Devolutions Server 安全漏洞

Devolutions Server is an application system developed by the Canadian company Devolutions. It provides a fully functional solution for shared accounts and password management. Versions of Devolutions Server from 2026.1.1 to 2026.1.11, as well as those from 2025.3.1 to 2025.3.17, have security...

EUVD-2020-6358

Malware in sbrugna...

EUVD-2013-1679

Malware in sbrugna...

CVE-2013-1648

The Subscriptions feature in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 does not properly validate the publication-source URL, which allows remote authenticated users to trigger arbitrary outbound TCP traffic via a crafted Source field, as demonstrated b...

PT-2024-29655 · Unknown · Biscuit-Java

Name of the Vulnerable Software and Affected Versions: biscuit-java versions prior to 4.0.0 Description: The issue concerns the generation of third-party blocks for authentication and authorization tokens in microservices architectures. A malicious user can forge a third-party block request,...

CVE-2024-6299

Conduit versions prior to v0.8.0 are affected by CVE-2024-6299 due to improper handling of key expiry during signature validation. An attacker who has compromised an expired key can forge requests to the remote server and craft PDUs with timestamps past expiry. The root cause is lack of considera...

PT-2024-40355 · Packagist · Typo3/Cms

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned Description: The issue concerns a brute force protection mechanism in the backend login system. This mechanism pauses for 5 seconds when incorrect credentials are provided. However, it is possible to...

SUSE CVE-2023-49081

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request e.g. to insert a new header or create a new HTTP request if the attacker controls the HTTP version. The vulnerability only occurs if the...

Cross Site Request Forgery in concrete5/concrete5

A cross-site request forgery vulnerability exists in Concrete CMS v9 that could allow an attacker to make requests on behalf of other users...

Code Snippets < 2.14.0 - CSRF to RCE

This "flaw allowed anybody to forge a request on behalf of an administrator and inject executable code on a vulnerable site." PoC...

CVE-2018-12564

CVE-2018-12564 affects LAVA (lava-server) where support for URLs in the submit page can be abused to force lava-server-gunicorn to read arbitrary server files readable by lavaserver and containing valid YAML. Impact per the sources is information disclosure (no explicit compromise of integrity/av...

Tiandy IP Cameras 5.56.17.120 - Sensitive Information Disclosure

Tiandy IP Cameras 5.56.17.120 - Sensitive Information Disclosure Vulnerability Summary The following advisory describes sensitive information Disclosure found in Tiandy IP cameras version 5.56.17.120 Tianjin Tiandy Digital Technology Co., Ltd Tiandy Tech is “one of top 10 leading CCTV manufacture...

Design/Logic Flaw

The Subscriptions feature in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 does not properly validate the publication-source URL, which allows remote authenticated users to trigger arbitrary outbound TCP traffic via a crafted Source field, as demonstrated b...

CVE-2013-1648

The Subscriptions feature in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 does not properly validate the publication-source URL, which allows remote authenticated users to trigger arbitrary outbound TCP traffic via a crafted Source field, as demonstrated b...

Web commands injection through FTP Login in Synology Disk Station - CVE-2010-2453

Check Point Software Technologies - Vulnerability Discovery Team VDT http://www.checkpoint.com/defense/ Web commands injection through FTP Login in Synology Disk Station CVE-2010-2453 INTRODUCTION Synology Inc develops high-performance, reliable, versatile, and environmentally-friendly Network...

Synology Disk Station Code Execution / Cross Site Request Forgery / Cross Site Scripting

Check Point Software Technologies - Vulnerability Discovery Team VDT http://www.checkpoint.com/defense/ Web commands injection through FTP Login in Synology Disk Station CVE-2010-2453 INTRODUCTION Synology Inc develops high-performance, reliable, versatile, and environmentally-friendly Network...

FreeBSD : ikiwiki -- cross site request forging (8d2c0ce1-08b6-11dd-94b4-0016d325a0ed)

The ikiwiki development team reports : Cross Site Request Forging could be used to construct a link that would change a logged-in user's password or other preferences if they clicked on the link. It could also be used to construct a link that would cause a wiki page to be modified by a logged-in...

ikiwiki -- cross site request forging

The ikiwiki development team reports: Cross Site Request Forging could be used to construct a link that would change a logged-in user's password or other preferences if they clicked on the link. It could also be used to construct a link that would cause a wiki page to be modified by a logged-in...