28 matches found
EUVD-2013-5871
Malware in sbrugna...
EUVD-2013-5873
Malware in sbrugna...
EUVD-2013-5872
Malware in sbrugna...
EUVD-2024-22022
Malicious code in bioql PyPI...
EUVD-2024-22023
Malicious code in bioql PyPI...
CVE-2024-24621
Softaculous Webuzo contains an authentication bypass vulnerability through the password reset functionality. Remote, anonymous attackers can exploit this vulnerability to gain full server access as the root user...
CVE-2024-24623
Softaculous Webuzo contains a command injection vulnerability in the FTP management functionality. A remote, authenticated attacker can exploit this vulnerability to gain code execution on the system...
CVE-2024-24622
Softaculous Webuzo contains a command injection in the password reset functionality. A remote, authenticated attacker can exploit this vulnerability to gain code execution on the system...
CVE-2024-24621
Softaculous Webuzo contains an authentication bypass vulnerability through the password reset functionality. Remote, anonymous attackers can exploit this vulnerability to gain full server access as the root user...
CVE-2024-24623
Softaculous Webuzo contains a command injection vulnerability in the FTP management functionality. A remote, authenticated attacker can exploit this vulnerability to gain code execution on the system...
CVE-2024-24621
Softaculous Webuzo contains an authentication bypass vulnerability through the password reset functionality. Remote, anonymous attackers can exploit this vulnerability to gain full server access as the root user...
CVE-2024-24623
Softaculous Webuzo contains a command injection vulnerability in the FTP management functionality. A remote, authenticated attacker can exploit this vulnerability to gain code execution on the system...
CVE-2024-24622
CVE-2024-24622 affects Softaculous Webuzo. The vulnerability is a command injection in the password reset functionality that enables a remote, authenticated attacker to achieve code execution on the system. The provided connected documents confirm the impact but do not include concrete patch vers...
CVE-2024-24623 Softaculous Webuzo FTP Management Command Injection
Softaculous Webuzo contains a command injection vulnerability in the FTP management functionality. A remote, authenticated attacker can exploit this vulnerability to gain code execution on the system...
CVE-2024-24621
CVE-2024-24621 affects Softaculous Webuzo, describing an authentication bypass through the password-reset flow. The connected documents consistently state that remote, anonymous attackers can exploit this vulnerability to gain full server access as root. The exploitation details are provided (rem...
CVE-2024-24621 Softaculous Webuzo Authentication Bypass
Softaculous Webuzo contains an authentication bypass vulnerability through the password reset functionality. Remote, anonymous attackers can exploit this vulnerability to gain full server access as the root user...
PT-2024-20481 · Softaculous · Softaculous Webuzo
Name of the Vulnerable Software and Affected Versions: Softaculous Webuzo affected versions not specified Description: The issue allows remote, anonymous attackers to exploit an authentication bypass vulnerability through the password reset functionality, potentially gaining full server access as...
PT-2024-20483 · Softaculous · Softaculous Webuzo
Name of the Vulnerable Software and Affected Versions: Softaculous Webuzo affected versions not specified Description: The issue is related to a command injection vulnerability in the FTP management functionality. This allows a remote, authenticated attacker to exploit the vulnerability and gain...
CVE-2013-6043
The login function in Softaculous Webuzo before 2.1.4 provides different error messages for invalid authentication attempts depending on whether the user account exists, which allows remote attackers to enumerate usernames via a series of requests...
Authentication flaw
The login function in Softaculous Webuzo before 2.1.4 provides different error messages for invalid authentication attempts depending on whether the user account exists, which allows remote attackers to enumerate usernames via a series of requests...