3 matches found
CVE-2024-33880
Summary (CVE-2024-33880): An issue in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019 discloses full pathnames via Virto.SharePoint.FileDownloader/Api/Download.ashx?action=archive. The CVE description consistently states path disclosure affecting confidentiality (C:L) with no im...
CVE-2024-33881
The CVE-2024-33881 affects VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. The issue lies in the Virto.SharePoint.FileDownloader/Api/Download.ashx isCompleted method, which allows an NTLMv2 hash leak via a UNC share pathname in the path parameter. Documents consistently describ...
CVE-2024-33879
VirtoSoftware Virto Bulk File Download for SharePoint 2019 (version 5.5.44) is affected. The vulnerability is in Virto.SharePoint.FileDownloader/Api/Download.ashx -> isCompleted method, which allows arbitrary file download and deletion via absolute path traversal in the path parameter. Public ...