282 matches found
PT-2025-48357
Name of the Vulnerable Software and Affected Versions Kiteworks MFT versions prior to 9.1.0 Description Kiteworks MFT orchestrates end-to-end file transfer workflows. A flaw exists where a user’s active session may not properly time out due to inactivity under certain circumstances. This issue wa...
PT-2025-48358
Name of the Vulnerable Software and Affected Versions Kiteworks MFT versions prior to 9.1.0 Description Kiteworks MFT orchestrates end-to-end file transfer workflows. Versions of the software prior to 9.1.0 contain a flaw that could allow an external attacker to access log information from the...
EUVD-2016-6606
Malware in sbrugna...
EUVD-2016-6607
Malware in sbrugna...
EUVD-2021-18480
Malware in sbrugna...
EUVD-2021-18479
Malware in sbrugna...
EUVD-2017-18356
Malware in sbrugna...
EUVD-2016-6608
Malware in sbrugna...
EUVD-2024-25230
Malicious code in bioql PyPI...
EUVD-2022-29022
Malicious code in bioql PyPI...
EUVD-2024-25231
Malicious code in bioql PyPI...
EUVD-2023-59662
Malicious code in bioql PyPI...
CVE-2022-24110
Kiteworks MFT 7.5 may allow an unauthorized user to reset other users' passwords. This is fixed in version 7.6 and later...
CVE-2024-28063
Kiteworks Totemomail through 7.0.0 allows /responsiveUI/EnvelopeOpenServlet envelopeRecipient reflected XSS...
CVE-2024-28064
Kiteworks Totemomail 7.x and 8.x before 8.3.0 allows /responsiveUI/EnvelopeOpenServlet messageId directory traversal for unauthenticated file read and delete operations with displayLoginChunkedImages and write operations with storeLoginChunkedImages...
CVE-2023-7273
Cross site request forgery in Kiteworks OwnCloud allows an unauthenticated attacker to forge requests. If a request has no Authorization header, it is created with an empty string as value by a rewrite rule. The CSRF check is done by comparing the header value to null, meaning that the existing...
CVE-2023-7273
The CVE-2023-7273 entry concerns Kiteworks OwnCloud and is supported by multiple sources indicating a Cross-Site Request Forgery (CSRF) vulnerability. Affected component/condition: CSRF in Kiteworks OwnCloud where, if a request has no Authorization header, the rewrite rule assigns an empty string...
CVE-2023-7273 Cross Site Request Forgery in Kiteworks OwnCloud
Cross site request forgery in Kiteworks OwnCloud allows an unauthenticated attacker to forge requests. If a request has no Authorization header, it is created with an empty string as value by a rewrite rule. The CSRF check is done by comparing the header value to null, meaning that the existing...
CVE-2023-7273 Cross Site Request Forgery in Kiteworks OwnCloud
Cross site request forgery in Kiteworks OwnCloud allows an unauthenticated attacker to forge requests. If a request has no Authorization header, it is created with an empty string as value by a rewrite rule. The CSRF check is done by comparing the header value to null, meaning that the existing...
PT-2024-15265 · Kiteworks · Kiteworks Owncloud
Name of the Vulnerable Software and Affected Versions: Kiteworks OwnCloud affected versions not specified Description: Cross site request forgery in Kiteworks OwnCloud allows an unauthenticated attacker to forge requests. If a request has no Authorization header, it is created with an empty strin...