18 matches found
EUVD-2025-208763
An Incorrect Access Control vulnerability exists in INDEX-EDUCATION PRONOTE prior to 2025.2.8. The affected components index.js and composeUrlImgPhotoIndividu allow the construction of direct URLs to user profile images based solely on predictable identifiers such as user IDs and names. Due to...
EUVD-2006-4647
Malware in sbrugna...
EUVD-2018-7379
Malware in sbrugna...
CVE-2025-48869
Horilla is a free and open source Human Resource Management System HRMS. Unauthenticated users can access uploaded resume files in Horilla 1.3.0 by directly guessing or predicting file URLs. These files are stored in a publicly accessible directory, allowing attackers to retrieve sensitive...
CVE-2025-48869 Horilla Unauthorized Access to Candidate Resume Files Due to Broken Access Control
Horilla is a free and open source Human Resource Management System HRMS. Unauthenticated users can access uploaded resume files in Horilla 1.3.0 by directly guessing or predicting file URLs. These files are stored in a publicly accessible directory, allowing attackers to retrieve sensitive...
Direct Request ('Forced Browsing')
Overview nitsan/ns-backup is an extension for TYPO3 that lets you save your code, files, and database with just a few clicks. Install Backup Plus and connect it to your cloud storage like Google Drive, Dropbox, Amazon S3, SFTP, Rsync, etc.. Affected versions of this package are vulnerable to Dire...
CVE-2024-42213
HCL BigFix Compliance is affected by inclusion of temporary files left in the production environment. An attacker might gain access to these files by indexing or retrieved via predictable URLs or misconfigured permissions, leading to information disclosure...
CVE-2024-42213
CVE-2024-42213 affects HCL BigFix Compliance. The issue is the inclusion of temporary files left in production, which could be exposed via indexing, predictable URLs, or misconfigured permissions, causing information disclosure. CVSSv3.1 base score is 5.3 (Medium); attack vector: network; impact ...
XWiki Platform 安全漏洞
XWiki Platform is the XWiki Foundation's suite of Wiki platforms for creating Web collaboration applications. A security vulnerability exists in the XWiki Platform that stems from the ability to schedule/trigger/unschedule an existing job by giving administrators access to the job scheduler page...
GO SMS Pro Android App Exposes Private Photos, Videos and Messages
A security weakness discovered in the GO SMS Pro Android app can be exploited to publicly expose media sent using the app, according to researchers. The GO SMS Pro application is a popular messenger app with more than 100 million downloads from the Google Play store. Researchers at Trustwave...
Lone Wolf loadingDOCS Insecure Permissions
EZMAX SECURITY ADVISORY https://www.ezmax.ca/ Product: Loading Docs Vendor: Lone Wolf Technologies http://www.lwolf.com CVE ID: CVE-2018-15502 NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2018-15502 Subject: Insecure permissions allow remote attackers to download any confidential files via http...
CVE-2018-15502
Insecure permissions in Lone Wolf Technologies loadingDOCS 2018-08-13 allow remote attackers to download any confidential files via https requests for predictable URLs...
Code injection
Insecure permissions in Lone Wolf Technologies loadingDOCS 2018-08-13 allow remote attackers to download any confidential files via https requests for predictable URLs...
CVE-2018-15502
The CVE-2018-15502 entry concerns Lone Wolf Technologies loadingDOCS. An insecure permissions flaw in the 2018-08-13 version allows remote attackers to download confidential files by issuing HTTPS requests to predictable URLs. The root cause is inadequate access controls on resources, enabling un...
CVE-2018-15502
Insecure permissions in Lone Wolf Technologies loadingDOCS 2018-08-13 allow remote attackers to download any confidential files via https requests for predictable URLs...
QNAP Systems Signage Station Script Execution Vulnerability
QNAP Systems Signage Station is a suite of ad creation applications for QNAP NAS. A security vulnerability in QNAP Systems Signage Station allows a remote attacker to upload malicious files using predictable URLs and execute scripts in the files with administrator privileges...
CVE-2006-4659
The Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 uses predictable URLs for the spam classification of each message, which allows remote attackers to cause Panda to classify arbitrary messages as spam via a web page that contains IMG tags with the predictable URLs. NOTE: this...
CVE-2006-4659
The CVE-2006-4659 entry concerns Panda Platinum Internet Security 2006 (10.02.01) and 2007 (11.00.00), where predictable URLs used for per-message spam classification can be triggered by a malicious web page containing IMG tags to have Panda classify arbitrary messages as spam. This is a potentia...