EUVD-2025-39026

Malicious code in jaja-sate93-riris npm...

FileMage Gateway 1.10.9 Local File Inclusion

Exploit Title: FileMage Gateway 1.10.9 - Local File Inclusion Date: 8/22/2023 Exploit Author: Bryce "Raindayzz" Harty Vendor Homepage: https://www.filemage.io/ Version: Azure Versions 1.10.9 Tested on: All Azure deployments 1.10.9 CVE : CVE-2023-39026 Technical Blog -...

FileMage Gateway 1.10.9 - Local File Inclusion

Exploit Title: FileMage Gateway 1.10.9 - Local File Inclusion Date: 8/22/2023 Exploit Author: Bryce "Raindayzz" Harty Vendor Homepage: https://www.filemage.io/ Version: Azure Versions 1.10.9 Tested on: All Azure deployments 1.10.9 CVE : CVE-2023-39026 Technical Blog -...

FileMage Gateway 1.10.9 - Local File Inclusion Exploit

Exploit Title: FileMage Gateway 1.10.9 - Local File Inclusion Exploit Author: Bryce "Raindayzz" Harty Vendor Homepage: https://www.filemage.io/ Version: Azure Versions 1.10.9 Tested on: All Azure deployments 1.10.9 CVE : CVE-2023-39026 Technical Blog -...

CVE-2023-39026

creationtimestamp| type| source ---|---|--- 2023-08-23 02:12:01+00:00| seen| https://t.me/cibsecurity/69043 2023-10-23 19:27:06+00:00| published-proof-of-concept| Telegram/X8AxNFp0HQTngPQfgKr7iAFqHeL4fj8-bjEOb-q8Rk 2023-10-24 15:05:53+00:00| published-proof-of-concept| https://t.me/CNArsenal/1351...

CVE-2023-39026

CVE-2023-39026 affects FileMage Gateway Windows Deployments v1.10.8 and earlier. The issue is a Directory Traversal in the /mgmt/ component that allows a remote attacker to obtain sensitive information. Public PoCs/exploits exist (PacketStorm and Exploit-DB references) demonstrating LFI-style acc...

CVE-2022-39026

CVE-2022-39026 concerns the U-Office and its U-Office Force UserDefault page, where insufficient filtering for special characters in HTTP header fields enables a remote attacker with general user privileges to inject JavaScript and perform a Stored XSS. Technical details across sources indicate t...

CVE-2022-39026 e-Excellence Inc. U-Office Force - Stored XSS

U-Office Force UserDefault page has insufficient filtering for special characters in the HTTP header fields. A remote attacker with general user privilege can exploit this vulnerability to inject JavaScript and perform XSS Stored Cross-Site Scripting attack...

CVE-2021-39026

IBM Guardium Data Encryption GDE 5.0.0.2 and 5.0.0.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle...

CVE-2021-39026

CVE-2021-39026 affects IBM Guardium Data Encryption (GDE) 5.0.0.2 and 5.0.0.3, due to a failure to properly enable HTTP Strict Transport Security. This information disclosure vulnerability could let a remote attacker obtain sensitive data via man-in-the-middle techniques. IBM’s bulletin confirms ...