SUSE CVE-2017-1000065

Multiple Cross-site scripting XSS vulnerabilities in rpc.php in OpenMediaVault release 2.1 in Access Rights ManagementUsers functionality allows attackers to inject arbitrary web scripts and execute malicious scripts within an authenticated client's browser...

EUVD-2017-1385

Malware in sbrugna...

EUVD-2025-25593

Malicious code in bioql PyPI...

Openmediavault <= 7.4.17 Privilege Escalation Vulnerability.

Openmediavault is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2025-50674

An issue was discovered in the changePassword method in file /usr/share/php/openmediavault/system/user.inc in OpenMediaVault 7.4.17 allowing local authenticated attackers to escalate privileges to root...

CVE-2025-50674

An issue was discovered in the changePassword method in file /usr/share/php/openmediavault/system/user.inc in OpenMediaVault 7.4.17 allowing local authenticated attackers to escalate privileges to root...

CVE-2025-50674

An issue was discovered in the changePassword method in file /usr/share/php/openmediavault/system/user.inc in OpenMediaVault 7.4.17 allowing local authenticated attackers to escalate privileges to root...

CVE-2025-50674

OpenMediaVault 7.4.17 has a local privilege-escalation flaw in the changePassword function (/usr/share/php/openmediavault/system/user.inc). The underlying issue allows a locally authenticated user to elevate privileges to root. CVSSv3.1 base metrics indicate: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (...

CVE-2025-50674

An issue was discovered in the changePassword method in file /usr/share/php/openmediavault/system/user.inc in OpenMediaVault 7.4.17 allowing local authenticated attackers to escalate privileges to root...

openmediavault 安全漏洞

openmediavault is openmediavault open source a Debian Linux based network storage NAS solution. It includes services such as SSH, SFTP, SMB / CIFS, DAAP media server, RSync, BitTorrent client and more. Due to the modular design of the framework, it can be enhanced with plugins. A security...

CVE-2025-50674

An issue was discovered in the changePassword method in file /usr/share/php/openmediavault/system/user.inc in OpenMediaVault 7.4.17 allowing local authenticated attackers to escalate privileges to root...

PT-2025-34372 · Unknown · Openmediavault

Name of the Vulnerable Software and Affected Versions: OpenMediaVault version 7.4.17 Description: An issue was discovered in the changePassword function within the /usr/share/php/openmediavault/system/user.inc file, allowing local authenticated attackers to escalate privileges to root...

CVE-2020-26124

openmediavault before 4.1.36 and 5.x before 5.5.12 allows authenticated PHP code injection attacks, via the sortfield POST parameter of rpc.php, because jsonencodesafe is not used in config/databasebackend.inc. Successful exploitation allows arbitrary command execution on the underlying operating...

OpenMediaVault 7.4.2-2 Code Injection

============================================================================================================================================= | Title : OpenMediaVault 7.4.2-2 Code Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.2 6...

GeoServer 2.25.1 Code Injection

============================================================================================================================================= | Title : GeoServer 2.25.1 Code Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.2 64 bits...

Metasploit Weekly Wrap-Up 08/02/2024

Metasploit goes to Hacker Summer Camp Next week, Metasploit will have demos at both Black Hat and DEF CON where the latest functionality from this year will be presented. The Black Hat demo will be on Thursday the 8th from 10:10 to 11:25 and the DEF CON demo will be on Saturday the 10th from 12:0...

OpenMediaVault rpc.php Authenticated Cron Remote Code Execution Exploit

OpenMediaVault allows an authenticated user to create cron jobs as root on the system. An attacker can abuse this by sending a POST request via rpc.php to schedule and execute a cron entry that runs arbitrary commands as root on the system. All OpenMediaVault versions including the latest release...

OpenMediaVault rpc.php Authenticated Cron Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'OpenMediaVault rpc.php Authenticated Cron Remote Code Execution', 'Description' = %q OpenMediaVault allows an authenticated user to create cron...

OpenMediaVault rpc.php Authenticated Cron Remote Code Execution

OpenMediaVault allows an authenticated user to create cron jobs as root on the system. An attacker can abuse this by sending a POST request via rpc.php to schedule and execute a cron entry that runs arbitrary commands as root on the system. All OpenMediaVault versions including the latest release...

Openmediavault Remote Code Execution / Local Privilege Escalation Exploit

Openmediavault versions prior to 7.0.32 have a vulnerability that occurs when users in the web-admin group enter commands on the crontab by selecting the root shell. As a result of exploiting the vulnerability, authenticated web-admin users can run commands with root privileges and receive revers...