30 matches found
EUVD-2019-2626
Malware in sbrugna...
EUVD-2019-2627
Malware in sbrugna...
EUVD-2018-12789
Malware in sbrugna...
CVE-2025-10669
A vulnerability was detected in Airsonic-Advanced up to 10.6.0. This vulnerability affects unknown code of the component Playlist Upload Handler. Performing manipulation results in unrestricted upload. It is possible to initiate the attack remotely. The exploit is now public and may be used...
CVE-2025-10669
A vulnerability was detected in Airsonic-Advanced up to 10.6.0. This vulnerability affects unknown code of the component Playlist Upload Handler. Performing manipulation results in unrestricted upload. It is possible to initiate the attack remotely. The exploit is now public and may be used...
CVE-2025-10669 Airsonic-Advanced Playlist Upload unrestricted upload
A vulnerability was detected in Airsonic-Advanced up to 10.6.0. This vulnerability affects unknown code of the component Playlist Upload Handler. Performing manipulation results in unrestricted upload. It is possible to initiate the attack remotely. The exploit is now public and may be used...
CVE-2025-10669 Airsonic-Advanced Playlist Upload unrestricted upload
A vulnerability was detected in Airsonic-Advanced up to 10.6.0. This vulnerability affects unknown code of the component Playlist Upload Handler. Performing manipulation results in unrestricted upload. It is possible to initiate the attack remotely. The exploit is now public and may be used...
CVE-2025-10669
CVE-2025-10669 affects Airsonic-Advanced up to version 10.6.0 and is linked to the Playlist Upload Handler. The issue allows manipulation leading to unrestricted uploads, with remote initiation possible and public exploits available. Several sources (including PT-2025-38382) indicate a fix is to ...
PT-2025-38382
Name of the Vulnerable Software and Affected Versions Airsonic-Advanced versions prior to 10.6.1 Description A vulnerability exists in Airsonic-Advanced up to version 10.6.0 within the Playlist Upload Handler component. Manipulation of the component allows for unrestricted file uploads, and the...
Airsonic-Advanced 代码问题漏洞
Airsonic-Advanced is an open source music streaming server from Airsonic. A code issue vulnerability exists in Airsonic-Advanced version 10.6.0 and earlier, which stems from the Playlist Upload Handler component not limiting uploads, which could lead to remote attacks...
CVE-2019-10907
Airsonic 10.2.1 uses Spring's default remember-me mechanism based on MD5, with a fixed key of airsonic in GlobalSecurityConfig.java. An attacker able to capture cookies might be able to trivially bruteforce offline the passwords of associated users...
CVE-2019-10908
In Airsonic 10.2.1, RecoverController.java generates passwords via org.apache.commons.lang.RandomStringUtils, which uses java.util.Random internally. This PRNG has a 48-bit seed that can easily be bruteforced, leading to trivial privilege escalation attacks...
Airsonic Trust Management Issues Vulnerabilities
Airsonic is a web-based streaming server. A security vulnerability exists in Airsonic version 10.2.1. An attacker can exploit the vulnerability to brute-force break passwords...
Airsonic Encryption Issues Vulnerabilities
Airsonic is a web-based streaming server. A security vulnerability exists in Airsonic version 10.2.1. An attacker can exploit the vulnerability to brute-force break passwords...
Airsonic XXE Vulnerability
Airsonic is a free and open source community-driven media server that provides access to music. Airsonic versions prior to 10.1.2 are vulnerable to an XXE XML External Entity Injection vulnerability during parsing. No detailed vulnerability details are provided at this time...
Privilege escalation
In Airsonic 10.2.1, RecoverController.java generates passwords via org.apache.commons.lang.RandomStringUtils, which uses java.util.Random internally. This PRNG has a 48-bit seed that can easily be bruteforced, leading to trivial privilege escalation attacks...
CVE-2019-10907
Airsonic 10.2.1 uses Spring's default remember-me mechanism based on MD5, with a fixed key of airsonic in GlobalSecurityConfig.java. An attacker able to capture cookies might be able to trivially bruteforce offline the passwords of associated users...
Default credentials
Airsonic 10.2.1 uses Spring's default remember-me mechanism based on MD5, with a fixed key of airsonic in GlobalSecurityConfig.java. An attacker able to capture cookies might be able to trivially bruteforce offline the passwords of associated users...
CVE-2019-10908
In Airsonic 10.2.1, RecoverController.java generates passwords via org.apache.commons.lang.RandomStringUtils, which uses java.util.Random internally. This PRNG has a 48-bit seed that can easily be bruteforced, leading to trivial privilege escalation attacks...
CVE-2019-10908
In Airsonic 10.2.1, RecoverController.java generates passwords via org.apache.commons.lang.RandomStringUtils, which uses java.util.Random internally. This PRNG has a 48-bit seed that can easily be bruteforced, leading to trivial privilege escalation attacks...