute malicious code on a...

6.1CVSS7.2AI score0.01371EPSS
Exploits1References1
CNVD
CNVD
added 2016/10/20 12:0 a.m.4 views

Wordpress filedownload plugin SQL injection vulnerability

WordPress is the WordPress Software Foundation's set of blogging platforms developed using the PHP language. filedownload is one of the file download plugin. A SQL injection vulnerability exists in version v1.4 of the Wordpress filedownload plugin, which can be exploited by an attacker to execute...

9.8CVSS8.2AI score0.02646EPSS
Exploits1References1
CNVD
CNVD
added 2016/10/20 12:0 a.m.5 views

Wordpress filedownload plugin has unspecified vulnerability

WordPress is the WordPress Software Foundation's set of blogging platforms developed using the PHP language. filedownload is one of the file download plugin. A security vulnerability exists in Wordpress filedownload plugin v1.4, which can be exploited by an attacker to execute malicious code on a...

8.2CVSS7.2AI score0.01832EPSS
Exploits1References1
NVD
NVD
added 2016/10/06 2:59 p.m.19 views

CVE-2015-1000004

XSS in filedownload v1.4 wordpress plugin...

6.1CVSS6AI score0.01371EPSS
Exploits1References2
NVD
NVD
added 2016/10/06 2:59 p.m.18 views

CVE-2015-1000003

Blind SQL Injection in filedownload v1.4 wordpress plugin...

9.8CVSS9.9AI score0.02646EPSS
Exploits1References2
Prion
Prion
added 2016/10/06 2:59 p.m.11 views

Open redirect

Open Proxy in filedownload v1.4 wordpress plugin...

5.8CVSS7.1AI score0.01832EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder