43 matches found
CVE-2026-37266
An issue in Responsive File Manager Responsive FileManager Version 9.14.0 allows a remote attacker to execute arbitrary code via the forcedownload.php component...
CVE-2026-37266
An issue in Responsive File Manager Responsive FileManager Version 9.14.0 allows a remote attacker to execute arbitrary code via the forcedownload.php component...
CVE-2026-37266
CVE-2026-37266 : The issue affects Responsive File Manager’s Web application (Version 9.14.0). A vulnerability in the force_download.php component allows a remote attacker to execute arbitrary code. The publicly documented impact is significant (base CVSS v3.1: AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H...
CVE-2026-37266
An issue in Responsive File Manager Responsive FileManager Version 9.14.0 allows a remote attacker to execute arbitrary code via the forcedownload.php component...
PT-2026-44370
An issue in Responsive File Manager Responsive FileManager Version 9.14.0 allows a remote attacker to execute arbitrary code via the force download.php component...
CVE-2026-37266
An issue in Responsive File Manager Responsive FileManager Version 9.14.0 allows a remote attacker to execute arbitrary code via the forcedownload.php component...
Responsive FileManager 安全漏洞
Responsive FileManager is a free, open-source file manager developed by Alberto Peripolli. Version 9.14.0 of Responsive FileManager contains a security vulnerability. This vulnerability stems from issues with the forcedownload.php component, which could allow remote attackers to execute arbitrary...
CVE-2026-37266
An issue in Responsive File Manager Responsive FileManager Version 9.14.0 allows a remote attacker to execute arbitrary code via the forcedownload.php component...
PT-2026-42698
Summary When an application using Pydantic AI opts a URL into force download='allow-local' which disables the default block on private/internal IPs, the cloud-metadata blocklist could be bypassed by encoding the metadata IP in an IPv6 transition form IPv4-mapped IPv6, 6to4, or NAT64. Dual-stack a...
EUVD-2007-5703
Malware in sbrugna...
CVE-2022-39023
U-Office Force Download function has a path traversal vulnerability. A remote attacker with general user privilege can exploit this vulnerability to download arbitrary system file...
CVE-2022-39022
U-Office Force Download function has a path traversal vulnerability. A remote attacker with general user privilege can exploit this vulnerability to download arbitrary system file...
CVE-2022-39023
U-Office Force Download function has a path traversal vulnerability. A remote attacker with general user privilege can exploit this vulnerability to download arbitrary system file...
Path traversal
U-Office Force Download function has a path traversal vulnerability. A remote attacker with general user privilege can exploit this vulnerability to download arbitrary system file...
CVE-2022-39023
CVE-2022-39023 concerns U-Office’s Force Download function, where a path traversal vulnerability allows a remote user with general privileges to download arbitrary system files. The NVD description states the vulnerability arises in the download mechanism and can be exploited without user interac...
CVE-2022-39022
CVE-2022-39022 concerns the U-Office Force Download function, which has a path traversal vulnerability. A remote attacker with general user privileges can exploit this to download arbitrary system files. Public references (NVD/TWCERT) cite a CVSS v3.1 base score of 6.5 (MEDIUM) with NETWORK attac...
PT-2022-24678 · U-Office · U-Office
Name of the Vulnerable Software and Affected Versions: U-Office affected versions not specified Description: The U-Office Force Download function contains a path traversal issue. This allows a remote attacker with general user privileges to exploit the issue and download arbitrary system files...
PT-2022-24679 · U-Office · U-Office
Name of the Vulnerable Software and Affected Versions: U-Office affected versions not specified Description: The U-Office Force Download function contains a path traversal issue. This allows a remote attacker with general user privileges to exploit the issue and download arbitrary system files...
[Bypass] Cross-site Scriptin (XSS) via file upload
🔒️ Requirements Privileges: User. 📝 Description I found a bypass to this report by uploading the file with "public": true, parameter. This is due to the fact that AWS bucket public folder does not auto download files when we access them. 🕵️♂️ Proof of Concept Step 1: Go your outline home and...
CVE-2021-43856
Wiki.js is a wiki app built on Node.js. Wiki.js 2.5.263 and earlier is vulnerable to stored cross-site scripting through non-image file uploads for file types that can be viewed directly inline in the browser. By creating a malicious file which can execute inline JS when viewed in the browser e.g...