52 matches found
EUVD-2005-3698
Malware in sbrugna...
EUVD-2025-1998
Malicious code in bioql PyPI...
CVE-2019-1003074
Jenkins Hyper.sh Commons Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...
CVE-2025-1086
A vulnerability has been found in Safetytest Cloud-Master Server up to 1.1.1 and classified as critical. This vulnerability affects unknown code of the file /static/. The manipulation leads to path traversal: '../filedir'. The attack can be initiated remotely. The exploit has been disclosed to th...
CVE-2025-1086
The CVE-2025-1086 entry concerns Safetytest Cloud-Master Server (up to version 1.1.1). The issue is a path traversal in files under /static/ exploitable via remote access (../filedir). Public exploit/info has circulated; vendor response is not documented. Affected component/impact details beyond ...
CVE-2025-1086 Safetytest Cloud-Master Server static path traversal
A vulnerability has been found in Safetytest Cloud-Master Server up to 1.1.1 and classified as critical. This vulnerability affects unknown code of the file /static/. The manipulation leads to path traversal: '../filedir'. The attack can be initiated remotely. The exploit has been disclosed to th...
CVE-2025-1086 Safetytest Cloud-Master Server static path traversal
A vulnerability has been found in Safetytest Cloud-Master Server up to 1.1.1 and classified as critical. This vulnerability affects unknown code of the file /static/. The manipulation leads to path traversal: '../filedir'. The attack can be initiated remotely. The exploit has been disclosed to th...
Safetytest Cloud-Master Server 安全漏洞
Safetytest Cloud-Master Server is a cloud server from Safetytest, Inc. A security vulnerability exists in Safetytest Cloud-Master Server version 1.1.1 and earlier, which originates from the file /static/ that causes path traversal...
Element 安全漏洞
Element is a Matrix web collaboration client from Element Open Source. A security vulnerability exists in Element versions prior to 1.11.85, which originates from a malicious master server that sends invalid messages...
matrix-js-sdk 信息泄露漏洞
matrix-js-sdk is an application component of Matrix open source. An information disclosure vulnerability exists in matrix-js-sdk, which stems from the MatrixClient.sendSharedHistoryKeys function being susceptible to interception by a malicious master server...
SaltStack Salt Master Server Root Key Disclosure
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SaltStack Salt Master Server Root Key Disclosure', 'Description' = %q This module exploits unauthenticated access to the prepauthinfo method in t...
Unable to Connect to High Availability Enabled XenSever Pool and All Servers in Pool are in Emergency Mode
This article provides resolution to connectivity issues to the pool in XenCenter. Following are some of the issues that you might experience: Cannot connect to the pool in XenCenter Cannot start or migrate the virtual machines, although the virtual machines are active and running. All the servers...
Puppet Server Security Vulnerability
Puppet Server is a software from Puppet Labs in the United States that is used to push configurations from a master server to other servers. A security vulnerability exists in Puppet Server that stems from the presence of a denial of service DOS vulnerability...
Matrix Synapse 信息泄露漏洞
Matrix Synapse is a Matrix Management Server implementation from the Matrix Foundation in the UK. A security vulnerability exists in Matrix Synapse that stems from the Synapse master server answering authorization event queries not adequately checking whether the requesting server should be able ...
Matrix Synapse 输入验证错误漏洞
Matrix Synapse is a Matrix Management Server implementation from the Matrix Foundation in the UK. A security vulnerability exists in Matrix Synapse that originates from the fact that a malicious user on Synapse master server X who is authorized to create certain state events can disable outbound...
SUSE CVE-2009-0696
The dnsdbfindrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service assertion failure and daemon exit via an ANY record in the prerequisite section o...
SUSE CVE-2019-10352
A path traversal vulnerability in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier in core/src/main/java/hudson/model/FileParameterValue.java allowed attackers with Job/Configure permission to define a file parameter with a file name outside the intended directory, resulting in an arbitrary fil...
Matrix 安全漏洞
Matrix is an ambitious new ecosystem for open federated instant messaging and VoIP. A security vulnerability exists in versions of Matrix matrix-android-sdk2 prior to 1.5.1, which stems from the fact that its matrix-android-sdk2 implements an overly lax key-forwarding policy on the receiving end...
Matrix 安全漏洞
Matrix is an ambitious new ecosystem for open federated instant messaging and VoIP. A security vulnerability in Matrix matrix-android-sdk2 versions prior to 1.5.1 stems from a problem with its protocol obfuscation leading to an attacker working with a malicious master server being able to constru...
Dendrite 数据伪造问题漏洞
Dendrite is a second-generation Matrix home server written in Go and open-sourced by the Matrix Foundation. Dendrite 0.9.7 and prior versions are vulnerable to a data forgery issue that stems from events retrieved from a remote master server using the "/getmissingevents" path without properly...