Kiteworks Mft 代码问题漏洞

Kiteworks Mft is a software for securely managing internal and external data transfers from Kiteworks USA. A code issue vulnerability exists in Kiteworks Mft versions prior to 9.1.0 that stems from an improper session timeout mechanism that could cause a session to remain active...

Kiteworks Mft 安全漏洞

Kiteworks Mft is a software for securely managing internal and external data transfers from Kiteworks USA. A security vulnerability exists in Kiteworks Mft versions prior to 9.1.0 that stems from improperly defined roles and permissions, which could lead to elevated privileges...

EUVD-2016-6607

Malware in sbrugna...

EUVD-2021-18480

Malware in sbrugna...

EUVD-2016-6606

Malware in sbrugna...

EUVD-2016-6608

Malware in sbrugna...

EUVD-2021-18479

Malware in sbrugna...

EUVD-2017-18356

Malware in sbrugna...

EUVD-2023-59662

Malicious code in bioql PyPI...

EUVD-2024-25230

Malicious code in bioql PyPI...

EUVD-2022-29022

Malicious code in bioql PyPI...

EUVD-2024-25231

Malicious code in bioql PyPI...

CVE-2022-24110

Kiteworks MFT 7.5 may allow an unauthorized user to reset other users' passwords. This is fixed in version 7.6 and later...

CVE-2024-28063

Kiteworks Totemomail through 7.0.0 allows /responsiveUI/EnvelopeOpenServlet envelopeRecipient reflected XSS...

CVE-2024-28064

Kiteworks Totemomail 7.x and 8.x before 8.3.0 allows /responsiveUI/EnvelopeOpenServlet messageId directory traversal for unauthenticated file read and delete operations with displayLoginChunkedImages and write operations with storeLoginChunkedImages...

CVE-2023-7273

Cross site request forgery in Kiteworks OwnCloud allows an unauthenticated attacker to forge requests. If a request has no Authorization header, it is created with an empty string as value by a rewrite rule. The CSRF check is done by comparing the header value to null, meaning that the existing...

CVE-2023-7273 Cross Site Request Forgery in Kiteworks OwnCloud

Cross site request forgery in Kiteworks OwnCloud allows an unauthenticated attacker to forge requests. If a request has no Authorization header, it is created with an empty string as value by a rewrite rule. The CSRF check is done by comparing the header value to null, meaning that the existing...

CVE-2023-7273 Cross Site Request Forgery in Kiteworks OwnCloud

Cross site request forgery in Kiteworks OwnCloud allows an unauthenticated attacker to forge requests. If a request has no Authorization header, it is created with an empty string as value by a rewrite rule. The CSRF check is done by comparing the header value to null, meaning that the existing...

CVE-2023-7273

The CVE-2023-7273 entry concerns Kiteworks OwnCloud and is supported by multiple sources indicating a Cross-Site Request Forgery (CSRF) vulnerability. Affected component/condition: CSRF in Kiteworks OwnCloud where, if a request has no Authorization header, the rewrite rule assigns an empty string...

PT-2024-15265 · Kiteworks · Kiteworks Owncloud

Name of the Vulnerable Software and Affected Versions: Kiteworks OwnCloud affected versions not specified Description: Cross site request forgery in Kiteworks OwnCloud allows an unauthenticated attacker to forge requests. If a request has no Authorization header, it is created with an empty strin...