25 matches found
EUVD-2015-2668
Malware in sbrugna...
EUVD-2022-38836
Malicious code in bioql PyPI...
EUVD-2022-32491
Malicious code in bioql PyPI...
PT-2025-40429
Name of the Vulnerable Software and Affected Versions Traccar versions 5.8 through 6.0 Traccar versions 6.1 through 6.8.1 Description Traccar, an open source GPS tracking system, has a flaw that allows for unauthenticated local file inclusion attacks. This can result in the disclosure of password...
CVE-2024-21703
This Medium severity Security Misconfiguration vulnerability was introduced in version 8.8.1 of Confluence Data Center and Server for Windows installations. This Security Misconfiguration vulnerability, with a CVSS Score of 6.4 allows an authenticated attacker of the Windows host to read sensitiv...
CVE-2022-28005
An issue was discovered in the 3CX Phone System Management Console prior to version 18 Update 3 FINAL. An unauthenticated attacker could abuse improperly secured access to arbitrary files on the server via /Electron/download directory traversal in conjunction with a path component that uses...
Atlassian Confluence < 7.19.18 / 8.5.x < 8.5.5 / 8.7.x < 8.7.2 / 8.8.0 (CONFSERVER-98413)
The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-98413 advisory: - Affected versions of Atlassian Confluence Data Center in Windows installations contain a security misconfiguration in which the confluence.cfg.xml...
CVE-2024-39930
The built-in SSH server of Gogs through 0.13.0 allows argument injection in internal/ssh/ssh.go, leading to remote code execution. Authenticated attackers can exploit this by opening an SSH connection and sending a malicious --split-string env request if the built-in SSH server is activated...
CVE-2024-39930
The built-in SSH server of Gogs through 0.13.0 allows argument injection in internal/ssh/ssh.go, leading to remote code execution. Authenticated attackers can exploit this by opening an SSH connection and sending a malicious --split-string env request if the built-in SSH server is activated...
CVE-2024-39930
The built-in SSH server of Gogs through 0.13.0 allows argument injection in internal/ssh/ssh.go, leading to remote code execution. Authenticated attackers can exploit this by opening an SSH connection and sending a malicious --split-string env request if the built-in SSH server is activated...
CVE-2024-39930
CVE-2024-39930 affects the built-in SSH server in Gogs up to version 0.13.0, where argument injection in internal/ssh/ssh.go can lead to remote code execution when an authenticated user opens an SSH session and sends a malicious --split-string env request (Windows builds are unaffected). Public d...
CVE-2023-2685 Unquoted Service Path in ABB AO-OPC
A vulnerability was found in AO-OPC server versions mentioned above. As the directory information for the service entry is not enclosed in quotation marks, potential attackers could possibly call up another application than the AO-OPC server by starting the service. The service might be started...
SUSE CVE-2013-2231
Unquoted Windows search path vulnerability in the QEMU Guest Agent service for Red Hat Enterprise Linux Desktop 6, HPC Node 6, Server 6, Workstation 6, Desktop Supplementary 6, Server Supplementary 6, Supplementary AUS 6.4, Supplementary EUS 6.4.z, and Workstation Supplementary 6, when installing...
CVE-2022-36088
GoCD is a continuous delivery server. Windows installations via either the server or agent installers for GoCD prior to 22.2.0 do not adequately restrict permissions when installing outside of the default location. This could allow a malicious user with local access to the server GoCD Server or...
CVE-2022-36088 GoCD Windows installations outside default location inadequately restrict installation file permissions
GoCD is a continuous delivery server. Windows installations via either the server or agent installers for GoCD prior to 22.2.0 do not adequately restrict permissions when installing outside of the default location. This could allow a malicious user with local access to the server GoCD Server or...
CVE-2022-36088 GoCD Windows installations outside default location inadequately restrict installation file permissions
GoCD is a continuous delivery server. Windows installations via either the server or agent installers for GoCD prior to 22.2.0 do not adequately restrict permissions when installing outside of the default location. This could allow a malicious user with local access to the server GoCD Server or...
OS Command Injection in gogs
Impact The malicious user is able to upload a crafted config file into repository's .git directory with to gain SSH access to the server. All Windows installations with repository upload enabled default are affected. Patches Repository file uploads are prohibited to its .git directory. Users shou...
OS Command Injection in gogs
Impact The malicious user is able to upload a crafted config file into repository's .git directory with to gain SSH access to the server. All Windows installations with repository upload enabled default are affected. Patches Repository file uploads are prohibited to its .git directory. Users shou...
CVE-2022-28005
An issue was discovered in the 3CX Phone System Management Console prior to version 18 Update 3 FINAL. An unauthenticated attacker could abuse improperly secured access to arbitrary files on the server via /Electron/download directory traversal in conjunction with a path component that uses...
Directory traversal
An issue was discovered in the 3CX Phone System Management Console prior to version 18 Update 3 FINAL. An unauthenticated attacker could abuse improperly secured access to arbitrary files on the server via /Electron/download directory traversal in conjunction with a path component that uses...