CVE-2024-33880

An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. It discloses full pathnames via Virto.SharePoint.FileDownloader/Api/Download.ashx?action=archive...

CVE-2024-33881

An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. The Virto.SharePoint.FileDownloader/Api/Download.ashx isCompleted method allows an NTLMv2 hash leak via a UNC share pathname in the path parameter...

CVE-2024-34400

An issue was discovered in VirtoSoftware Virto Kanban Board Web Part before 5.3.5.1 for SharePoint 2019. There is /layouts/15/Virto.KanbanTaskManager/api/KanbanData.ashx LinkTitle2 XSS...

CVE-2024-34400

An issue was discovered in VirtoSoftware Virto Kanban Board Web Part before 5.3.5.1 for SharePoint 2019. There is /layouts/15/Virto.KanbanTaskManager/api/KanbanData.ashx LinkTitle2 XSS...

CVE-2024-34400

An issue was discovered in VirtoSoftware Virto Kanban Board Web Part before 5.3.5.1 for SharePoint 2019. There is /layouts/15/Virto.KanbanTaskManager/api/KanbanData.ashx LinkTitle2 XSS...

CVE-2024-34400

The CVE-2024-34400 entry concerns VirtoSoftware Virto Kanban Board Web Part for SharePoint 2019, affected by a cross-site scripting (XSS) vulnerability in the API endpoint /_layouts/15/Virto.KanbanTaskManager/api/KanbanData.ashx (LinkTitle2) prior to version 5.3.5.1. Root cause details are not ex...

CVE-2024-33880

An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. It discloses full pathnames via Virto.SharePoint.FileDownloader/Api/Download.ashx?action=archive...

CVE-2024-33879

An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. The Virto.SharePoint.FileDownloader/Api/Download.ashx isCompleted method allows arbitrary file download and deletion via absolute path traversal in the path parameter...

CVE-2024-33881

An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. The Virto.SharePoint.FileDownloader/Api/Download.ashx isCompleted method allows an NTLMv2 hash leak via a UNC share pathname in the path parameter...

CVE-2024-33880

An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. It discloses full pathnames via Virto.SharePoint.FileDownloader/Api/Download.ashx?action=archive...

VirtoSoftware Virto Bulk File Download Security Vulnerability

VirtoSoftware Virto Bulk File Download is a batch file download application from VirtoSoftware USA. A security vulnerability exists in VirtoSoftware Virto Bulk File Download version 5.5.44, which stems from an NTLMv2 hash leak in UNC shared pathnames in path parameters...

VirtoSoftware Virto Bulk File Download Security Vulnerability

VirtoSoftware Virto Bulk File Download is a batch file download application from VirtoSoftware USA. A security vulnerability exists in VirtoSoftware Virto Bulk File Download version 5.5.44, which originates from disclosing full pathnames...

CVE-2024-33881

An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. The Virto.SharePoint.FileDownloader/Api/Download.ashx isCompleted method allows an NTLMv2 hash leak via a UNC share pathname in the path parameter...

CVE-2024-33879

An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. The Virto.SharePoint.FileDownloader/Api/Download.ashx isCompleted method allows arbitrary file download and deletion via absolute path traversal in the path parameter...

CVE-2024-33879

VirtoSoftware Virto Bulk File Download for SharePoint 2019 (version 5.5.44) is affected. The vulnerability is in Virto.SharePoint.FileDownloader/Api/Download.ashx -> isCompleted method, which allows arbitrary file download and deletion via absolute path traversal in the path parameter. Public ...

CVE-2024-33880

Summary (CVE-2024-33880): An issue in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019 discloses full pathnames via Virto.SharePoint.FileDownloader/Api/Download.ashx?action=archive. The CVE description consistently states path disclosure affecting confidentiality (C:L) with no im...

CVE-2024-33881

The CVE-2024-33881 affects VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. The issue lies in the Virto.SharePoint.FileDownloader/Api/Download.ashx isCompleted method, which allows an NTLMv2 hash leak via a UNC share pathname in the path parameter. Documents consistently describ...

CVE-2024-33879

An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. The Virto.SharePoint.FileDownloader/Api/Download.ashx isCompleted method allows arbitrary file download and deletion via absolute path traversal in the path parameter...

CVE-2024-33880

An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. It discloses full pathnames via Virto.SharePoint.FileDownloader/Api/Download.ashx?action=archive...

CVE-2024-33881

An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. The Virto.SharePoint.FileDownloader/Api/Download.ashx isCompleted method allows an NTLMv2 hash leak via a UNC share pathname in the path parameter...