CVE-2024-41665

Ampache, a web based audio/video streaming application and file manager, has a stored cross-site scripting XSS vulnerability in versions prior to 6.6.0. This vulnerability exists in the "Playlists - Democratic - Configure Democratic Playlist" feature. An attacker with Content Manager permissions...

EUVD-2007-4421

Malware in sbrugna...

EUVD-2006-5653

Malware in sbrugna...

EUVD-2024-45362

Malicious code in bioql PyPI...

EUVD-2024-45363

Malicious code in bioql PyPI...

EUVD-2022-51989

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2022-4665

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Unrestricted Upload of File with Dangerous Type in GitHub repository ampache/ampache prior to 5.5.6. CVE-2022-4665 Note that Nessus relies on the presence of th...

Linux Distros Unpatched Vulnerability : CVE-2023-0606

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cross-site Scripting XSS - Reflected in GitHub repository ampache/ampache prior to 5.5.7. CVE-2023-0606 Note that Nessus relies on the presence of the package a...

Linux Distros Unpatched Vulnerability : CVE-2017-18375

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ampache 3.8.3 allows PHP Object Instantiation via democratic.ajax.php and democratic.class.php. CVE-2017-18375 Note that Nessus relies on the presence of the...

Linux Distros Unpatched Vulnerability : CVE-2024-28853

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ampache is a web based audio/video streaming application and file manager. Stored Cross Site Scripting XSS vulnerability in ampache before v6.3.1 allows a remot...

Linux Distros Unpatched Vulnerability : CVE-2023-0771

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SQL Injection in GitHub repository ampache/ampache prior to 5.5.7,develop. CVE-2023-0771 Note that Nessus relies on the presence of the package as reported by t...

Linux Distros Unpatched Vulnerability : CVE-2024-47828

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ampache is a web based audio/video streaming application and file manager. A CSRF attack can be performed in order to delete objects Playlist, smartlist etc...

Linux Distros Unpatched Vulnerability : CVE-2024-51144

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cross Site Request Forgery CSRF vulnerability exists in the 'pvmsg.php?action=addmessage', pvmsg.php?action=confirmdelete , and...

Linux Distros Unpatched Vulnerability : CVE-2024-28852

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ampache is a web based audio/video streaming application and file manager. Ampache has multiple reflective XSS vulnerabilities,this means that all forms in the...

Linux Distros Unpatched Vulnerability : CVE-2020-15153

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ampache before version 4.2.2 allows unauthenticated users to perform SQL injection. Refer to the referenced GitHub Security Advisory for details and a workaroun...

Linux Distros Unpatched Vulnerability : CVE-2024-51488

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing does not adequately validate CSRF tokens...

CVE-2024-51485

Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing fails to properly validate CSRF tokens when activating or deactivating plugins. This vulnerability allows an attacker to exploit CSRF attacks, potentially enabling them to change...

CVE-2024-51487

Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing fails to properly validate CSRF tokens when activating or deactivating catalog. This vulnerability allows an attacker to exploit CSRF attacks, potentially enabling them to change...

CVE-2024-51484

Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing fails to properly validate CSRF tokens when activating or deactivating controllers. This vulnerability allows an attacker to exploit CSRF attacks, potentially enabling them to...

CVE-2024-51486

Ampache is a web based audio/video streaming application and file manager. The vulnerability exists in the interface section of the Ampache menu, where users can change the "Custom URL - Favicon". This section is not properly sanitized, allowing for the input of strings that can execute JavaScrip...