CVE-2024-33880

An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. It discloses full pathnames via Virto.SharePoint.FileDownloader/Api/Download.ashx?action=archive...

CVE-2024-33881

An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. The Virto.SharePoint.FileDownloader/Api/Download.ashx isCompleted method allows an NTLMv2 hash leak via a UNC share pathname in the path parameter...

CVE-2024-34400

An issue was discovered in VirtoSoftware Virto Kanban Board Web Part before 5.3.5.1 for SharePoint 2019. There is /layouts/15/Virto.KanbanTaskManager/api/KanbanData.ashx LinkTitle2 XSS...

CVE-2024-34400

The CVE-2024-34400 entry concerns VirtoSoftware Virto Kanban Board Web Part for SharePoint 2019, affected by a cross-site scripting (XSS) vulnerability in the API endpoint /_layouts/15/Virto.KanbanTaskManager/api/KanbanData.ashx (LinkTitle2) prior to version 5.3.5.1. Root cause details are not ex...

CVE-2024-34400

An issue was discovered in VirtoSoftware Virto Kanban Board Web Part before 5.3.5.1 for SharePoint 2019. There is /layouts/15/Virto.KanbanTaskManager/api/KanbanData.ashx LinkTitle2 XSS...

CVE-2024-34400

An issue was discovered in VirtoSoftware Virto Kanban Board Web Part before 5.3.5.1 for SharePoint 2019. There is /layouts/15/Virto.KanbanTaskManager/api/KanbanData.ashx LinkTitle2 XSS...

CVE-2024-33879

An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. The Virto.SharePoint.FileDownloader/Api/Download.ashx isCompleted method allows arbitrary file download and deletion via absolute path traversal in the path parameter...

CVE-2024-33881

An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. The Virto.SharePoint.FileDownloader/Api/Download.ashx isCompleted method allows an NTLMv2 hash leak via a UNC share pathname in the path parameter...

CVE-2024-33880

An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. It discloses full pathnames via Virto.SharePoint.FileDownloader/Api/Download.ashx?action=archive...

CVE-2024-33880

Summary (CVE-2024-33880): An issue in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019 discloses full pathnames via Virto.SharePoint.FileDownloader/Api/Download.ashx?action=archive. The CVE description consistently states path disclosure affecting confidentiality (C:L) with no im...

VirtoSoftware Virto Bulk File Download Security Vulnerability

VirtoSoftware Virto Bulk File Download is a batch file download application from VirtoSoftware USA. A security vulnerability exists in VirtoSoftware Virto Bulk File Download version 5.5.44, which stems from an NTLMv2 hash leak in UNC shared pathnames in path parameters...

CVE-2024-33879

An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. The Virto.SharePoint.FileDownloader/Api/Download.ashx isCompleted method allows arbitrary file download and deletion via absolute path traversal in the path parameter...

CVE-2024-33881

An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. The Virto.SharePoint.FileDownloader/Api/Download.ashx isCompleted method allows an NTLMv2 hash leak via a UNC share pathname in the path parameter...

CVE-2024-33881

The CVE-2024-33881 affects VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. The issue lies in the Virto.SharePoint.FileDownloader/Api/Download.ashx isCompleted method, which allows an NTLMv2 hash leak via a UNC share pathname in the path parameter. Documents consistently describ...

CVE-2024-33879

VirtoSoftware Virto Bulk File Download for SharePoint 2019 (version 5.5.44) is affected. The vulnerability is in Virto.SharePoint.FileDownloader/Api/Download.ashx -> isCompleted method, which allows arbitrary file download and deletion via absolute path traversal in the path parameter. Public ...

CVE-2024-33880

An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. It discloses full pathnames via Virto.SharePoint.FileDownloader/Api/Download.ashx?action=archive...

VirtoSoftware Virto Bulk File Download Security Vulnerability

VirtoSoftware Virto Bulk File Download is a batch file download application from VirtoSoftware USA. A security vulnerability exists in VirtoSoftware Virto Bulk File Download version 5.5.44, which originates from disclosing full pathnames...

CVE-2024-33880

An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. It discloses full pathnames via Virto.SharePoint.FileDownloader/Api/Download.ashx?action=archive...

CVE-2024-33879

An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. The Virto.SharePoint.FileDownloader/Api/Download.ashx isCompleted method allows arbitrary file download and deletion via absolute path traversal in the path parameter...

CVE-2024-33881

An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. The Virto.SharePoint.FileDownloader/Api/Download.ashx isCompleted method allows an NTLMv2 hash leak via a UNC share pathname in the path parameter...