CVE-2014-5350

Multiple directory traversal vulnerabilities in Bitdefender GravityZone before 5.1.11.432 allow remote attackers to read arbitrary files via a 1 .. dot dot in the id parameter to webservice/CORE/downloadFullKitEpc/a/1 in the Web Console or 2 %2E%2E encoded dot dot in the default URI to port 7074 ...

CVE-2007-5775

Unspecified vulnerability in BitDefender allows attackers to execute arbitrary code via unspecified vectors, aka EEYEB-20071024. NOTE: as of 20071029, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigne...

Fake Crypto Exchange Ads on Facebook Spread Malware

Bitdefender exposes Facebook ad scams using fake crypto sites and celebrity lures to spread malware via malicious desktop…...

CVE-2025-2245

A server-side request forgery SSRF vulnerability exists in the Bitdefender GravityZone Update Server when operating in Relay Mode. The HTTP proxy component on port 7074 uses a domain allowlist to restrict outbound requests, but fails to properly sanitize hostnames containing null-byte %00...

CVE-2025-2243

A server-side request forgery SSRF vulnerability in Bitdefender GravityZone Console allows an attacker to bypass input validation logic using leading characters in DNS requests. Paired with other potential vulnerabilities, this bypass could be used for execution of third party code. This issue...

CVE-2025-2244

A vulnerability in the sendMailFromRemoteSource method in Emails.php as used in Bitdefender GravityZone Console unsafely uses php unserialize on user-supplied input without validation. By crafting a malicious serialized payload, an attacker can trigger PHP object injection, perform a file write,...

CVE-2025-2243

A server-side request forgery SSRF vulnerability in Bitdefender GravityZone Console allows an attacker to bypass input validation logic using leading characters in DNS requests. Paired with other potential vulnerabilities, this bypass could be used for execution of third party code. This issue...

CVE-2025-2245

A server-side request forgery SSRF vulnerability exists in the Bitdefender GravityZone Update Server when operating in Relay Mode. The HTTP proxy component on port 7074 uses a domain allowlist to restrict outbound requests, but fails to properly sanitize hostnames containing null-byte %00...

CVE-2025-2244

A vulnerability in the sendMailFromRemoteSource method in Emails.php as used in Bitdefender GravityZone Console unsafely uses php unserialize on user-supplied input without validation. By crafting a malicious serialized payload, an attacker can trigger PHP object injection, perform a file write,...

CVE-2025-2243

A server-side request forgery SSRF vulnerability in Bitdefender GravityZone Console allows an attacker to bypass input validation logic using leading characters in DNS requests. Paired with other potential vulnerabilities, this bypass could be used for execution of third party code. This issue...

CVE-2025-2245

A server-side request forgery SSRF vulnerability exists in the Bitdefender GravityZone Update Server when operating in Relay Mode. The HTTP proxy component on port 7074 uses a domain allowlist to restrict outbound requests, but fails to properly sanitize hostnames containing null-byte %00...

CVE-2025-2245 Server Side Request Forgery in GravityZone Update Server Using Null Bytes (VA-12646)

A server-side request forgery SSRF vulnerability exists in the Bitdefender GravityZone Update Server when operating in Relay Mode. The HTTP proxy component on port 7074 uses a domain allowlist to restrict outbound requests, but fails to properly sanitize hostnames containing null-byte %00...

CVE-2025-2243

Bitdefender GravityZone Console (GravityZone Console) is affected by CVE-2025-2243, an SSRF vulnerability where an attacker may bypass input validation by using leading characters in DNS requests. The issue affects GravityZone Console versions before 6.41.2.1. Root cause: flawed input validation ...

CVE-2025-2244 Insecure PHP deserialization issue in GravityZone Console (VA-12634)

A vulnerability in the sendMailFromRemoteSource method in Emails.php as used in Bitdefender GravityZone Console unsafely uses php unserialize on user-supplied input without validation. By crafting a malicious serialized payload, an attacker can trigger PHP object injection, perform a file write,...

CVE-2025-2244

CVE-2025-2244 affects Bitdefender GravityZone Console, via the vulnerable sendMailFromRemoteSource method in Emails.php that unserializes user input without validation. This enables PHP object injection, leading to a file write and arbitrary command execution on the host, per multiple sources. In...

Bitdefender GravityZone Update Server 代码问题漏洞

Bitdefender GravityZone Update Server is a solution for managing and distributing update files on the Bitdefender GravityZone administrator console from Bitdefender Romania. A code issue vulnerability exists in Bitdefender GravityZone Update Server versions prior to 3.5.2.689, which is rooted in...

Bitdefender GravityZone Console 代码问题漏洞

Bitdefender GravityZone Console is a centralized cybersecurity management platform from Bitdefender Romania, designed to provide organizations with full visibility and control over their security infrastructure. A code issue vulnerability exists in Bitdefender GravityZone Console versions prior t...

PT-2025-14875 · Bitdefender · Bitdefender Gravityzone Update Server

Name of the Vulnerable Software and Affected Versions: Bitdefender GravityZone Update Server affected versions not specified Description: A server-side request forgery SSRF issue exists in the Bitdefender GravityZone Update Server when operating in Relay Mode. The HTTP proxy component on port 707...

The vulnerability of the HTTP protocol implementation in Bitdefender BOX 1 devices allows a perpetrator to carry out a “man-in-the-middle” type attack.

The vulnerability of the HTTP protocol implementation in Bitdefender BOX 1 devices for device protection involves the transmission of credentials in an unencrypted form. Exploiting this vulnerability allows a remote attacker to execute a “man-in-the-middle” type attack...

The vulnerability of the Bitdefender BOX 1 device for protecting appliances and gadgets lies in the lack of measures taken at the control level to clean data. This allows a perpetrator to execute arbitrary commands.

The vulnerability of the Bitdefender BOX 1 device for protecting appliances and gadgets is related to the lack of measures taken to clean data at the control level during the processing of the final checkpoint /checkimageandtriggerrecovery. Exploiting this vulnerability allows a remote attacker t...