20 matches found
EUVD-2026-33061
Usagi-org ai-goofish-monitor contains an unauthenticated arbitrary file read vulnerability in the GET /api/prompts/filename endpoint on Windows deployments that allows unauthenticated remote attackers to read arbitrary files by supplying absolute Windows paths or backslash-based traversal...
ai-goofish-monitor 安全漏洞
ai-goofish-monitor is an AI-based multi-task real-time monitoring and web management tool developed by Usagi-org. There is a security vulnerability in ai-goofish-monitor. This vulnerability stems from the GET /api/prompts/filename endpoint in Windows deployments, which contains an unvalidated...
CVE-2025-40541
An Insecure Direct Object Reference IDOR vulnerability exists in Serv-U, which when exploited, gives a malicious actor the ability to execute native code as a privileged account. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because...
CVE-2025-40541
An Insecure Direct Object Reference IDOR vulnerability exists in Serv-U, which when exploited, gives a malicious actor the ability to execute native code as a privileged account. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because...
CVE-2025-40540
CVE-2025-40540 describes a type-confusion vulnerability in SolarWinds Serv-U that enables arbitrary native code execution with privileged account context when exploited. Affected software is Serv-U; the underlying issue is a type confusion in the product’s code path that can be triggered over the...
EUVD-2025-207545
A type confusion vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to execute arbitrary native code as privileged account. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services...
CVE-2025-40538
A broken access control vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to create a system admin user and execute arbitrary code as a privileged account via domain admin or group admin privileges. This issue requires administrative privileges to abuse. On...
PT-2026-21667
Name of the Vulnerable Software and Affected Versions Serv-U versions prior to 15.5.4 Serv-U 15.5 Description A broken access control issue exists in Serv-U, potentially allowing a malicious actor with administrative privileges to create a system administrator user and execute arbitrary code with...
EUVD-2010-5308
Malware in sbrugna...
CVE-2025-34194
Vasion Print (PrinterLogic) Virtual Appliance Host (pre-25.1.102) and Windows client deployments (pre-25.1.1413) are affected by an insecure temporary-file handling issue in the PrinterInstallerClient component. The software creates files as NT AUTHORITY\SYSTEM inside a user-controlled Temp path ...
CVE-2010-20112
Amlib’s NetOpacs webquery.dll contains a stack-based buffer overflow vulnerability triggered by improper handling of HTTP GET parameters. Specifically, the application fails to enforce bounds on input supplied to the app parameter, allowing excessive data to overwrite memory structures including...
CVE-2010-20112
Amlib’s NetOpacs webquery.dll contains a stack-based buffer overflow vulnerability triggered by improper handling of HTTP GET parameters. Specifically, the application fails to enforce bounds on input supplied to the app parameter, allowing excessive data to overwrite memory structures including...
CVE-2010-20112 Amlibweb NetOpacs webquery.dll Stack Buffer Overflow
Amlib’s NetOpacs webquery.dll contains a stack-based buffer overflow vulnerability triggered by improper handling of HTTP GET parameters. Specifically, the application fails to enforce bounds on input supplied to the app parameter, allowing excessive data to overwrite memory structures including...
CVE-2010-20112
CVE-2010-20112 affects Amlib NetOpacs webquery.dll. The vulnerability is a stack-based buffer overflow triggered by improper handling of HTTP GET parameters, where bounds on the app parameter are not enforced, allowing data to overwrite memory structures including the SEH. Malformed parameter nam...
PT-2025-34287 · Undefined · Undefined
Amlib’s NetOpacs webquery.dll contains a stack-based buffer overflow vulnerability triggered by improper handling of HTTP GET parameters. Specifically, the application fails to enforce bounds on input supplied to the app parameter, allowing excessive data to overwrite memory structures including...
CVE-2023-39026
Directory Traversal vulnerability in FileMage Gateway Windows Deployments v.1.10.8 and before allows a remote attacker to obtain sensitive information via a crafted request to the /mgmt/ component...
CVE-2023-39026
Directory Traversal vulnerability in FileMage Gateway Windows Deployments v.1.10.8 and before allows a remote attacker to obtain sensitive information via a crafted request to the /mgmt/ component...
Directory traversal
Directory Traversal vulnerability in FileMage Gateway Windows Deployments v.1.10.8 and before allows a remote attacker to obtain sensitive information via a crafted request to the /mgmt/ component...
CVE-2023-39026
Directory Traversal vulnerability in FileMage Gateway Windows Deployments v.1.10.8 and before allows a remote attacker to obtain sensitive information via a crafted request to the /mgmt/ component...
CVE-2023-39026
Directory Traversal vulnerability in FileMage Gateway Windows Deployments v.1.10.8 and before allows a remote attacker to obtain sensitive information via a crafted request to the /mgmt/ component...