Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
allen disk project allen disk 1.6 vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2017-8832
Allen Disk 1.6 has XSS in the id parameter to downfile.php.
Allen Disk Project Allen Disk 1.6
6.5
CVSSv3
CVE-2017-8848
Allen Disk 1.6 has CSRF in setpass.php with an impact of changing a password.
Allen Disk Project Allen Disk 1.6
6.5
CVSSv3
CVE-2017-9307
SSRF vulnerability in remotedownload.php in Allen Disk 1.6 allows remote authenticated users to conduct port scans and access intranet servers via a crafted file parameter.
Allen Disk Project Allen Disk 1.6
5.4
CVSSv3
CVE-2017-9249
Cross-site scripting (XSS) vulnerability in Allen Disk 1.6 allows remote authenticated users to inject arbitrary web script or HTML persistently by uploading a crafted HTML file. The attack vector is the content of this file, and the filename must be specified in the PATH_INFO to...
Allen Disk Project Allen Disk 1.6
7.5
CVSSv3
CVE-2017-9090
reg.php in Allen Disk 1.6 doesn't check if isset($_SESSION['captcha']['code'])==1, which makes it possible to bypass the CAPTCHA via an empty $_POST['captcha'].
Allen Disk Project Allen Disk 1.6
7.5
CVSSv3
CVE-2017-9091
/admin/loginc.php in Allen Disk 1.6 doesn't check if isset($_SESSION['captcha']['code']) == 1, which leads to CAPTCHA bypass by emptying $_POST['captcha'].
Allen Disk Project Allen Disk 1.6
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started