Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
filedownload vulnerabilities and exploits
(subscribe to this query)
8.2
CVSSv3
CVE-2015-1000002
Open Proxy in filedownload v1.4 wordpress plugin
Filedownload Project Filedownload 1.4
9.8
CVSSv3
CVE-2015-1000003
Blind SQL Injection in filedownload v1.4 wordpress plugin
Filedownload Project Filedownload 1.4
6.1
CVSSv3
CVE-2015-1000004
XSS in filedownload v1.4 wordpress plugin
Filedownload Project Filedownload 1.4
NA
CVE-2007-0659
download.php in the MuddyDogPaws FileDownload snippet prior to 2.5 for MODx allows remote malicious users to download arbitrary files, as demonstrated by downloading config.inc.php to obtain database credentials.
Modxcms Filedownload 2.0
Modxcms Filedownload 1.7
NA
CVE-2024-33118
LuckyFrameWeb v3.5.2 exists to contain an arbitrary read vulnerability via the fileDownload method in class com.luckyframe.project.common.CommonController.
NA
CVE-2024-35081
LuckyFrameWeb v3.5.2 exists to contain an arbitrary file deletion vulnerability via the fileName parameter in the fileDownload method.
7.5
CVSSv3
CVE-2015-9250
An issue exists in Skybox Platform prior to 7.5.201. Directory Traversal exists in /skyboxview/webskybox/attachmentdownload and /skyboxview/webskybox/filedownload via the tempFileName parameter.
Skyboxsecurity Skybox Platform
5.3
CVSSv3
CVE-2021-30048
Directory Traversal in the fileDownload function in com/java2nb/common/controller/FileController.java in Novel-plus (?????-plus) 3.5.1 allows malicious users to read arbitrary files via the filePath parameter.
Novel Boutique House-plus Project Novel Boutique House-plus 3.5.1
9.8
CVSSv3
CVE-2024-24024
An arbitrary File download vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: fileDownload(). An attacker can pass in specially crafted filePath and fieName parameters to perform arbitrary File download.
Xxyopen Novel-plus
Xxyopen Novel-plus 4.3.0
NA
CVE-2011-5028
Directory traversal vulnerability in novelllogmanager/FileDownload in Novell Sentinel Log Manager 1.2.0.1_938 and previous versions, as used in Novell Sentinel prior to 7.0.1.0, allows remote authenticated users to read arbitrary files via a .. (dot dot) in the filename parameter...
Novell Sentinel Log Manager
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »