VYPR
Vendor

Allen Disk Project

Products
1
CVEs
6
Across products
6
Status
Private

Products

1

Recent CVEs

6
  • CVE-2017-9091HigMay 19, 2017
    risk 0.49cvss 7.5epss 0.01

    /admin/loginc.php in Allen Disk 1.6 doesn't check if isset($_SESSION['captcha']['code']) == 1, which leads to CAPTCHA bypass by emptying $_POST['captcha'].

  • CVE-2017-9090HigMay 19, 2017
    risk 0.49cvss 7.5epss 0.01

    reg.php in Allen Disk 1.6 doesn't check if isset($_SESSION['captcha']['code'])==1, which makes it possible to bypass the CAPTCHA via an empty $_POST['captcha'].

  • CVE-2017-9307MedMay 31, 2017
    risk 0.42cvss 6.5epss 0.01

    SSRF vulnerability in remotedownload.php in Allen Disk 1.6 allows remote authenticated users to conduct port scans and access intranet servers via a crafted file parameter.

  • CVE-2017-8848MedMay 8, 2017
    risk 0.42cvss 6.5epss 0.00

    Allen Disk 1.6 has CSRF in setpass.php with an impact of changing a password.

  • CVE-2017-8832MedMay 8, 2017
    risk 0.40cvss 6.1epss 0.01

    Allen Disk 1.6 has XSS in the id parameter to downfile.php.

  • CVE-2017-9249MedMay 28, 2017
    risk 0.35cvss 5.4epss 0.01

    Cross-site scripting (XSS) vulnerability in Allen Disk 1.6 allows remote authenticated users to inject arbitrary web script or HTML persistently by uploading a crafted HTML file. The attack vector is the content of this file, and the filename must be specified in the PATH_INFO…