2 matches found
GateOne Arbitrary File Download Vulnerability
GateOne is a terminal emulator and SSH client based on HTML5 implementation. GateOne 1.1 suffers from an arbitrary file download vulnerability. An attacker can download arbitrary files via /downloads/... Directory traversal can be exploited to download arbitrary files...
CVE-2020-35736
GateOne 1.1 has a Local File Inclusion vulnerability: arbitrary file retrieval without authentication via /downloads/.. due to incorrect os.path.join usage. The issue enables directory traversal to read sensitive files. Confirmed in the Nuclei template and corroborated by multiple feeds; CVE-2020...