EUVD-2017-15399

Malware in sbrugna...

EUVD-2020-11546

Malware in sbrugna...

EUVD-2019-9275

Malware in sbrugna...

EUVD-2024-50922

Malicious code in bioql PyPI...

CVE-2019-19665

A CSRF vulnerability exists in the FTP Settings of Web File Manager in Rumpus FTP 8.2.9.1. Exploitation of this vulnerability can result in manipulation of Server FTP settings at RAPR/FTPSettingsSet.html...

CVE-2024-12511

CVE-2024-12511 is a Xerox VersaLink pass-back vulnerability affecting VersaLink MFPs (C7020/7025/7030 series) up to firmware 57.69.91. An attacker with printer/admin access and configured SMB/FTP scan could alter the user address book to redirect SMB/FTP traffic to a rogue host, allowing capture ...

PT-2025-1875

Name of the Vulnerable Software and Affected Versions HP affected versions not specified Description With access to the address book, an attacker could modify SMB/FTP settings, redirect scans, and possibly capture credentials. This requires enabled scan functions and printer access. Recommendatio...

EulerOS 2.0 SP10 : curl (EulerOS-SA-2023-1798)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A vulnerability in input validation exists in curl 8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously...

[SECURITY] [DLA 3398-1] curl security update

Debian LTS Advisory DLA-3398-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany April 21, 2023 https://wiki.debian.org/LTS Package : curl Version : 7.64.0-4+deb10u6 CVE ID : CVE-2023-27533 CVE-2023-27535 CVE-2023-27536 CVE-2023-27538 Several security vulnerabilitie...

OESA-2023-1194 curl security update

cURL is a computer software project providing a library libcurl and command-line tool curl for transferring data using various protocols. Security Fixes: libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However,...

CVE-2023-27535

An authentication bypass vulnerability exists in libcurl 8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain...

CVE-2023-27535

A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, several FTP settings were left out from the configuration match checks, making them match too easily. The problematic...

WP Database Backup < 5.9 - Admin+ Stored Cross-Site Scripting

The plugin does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup Put the following payload in any of the Destination FTP Settings: "...

WP Database Backup < 5.9 - Admin+ Stored Cross-Site Scripting

The plugin does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup PoC Put the following payload in any of the Destination FTP Settings...

INSMA Wifi Mini Spy 1080P HD Security IP Camera Cross-Site Scripting Vulnerability

INSMA Wifi Mini Spy 1080P HD Security IP Camera is a camera from INSMA USA. A cross-site scripting vulnerability exists in INSMA Wifi Mini Spy 1080P HD Security IP Camera version 1.9.7 B. The vulnerability originates from entering the "goform formSetFtpCfg" settings page via all fields of the FTP...

CVE-2020-19643

Cross Site Scripting XSS vulnerability in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B via all fields in the FTP settings page to the "goform/formSetFtpCfg" settings page...

Cross site scripting

Cross Site Scripting XSS vulnerability in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B via all fields in the FTP settings page to the "goform/formSetFtpCfg" settings page...

CVE-2020-19643

CVE-2020-19643 affects the INSMA Wifi Mini Spy 1080P HD Security IP Camera (firmware version 1.9.7 B). The issue is a Cross-Site Scripting (XSS) vulnerability that originates from inputs in the FTP settings page, exploitable through the goform/formSetFtpCfg endpoint. The CVSS data indicates a net...

CVE-2020-19643

Cross Site Scripting XSS vulnerability in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B via all fields in the FTP settings page to the "goform/formSetFtpCfg" settings page...

INSMA Wifi Mini Spy 1080P HD Security IP Camera 跨站脚本漏洞

INSMA Wifi Mini Spy 1080P HD Security IP Camera is a camera from INSMA USA. A cross-site scripting vulnerability exists in INSMA Wifi Mini Spy 1080P HD Security IP Camera version 1.9.7 B. The vulnerability originates from entering the "goform formSetFtpCfg" settings page via all fields of the FTP...