JLSEC-2026-217 OpenSSL has internal defaults for a directory tree where it can find a configuration file as well...

OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS. This directory is most commonly referred to as OPENSSLDIR, and is configurable with the --prefix / --openssldir configuration options. For OpenSSL versio...

EUVD-2019-10106

Malware in sbrugna...

EUVD-2024-32279

Malicious code in bioql PyPI...

PT-2024-27237 · Espeto · Opengnsys

Name of the Vulnerable Software and Affected Versions: OpenGnsys version 1.1.1d Espeto Description: A SQL Injection issue has been discovered, allowing an attacker to inject malicious SQL code into the login page. This could enable the attacker to bypass the login or retrieve all the information...

PT-2024-41392 · Undefined · Undefined

🚨 CVE-2024-3704 SQL Injection Vulnerability has been found on OpenGnsys product affecting version 1.1.1d Espeto. This vulnerability allows an attacker to inject malicious SQL code into login page to bypass it or even retrieve all the information stored in the database. 🎖@cveNotify...

CVE-2024-3707

Information exposure vulnerability in OpenGnsys affecting version 1.1.1d Espeto. This vulnerability allows an attacker to enumerate all files in the web tree by accessing a php file...

CVE-2024-3706

Information exposure vulnerability in OpenGnsys affecting version 1.1.1d Espeto. This vulnerability allows an attacker to view a php backup file controlaccess.php-LAST where database credentials are stored...

CVE-2024-3704

SQL Injection Vulnerability has been found on OpenGnsys product affecting version 1.1.1d Espeto. This vulnerability allows an attacker to inject malicious SQL code into login page to bypass it or even retrieve all the information stored in the database...

CVE-2024-3705

Unrestricted file upload vulnerability in OpenGnsys affecting version 1.1.1d Espeto. This vulnerability allows an attacker to send a POST request to the endpoint '/opengnsys/images/MIcons.php' modifying the file extension, due to lack of file extension verification, resulting in a webshell...

CVE-2024-3704

SQL Injection Vulnerability has been found on OpenGnsys product affecting version 1.1.1d Espeto. This vulnerability allows an attacker to inject malicious SQL code into login page to bypass it or even retrieve all the information stored in the database...

CVE-2024-3707 Exposure of Information Through Directory Listing vulnerability in OpenGnsys

Information exposure vulnerability in OpenGnsys affecting version 1.1.1d Espeto. This vulnerability allows an attacker to enumerate all files in the web tree by accessing a php file...

CVE-2024-3707

OpenGnsys version 1.1.1d (Espeto) is affected by CVE-2024-3707, an information exposure vulnerability in the web interface that allows an attacker to enumerate all files in the web tree by accessing a PHP file. The issue is described as a directory-listing / information disclosure flaw in OpenGns...

CVE-2024-3706

OpenGnsys, version 1.1.1d (Espeto), contains an information exposure vulnerability where an attacker can view the php backup file controlaccess.php-LAST, which stores database credentials. The issue is documented across multiple sources (NVD/CVE records) as a vulnerability with network-based acce...

CVE-2024-3704 SQL Injection vulnerability in OpenGnsys

SQL Injection Vulnerability has been found on OpenGnsys product affecting version 1.1.1d Espeto. This vulnerability allows an attacker to inject malicious SQL code into login page to bypass it or even retrieve all the information stored in the database...

CVE-2024-3704

OpenGnsys

PT-2024-27284 · Opengnsys · Opengnsys

Name of the Vulnerable Software and Affected Versions: OpenGnsys version 1.1.1d Espeto Description: The issue allows an attacker to enumerate all files in the web tree by accessing a php file. This is an information exposure vulnerability. Recommendations: For OpenGnsys version 1.1.1d Espeto,...

PT-2024-27255 · Espeto · Opengnsys

Name of the Vulnerable Software and Affected Versions: OpenGnsys version 1.1.1d Espeto Description: A SQL Injection issue has been discovered, allowing an attacker to inject malicious SQL code into the login page. This could enable the attacker to bypass the login or retrieve all the information...

SUSE CVE-2019-1549

OpenSSL 1.1.1 introduced a rewritten random number generator RNG. This was intended to include protection in the event of a fork system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A...

Debian DSA-4807-1 : openssl - security update

David Benjamin discovered a flaw in the GENERALNAMEcmp function which could cause a NULL dereference, resulting in denial of service. Additional details can be found in the upstream advisory: https://www.openssl.org/news/secadv/20201208.txt C Tenable Network Security, Inc. The descriptive text an...

openssl: information disclosure in fork()

OpenSSL 1.1.1 introduced a rewritten random number generator RNG. This was intended to include protection in the event of a fork system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A...