129 matches found
PT-2021-7995 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a buffer overflow in the io provide buffers prep function, which could allow a remote attacker to impact the confidentiality, integrity, and availability of dat...
gyogyexpressz.com Cross Site Scripting vulnerability OBB-1435048
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
mobilityonetransportation.com Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1162912 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website...
Vastgota-Data ProVide Admin Web Interface Cross-Site Scripting Vulnerability
Vastgota-Data ProVide is a file transfer server with a graphical user interface from Vastgota-Data, Sweden. A cross-site scripting vulnerability exists in the Admin Web Interface in Vastgota-Data ProVide 13.1 and earlier versions. The vulnerability stems from a lack of proper validation of client...
Vastgota-Data ProVide Elevation of Privilege Vulnerability
Vastgota-Data ProVide is a file transfer server with a graphical user interface from Vastgota-Data, Sweden. A security vulnerability exists in Vastgota-Data ProVide 13.1 and earlier versions. The vulnerability can be exploited by an attacker to elevate privileges with the help of the 'messages'...
Vastgota-Data ProVide User Web Interface Cross-Site Scripting Vulnerability
Vastgota-Data ProVide is a file transfer server with a graphical user interface from Vastgota-Data, Sweden. A cross-site request forgery vulnerability exists in the user web interface in Vastgota-Data ProVide 13.1 and prior versions. The vulnerability stems from the WEB application not adequately...
Vastgota-Data ProVide Injection Vulnerability
Vastgota-Data ProVide is a file transfer server with a graphical user interface from Vastgota-Data, Sweden. An injection vulnerability exists in /ajax/GetInheritedProperties in Vastgota-Data ProVide 13.1 and earlier versions. The vulnerability arises from a lack of proper validation of user input...
Vastgota-Data ProVide Input Validation Error Vulnerability
Vastgota-Data ProVide is a file transfer server with a graphical user interface from Vastgota-Data, Sweden. A security vulnerability exists in Vastgota-Data ProVide version 13.1 and earlier. An attacker can exploit the vulnerability to bypass sandbox restrictions and take full control of the devi...
Vastgota-Data Cross-Site Request Forgery Vulnerability
Vastgota-Data ProVide is a file transfer server with a graphical user interface from Vastgota-Data, Sweden. A cross-site request forgery vulnerability exists in the user web interface in Vastgota-Data ProVide 13.1 and prior versions. The vulnerability stems from the WEB application not adequately...
Vastgota-Data ProVide Path Traversal Vulnerability
Vastgota-Data ProVide is a file transfer server with a graphical user interface from Vastgota-Data, Sweden. A security vulnerability exists in ajax/ImportCertificate in Vastgota-Data ProVide 13.1 and earlier versions. An attacker can exploit the vulnerability to load an arbitrary certificate in...
CVE-2020-11708
An issue was discovered in ProVide formerly zFTPServer through 13.1. Privilege escalation can occur via the /ajax/SetUserInfo messages parameter because of the EXECUTE feature, which is for executing programs when certain events are triggered...
CVE-2020-11707
An issue was discovered in ProVide formerly zFTPServer through 13.1. It doesn't enforce permission over Windows Symlinks or Junctions. As a result, a low-privileged user non-admin can craft a Junction Link in a directory he has full control of, breaking out of the sandbox...
CVE-2020-11706
An issue was discovered in ProVide formerly zFTPServer through 13.1. The Admin Interface allows CSRF for actions such as: Change any username and password, admin ones included; Create/Delete users; Enable/Disable Services; Set a rogue update proxy; and Shutdown the server...
CVE-2020-11705
An issue was discovered in ProVide formerly zFTPServer through 13.1. /ajax/ImportCertificate allows an attacker to load an arbitrary certificate in .pfx format or overwrite arbitrary files via the fileName parameter...
CVE-2020-11708
An issue was discovered in ProVide formerly zFTPServer through 13.1. Privilege escalation can occur via the /ajax/SetUserInfo messages parameter because of the EXECUTE feature, which is for executing programs when certain events are triggered...
CVE-2020-11705
An issue was discovered in ProVide formerly zFTPServer through 13.1. /ajax/ImportCertificate allows an attacker to load an arbitrary certificate in .pfx format or overwrite arbitrary files via the fileName parameter...
CVE-2020-11701
An issue was discovered in ProVide formerly zFTPServer through 13.1. CSRF exists in the User Web Interface, as demonstrated by granting filesystem access to the public for uploading and deleting files and directories...
CVE-2020-11704
An issue was discovered in ProVide formerly zFTPServer through 13.1. The Admin Web Interface has Multiple Stored and Reflected XSS. GetInheritedProperties is Reflected via the groups parameter. GetUserInfo is Reflected via POST data. SetUserInfo is Stored via the general parameter...
CVE-2020-11703
An issue was discovered in ProVide formerly zFTPServer through 13.1. /ajax/GetInheritedProperties allows HTTP Response Splitting via the language parameter...
CVE-2020-11704
An issue was discovered in ProVide formerly zFTPServer through 13.1. The Admin Web Interface has Multiple Stored and Reflected XSS. GetInheritedProperties is Reflected via the groups parameter. GetUserInfo is Reflected via POST data. SetUserInfo is Stored via the general parameter...