Lucene search
K

44 matches found

EUVD
EUVD
added 5 days ago8 views

EUVD-2026-42736

Cotonti Siena 0.9.26 and earlier contains a cross-site request forgery vulnerability that allows unauthenticated attackers to modify administrator configuration by tricking a logged-in administrator into submitting a forged POST request to the admin.php config update handler, which never invokes...

8.8CVSS6.1AI score0.00175EPSS
Exploits0References3
NVD
NVD
added 6 days ago8 views

CVE-2026-58143

Cotonti Siena 0.9.26 and earlier contains a cross-site request forgery vulnerability that allows unauthenticated attackers to modify administrator configuration by tricking a logged-in administrator into submitting a forged POST request to the admin.php config update handler, which never invokes...

8.8CVSS0.00175EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 6 days ago8 views

CVE-2026-58144 Cotonti Siena 0.9.26 Stored XSS via PFS Module ntitle Parameter

Cotonti Siena 0.9.26 and earlier contains a stored cross-site scripting vulnerability that allows authenticated users with PFS access to inject arbitrary script payloads by supplying malicious HTML in the ntitle parameter processed through the TXT filter in pfs.main.php. Attackers can create a...

5.4CVSS6.2AI score0.00136EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago38 views

CVE-2026-58144 Cotonti Siena 0.9.26 Stored XSS via PFS Module ntitle Parameter

Cotonti Siena 0.9.26 and earlier contains a stored cross-site scripting vulnerability that allows authenticated users with PFS access to inject arbitrary script payloads by supplying malicious HTML in the ntitle parameter processed through the TXT filter in pfs.main.php. Attackers can create a...

5.4CVSS0.00136EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 6 days ago6 views

CVE-2026-58143

Cotonti Siena 0.9.26 and earlier contains a cross-site request forgery vulnerability that allows unauthenticated attackers to modify administrator configuration by tricking a logged-in administrator into submitting a forged POST request to the admin.php config update handler, which never invokes...

8.8CVSS6.1AI score0.00175EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 6 days ago8 views

PT-2026-57002

Name of the Vulnerable Software and Affected Versions Cotonti Siena versions prior to 0.9.27 Description A cross-site request forgery CSRF issue exists where unauthenticated attackers can modify administrator configurations. This occurs because the admin.php config update handler does not invoke...

8.8CVSS6.3AI score0.00175EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/18 6:46 a.m.25 views

CVE-2026-55746 Cotonti stored XSS via PFS folder title

Cotonti 1.0.0 master branch, commit f43f1fc3 is vulnerable to stored Cross-Site Scripting in the Personal File Storage PFS module. A folder title pfftitle is imported with the 'TXT' filter, which does not strip or encode HTML the tag check in cotimport is disabled, so an authenticated user can...

7.6CVSS0.00171EPSS
Exploits0References2
Exploit DB
Exploit DB
added 2023/04/05 12:0 a.m.1963 views

Binwalk v2.3.2 - Remote Command Execution (RCE)

Exploit Title: Binwalk v2.3.2 - Remote Command Execution RCE Exploit Author: Etienne Lacoche CVE-ID: CVE-2022-4510 import os import inspect import argparse print"" print"" print"------------------CVE-2022-4510----------------" print"" print"--------Binwalk Remote Command Execution--------"...

7.8CVSS7.6AI score0.22013EPSS
Exploits8
Veracode
Veracode
added 2023/03/13 1:2 a.m.25 views

Path Traversal

binwalk is vulnerable to Path Traversal. By crafting a malicious PFS file, an attacker is able to get the PFS extractor to extract files at arbitrary locations when binwalk is run in extraction mode which may result in remote code executions...

7.8CVSS7.6AI score0.22013EPSS
Exploits8References3Affected Software1
OSV
OSV
added 2023/03/01 9:14 p.m.13 views

MGASA-2023-0074 Updated binwalk packages fix security vulnerability

Remote code execution using crafted PFS filesystem. CVE-2022-4510...

7.8CVSS7.8AI score0.22013EPSS
Exploits8References4
Mageia
Mageia
added 2023/03/01 9:14 p.m.46 views

Updated binwalk packages fix security vulnerability

Remote code execution using crafted PFS filesystem. CVE-2022-4510...

