72 matches found
CVE-2026-41231
Froxlor prior to 2.3.6 has an incomplete symlink validation in DataDump.add() that uses user-supplied input to build the export path without passing fixed_homedir to FileDir::makeCorrectDir(), bypassing the symlink checks added elsewhere. When ExportCron runs as root, it performs chown -R on the ...
CVE-2026-41231 Froxlor has Incomplete Symlink Validation in DataDump.add() that Allows Arbitrary Directory Ownership Takeover via Cron
Froxlor is open source server administration software. Prior to version 2.3.6, DataDump.add constructs the export destination path from user-supplied input without passing the $fixedhomedir parameter to FileDir::makeCorrectDir, bypassing the symlink validation that was added to all other...
Froxlor 后置链接漏洞
Froxlor is a set of lightweight server management software developed by the Froxlor team. Versions of Froxlor prior to 2.3.6 had a post-installation link vulnerability. This vulnerability stemmed from the DataDump.add function not passing the $fixedhomedir parameter when constructing the export...
openSUSE 16 Security Update : php8 (openSUSE-SU-2026:20113-1)
The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20113-1 advisory. Version update to 8.4.16: Security fixes: - CVE-2025-14177: getimagesize function may leak uninitialized heap memory into the APPn segments when...
SUSE-SU-2025:3809-1 Security update for rabbitmq-server
This update for rabbitmq-server fixes the following issues: - CVE-2025-50200: prevented logging of Basic Auth header from HTTP requests bsc1245105 - fixed a bad logrotate configuration that allowed escalation from rabbitmq to root, /var/log/rabbitmq ownership is now 750 bsc1246091...
EUVD-2019-13324
Malware in sbrugna...
EUVD-2009-1596
Malware in sbrugna...
EUVD-2009-2892
Malware in sbrugna...
EUVD-2011-1028
Malware in sbrugna...
EUVD-2017-0321
Malware in sbrugna...
EUVD-2020-5372
Malware in sbrugna...
EUVD-2025-25306
Malicious code in bioql PyPI...
JetBrains TeamCity Elevation of Privilege Vulnerability
JetBrains TeamCity is a Continuous Integration CI/CD tool developed by JetBrains, Inc. to automate the software build, test and deployment process. JetBrains TeamCity suffers from an elevation of privilege vulnerability that stems from incorrect directory ownership, and no details of the...
CVE-2025-57732
In JetBrains TeamCity before 2025.07.1 privilege escalation was possible due to incorrect directory ownership...
CVE-2025-57732
In JetBrains TeamCity before 2025.07.1 privilege escalation was possible due to incorrect directory ownership...
CVE-2025-57732
In JetBrains TeamCity before 2025.07.1 privilege escalation was possible due to incorrect directory ownership...
CVE-2025-57732
In JetBrains TeamCity before 2025.07.1 privilege escalation was possible due to incorrect directory ownership...
CVE-2025-57732
In JetBrains TeamCity before 2025.07.1 privilege escalation was possible due to incorrect directory ownership...
CVE-2025-57732
In JetBrains TeamCity before 2025.07.1 privilege escalation was possible due to incorrect directory ownership...
CVE-2025-57732
CVE-2025-57732 affects JetBrains TeamCity prior to version 2025.07.1. The root cause is incorrect directory ownership that enables local privilege escalation. Impact is described as high in multiple sources; exploitation is local with no user interaction required. Remediation: upgrade to 2025.07....