4 results (0.006 seconds)

CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 1

An issue in all versions of Douran DSGate allows a local authenticated privileged attacker to execute arbitrary code via the debug command. • https://douran.com/en-US/Dourtal/4797/page/DSGate https://douran.com/fa-IR/Dourtal/4797/page/DSGate https://gist.github.com/RNPG/53b579da330ba896aa8dc2d901e5e400 •

CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 3

download.aspx in Douran Portal 3.9.7.8 allows remote attackers to obtain source code of arbitrary files under the web root via (1) a trailing ".", (2) a trailing space, or (3) mixed case in the FileNameAttach parameter. download.aspx en Douran Portal v3.9.7.8 permite a atacantes remotos obtener el código fuente de archivos de su elección en la raíz web a través de (1) una final ".", (2) un espacio al final, o (3) mayúsculas y minúsculas en el parámetro FileNameAttach. • https://www.exploit-db.com/exploits/17011 http://osvdb.org/71250 http://secunia.com/advisories/43792 http://securityreason.com/securityalert/8180 http://soroush.secproject.com/blog/2011/01/unrestricted_file_download_v1_0 http://www.exploit-db.com/exploits/17011 http://www.securityfocus.com/archive/1/517085/100/0/threaded http://www.securityfocus.com/bid/46927 https://exchange.xforce.ibmcloud.com/vulnerabilities/66177 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

DOURAN Software Technologies ISPUtil 3.32.84.1, and possibly earlier versions, stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain user and reseller data via a direct request for scripts/activesessions.ini. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. DOURAN Software Technologies ISPUtil 3.32.84.1, y posiblemente versiones anteriores, almacena información sensible bajo la raíz de documentos web con insuficiente control de acceso, lo cual permite a atacantes remotos obtener información del usuario y del vendedor mediante una petición directa a scripts/activesessions.ini. NOTA: la procedencia de esta información es desconocida; los detalles se han obtenido de información de terceros. • http://osvdb.org/33845 http://secunia.com/advisories/24304 https://exchange.xforce.ibmcloud.com/vulnerabilities/32800 •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in register.aspx in Douran FollowWeb allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. • http://www.osvdb.org/27918 http://www.securityfocus.com/bid/16302 •