88 matches found
CVE-2025-10158 Rsync: Out of bounds array access via negative index
A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The malicious rsync client requires at least read access to the remote rsync module in order to trigger the issue...
autottp
This is a Python wrapper for the PowerShell Empire API, a framework for penetration testing and red teaming. The wrapper provides a simple interface to interact with the Empire API, allowing users to automate tasks and sequences of actions. The wrapper is feature complete as of Empire 1.5.0 and...
EUVD-2013-4108
Malware in sbrugna...
EUVD-2008-4136
Malware in sbrugna...
EUVD-2002-0182
Malware in sbrugna...
EUVD-2019-11945
Malware in sbrugna...
EUVD-2009-2073
Malware in sbrugna...
EUVD-2015-7160
Malware in sbrugna...
EUVD-2008-6107
Malware in sbrugna...
EUVD-2008-4577
Malware in sbrugna...
EUVD-2023-48475
Malicious code in bioql PyPI...
EUVD-2025-8661
Malicious code in bioql PyPI...
EUVD-2025-26125
Malicious code in bioql PyPI...
EUVD-2023-34962
Malicious code in bioql PyPI...
GHSA-2FHW-2J7M-MR4M TYPO3 backend modules have Broken Access Control
Missing authorization checks in the Backend Routing of TYPO3 CMS versions 9.0.0‑9.5.54, 10.0.0‑10.4.53, 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to directly invoke AJAX backend routes without having access to the corresponding backend modules...
CVE-2025-59017 Broken Access Control in Backend AJAX Routes
Missing authorization checks in the Backend Routing of TYPO3 CMS versions 9.0.0‑9.5.54, 10.0.0‑10.4.53, 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to directly invoke AJAX backend routes without having access to the corresponding backend modules...
CVE-2025-59017
CVE-2025-59017 reports missing authorization checks in TYPO3 CMS backend routing: backend users can directly invoke AJAX backend routes without access to the corresponding backend modules. Affected versions are 9.0.0–9.5.54, 10.0.0–10.4.53, 11.0.0–11.5.47, 12.0.0–12.4.36, and 13.0.0–13.4.17. The ...
CVE-2025-10113
A security vulnerability has been detected in itsourcecode Student Information Management System 1.0. This affects an unknown function of the file /admin/modules/room/index.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit has...
CVE-2025-57758
Contao is an Open Source CMS. In versions starting from 5.0.0 and prior to 5.3.38 and 5.6.1, the table access voter in the back end doesn't check if a user is allowed to access the corresponding module. This issue has been patched in versions 5.3.38 and 5.6.1. A workaround involves not relying...
Incorrect Authorization
Overview contao/core-bundle is an Open Source PHP Content Management System for people who want a professional website that is easy to maintain. Affected versions of this package are vulnerable to Incorrect Authorization due to table access voter improper verification of a user permissions to...