7.8CVSS3AI score0.22013EPSS
Exploits8References3
OSV
OSV
added 2023/01/26 9:30 p.m.22 views

GHSA-3CM8-V4MC-GPPG Path traversal in binwalk

A path traversal vulnerability was identified in ReFirm Labs binwalk from version 2.1.2b through 2.3.3 inclusive. By crafting a malicious PFS filesystem file, an attacker can get binwalk's PFS extractor to extract files at arbitrary locations when binwalk is run in extraction mode -e option. Remo...

7.8CVSS7.7AI score0.22013EPSS
Exploits8References5
Github Security Blog
Github Security Blog
added 2023/01/26 9:30 p.m.39 views

Path traversal in binwalk

A path traversal vulnerability was identified in ReFirm Labs binwalk from version 2.1.2b through 2.3.3 inclusive. By crafting a malicious PFS filesystem file, an attacker can get binwalk's PFS extractor to extract files at arbitrary locations when binwalk is run in extraction mode -e option. Remo...

7.8CVSS7.7AI score0.22013EPSS
Exploits8References5Affected Software1
NVD
NVD
added 2023/01/26 9:18 p.m.18 views

CVE-2022-4510

A path traversal vulnerability was identified in ReFirm Labs binwalk from version 2.1.2b through 2.3.3 included. By crafting a malicious PFS filesystem file, an attacker can get binwalk's PFS extractor to extract files at arbitrary locations when binwalk is run in extraction mode -e option. Remot...

7.8CVSS7.8AI score0.22013EPSS
Exploits8References3
OSV
OSV
added 2023/01/26 9:18 p.m.1 views

DEBIAN-CVE-2022-4510

A path traversal vulnerability was identified in ReFirm Labs binwalk from version 2.1.2b through 2.3.3 included. By crafting a malicious PFS filesystem file, an attacker can get binwalk's PFS extractor to extract files at arbitrary locations when binwalk is run in extraction mode -e option. Remot...

7.8CVSS7.1AI score0.22013EPSS
Exploits8References1
Prion
Prion
added 2023/01/26 9:18 p.m.18 views

Path traversal

A path traversal vulnerability was identified in ReFirm Labs binwalk from version 2.1.2b through 2.3.3 included. By crafting a malicious PFS filesystem file, an attacker can get binwalk's PFS extractor to extract files at arbitrary locations when binwalk is run in extraction mode -e option. Remot...

4.4CVSS7.7AI score0.22013EPSS
Exploits8References2Affected Software1
UbuntuCve
UbuntuCve
added 2023/01/26 9:18 p.m.40 views

CVE-2022-4510

A path traversal vulnerability was identified in ReFirm Labs binwalk from version 2.1.2b through 2.3.3 included. By crafting a malicious PFS filesystem file, an attacker can get binwalk's PFS extractor to extract files at arbitrary locations when binwalk is run in extraction mode -e option. Remot...

7.8CVSS7.3AI score0.22013EPSS
Exploits8References3
OSV
OSV
added 2023/01/26 9:18 p.m.5 views

UBUNTU-CVE-2022-4510

A path traversal vulnerability was identified in ReFirm Labs binwalk from version 2.1.2b through 2.3.3 included. By crafting a malicious PFS filesystem file, an attacker can get binwalk's PFS extractor to extract files at arbitrary locations when binwalk is run in extraction mode -e option. Remot...

7.8CVSS6.3AI score0.22013EPSS
Exploits8References4
CNNVD
CNNVD
added 2023/01/26 12:0 a.m.7 views

Binwalk 路径遍历漏洞

Binwalk is a fast, easy-to-use tool from ReFirm Labs open source. It is used to analyze, reverse engineer and extract firmware images. A path traversal vulnerability exists in ReFirm Labs Binwalk versions 2.1.2b through 2.3.2, which stems from the presence of a path traversal that allows an...

7.8CVSS6.6AI score0.22013EPSS
Exploits8References4
Cvelist
Cvelist
added 2023/01/25 12:25 p.m.40 views

CVE-2022-4510 Path Traversal in binwalk

A path traversal vulnerability was identified in ReFirm Labs binwalk from version 2.1.2b through 2.3.3 included. By crafting a malicious PFS filesystem file, an attacker can get binwalk's PFS extractor to extract files at arbitrary locations when binwalk is run in extraction mode -e option. Remot...

7.8CVSS8AI score0.22013EPSS
Exploits8References2
Rows per page
Query Builder