Search
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-8832 | 1 Allen Disk Project | 1 Allen Disk | 2020-03-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Allen Disk 1.6 has XSS in the id parameter to downfile.php. | |||||
| CVE-2017-8848 | 1 Allen Disk Project | 1 Allen Disk | 2020-03-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| Allen Disk 1.6 has CSRF in setpass.php with an impact of changing a password. | |||||
| CVE-2017-9249 | 1 Allen Disk Project | 1 Allen Disk | 2020-03-02 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Allen Disk 1.6 allows remote authenticated users to inject arbitrary web script or HTML persistently by uploading a crafted HTML file. The attack vector is the content of this file, and the filename must be specified in the PATH_INFO to readfile.php. | |||||
| CVE-2017-9307 | 1 Allen Disk Project | 1 Allen Disk | 2017-06-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| SSRF vulnerability in remotedownload.php in Allen Disk 1.6 allows remote authenticated users to conduct port scans and access intranet servers via a crafted file parameter. | |||||