Published: 05/04/2011 Updated: 09/10/2018

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

download.aspx in Douran Portal 3.9.7.8 allows remote malicious users to obtain source code of arbitrary files under the web root via (1) a trailing ".", (2) a trailing space, or (3) mixed case in the FileNameAttach parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
douran portal 3.9.7.8

# Title: [Douran Portal File Download/Source Code Disclosure Vulnerability] # Date of Publishing: [16 March 2010] # Application Name: [Douran Portal] # Version: [3978] # Impact: [Medium] # Vendor: wwwdourancom # Link: dourancom/HomePageaspx?TabID=4862 # Vendor Response(s): They didn't respond to the emails # Credit to: AJAX Security ...

CWE-200 http://soroush.secproject.com/blog/2011/01/unrestricted_file_download_v1_0/http://osvdb.org/71250 http://secunia.com/advisories/43792 http://www.exploit-db.com/exploits/17011 http://www.securityfocus.com/bid/46927 http://securityreason.com/securityalert/8180 https://exchange.xforce.ibmcloud.com/vulnerabilities/66177 http://www.securityfocus.com/archive/1/517085/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/17011/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2011-1569

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect