PT-2026-36018

Name of the Vulnerable Software and Affected Versions Plack::Middleware::XSendfile versions prior to 1.0053 Description Plack::Middleware::XSendfile allows the variation setting sendfile type to be controlled by the client via the X-Sendfile-Type header if it is not defined in the middleware...

EUVD-2021-24901

Malware in sbrugna...

EUVD-2011-0420

Malware in sbrugna...

Polska Akademia Dostępności CMS 代码问题漏洞

Polska Akademia Dostępności CMS is an accessible web content management system from Polska Akademia Dostępności, Poland. A code issue vulnerability exists in Polska Akademia Dostępności CMS that stems from a client control permission check parameter and could lead to remote code execution...

[SECURITY] Fedora 41 Update: kubernetes1.32-1.32.6-1.fc41

Production-Grade Container Scheduling and Management. Installs kubelet, the kubernetes agent on each machine in a cluster. The kubernetes-client sub-package, containing kubectl, is recommended but not strictly required. The kubernetes-client sub-package should be installed on control plane machin...

BIT-OPENFIRE-2020-35200

Ignite Realtime Openfire 4.6.0 has plugins/clientcontrol/spark-form.jsp Reflective XSS...

CVE-2022-32742

A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file or printer instead of client-supplied data. The client cannot control the area of the...

Design/Logic Flaw

A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file or printer instead of client-supplied data. The client cannot control the area of the...

CVE-2022-32742

A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file or printer instead of client-supplied data. The client cannot control the area of the...

April 25, 2022—KB5012637 (OS Build 20348.681) Preview

April 25, 2022—KB5012637 OS Build 20348.681 Preview For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows Server 2022, see its update history page. Note Follow @WindowsUpdate to find ou...

CVE-2021-38449

Some API functions permit by-design writing or copying data into a given buffer. Since the client controls these parameters, an attacker could rewrite the memory in any location of the affected product...

Ignite Realtime Openfire Cross-Site Scripting Vulnerability

Ignite Realtime Openfire is a cross-platform open source Real-Time Collaboration RTC server developed by the Ignite Realtime community in Java and based on XMPP formerly known as Jabber, Instant Messaging Protocol, which is capable of building efficient instant messaging servers and supporting te...

CVE-2018-19093

An issue has been found in libIEC61850 v1.3. It is a SEGV in ControlObjectClientsetCommandTerminationHandler in client/clientcontrol.c. NOTE: the software maintainer disputes this because it requires incorrect usage of the clientexamplecontrol program...

[SECURITY] Fedora 28 Update: libssh-0.8.4-1.fc28

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, tra nsfer files, use a secure and transparent tunnel for your remote...

Ansible: Compromised remote hosts can lead to running commands on the Ansible controller

An input validation vulnerability was found in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server...

Poet - A simple Post-Exploitation Tool

The client program runs on the target machine and is configured with an IP address the server to connect to and a frequency to connect at. If the server isn't running when the client tries to connect, the client quietly sleeps and tries again at the next interval. If the server is running however...

[SECURITY] Fedora 21 Update: libssh-0.6.4-1.fc21

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, tra nsfer files, use a secure and transparent tunnel for your remote...

[SECURITY] Fedora 19 Update: libssh-0.6.3-1.fc19

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, tra nsfer files, use a secure and transparent tunnel for your remote...

[SECURITY] Fedora 17 Update: libssh-0.5.3-1.fc17

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, transfer files, use a secure and transparent tunnel for your remote...

Cisco Unified Communications Manager Skinny Client Control Protocol Vulnerabilities

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...